Solved Hard drive cluster/system check virus

M

MONALOVE80

Posts: 38   +0
I Did a system restore on my computer on the Jan. 16th ended up with a virus I assume is called system check. I used my anti-virus software called CA Security System, which detected about 9 virus. Then I started getting error messages such as the hard drive cluster error message and how my ram memory was extremely low.

Today I googled what exactly this type of error message was because I thought I needed new ram memory. I found out it was a virus through this website. I already had Malwarebytes installed on my computer and was in the process of running a full scan when I came across the the five step removal. After the scan finished i began removing the virus and immediately had to shut down and system check started popping up as well. When I restarted my computer my background was blue with no icons. So, i immediately shut down and went into safe mode. I hope you can help me walk through this removal process because I don't want to damage my computer in the process.
 
MBAM-log

This is what I got from malware:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mona :: MONIQUE [administrator]

1/19/2012 11:26:23 AM
mbam-log-2012-01-19 (11-26-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334177
Time elapsed: 1 hour(s), 43 minute(s), 55 second(s)

Memory Processes Detected: 3
C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> 2112 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> 5944 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\EX45vFk6aoeoSF.exe (Rogue.FakeAlert) -> 5320 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gfUomFNvRQL.exe (Trojan.FakeAV) -> Data: C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\EX45vFk6aoeoSF.exe (Rogue.FakeAlert) -> Delete on reboot.

(end)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni,

This is the results from GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-19 15:06:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75V0A0 rev.05.01D05
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfldypog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A7E32C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A7E32C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A7E32C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A7E32C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A7E32C6

---- EOF - GMER 1.0.15 ----
 
In step 4 it states After downloading the tool, disable any script blocking protection.

How would I find and do this?
 
DDS-log

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 15:28:35 on 2012-01-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PMX Daemon] ICO.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Optimum Online net guide] "c:\program files\optimum online\Netsurf.exe" -trayicon
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{EFEF9639-8120-46E7-BD1A-AEF26EF609D2} : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\x69pucg2.default\
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-19 16:20:51 -------- d-----w- c:\documents and settings\all users\application data\PCDr
2012-01-19 16:18:23 -------- d-----w- c:\program files\Dell Support Center
2012-01-16 20:33:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 19:17:05 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-16 19:17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 16:42:52 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
.
==================== Find3M ====================
.
2011-12-25 00:19:30 9072 ----a-w- c:\windows\system32\drivers\28046
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AAKS-75V0A0 rev.05.01D05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7E349F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7ea738]; MOV EAX, [0x8a7ea8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8ADF0AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006f[0x8AE37DF8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8ADF3940]
\Driver\atapi[0x8ADC5380] -> IRP_MJ_CREATE -> 0x8A7E349F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A7E32C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:29:33.75 ===============
 
Attach-log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AntiPhishing
APH placeholder
ATI Catalyst Control Center
ATI Display Driver
AudibleManager
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone
BlackBerry USB Drivers
BLOCKBUSTER Movielink
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
Carbonite Online Backup Setup
CDDRV_Installer
Conexant D850 PCI V.92 Modem
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Dell Driver Reset Tool
Dell Support Center
Digital Line Detect
DNAMigrator
GoToAssist Corporate
GPS Image Tracker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Codec Pack 4.7.0 (Full)
KhalInstallWrapper
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SiteAdvisor
MegaStat 9.1
MegaStat Excel 2007
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mouse Suite for Desktop Computers
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
muvee Reveal Seagate Edition
Netwaiting
Optimum Online net guide
Picture Package Music Transfer
Professor Answers
Professor Teaches Access 2007
Professor Teaches Accounting Fundamentals
Professor Teaches Business Planning
Professor Teaches Excel 2007
Professor Teaches Excel 2007 Advanced
Professor Teaches Outlook 2007
Professor Teaches PowerPoint 2007
Professor Teaches PowerPoint 2007 Advanced
Professor Teaches QuickBooks 2010
Professor Teaches Word 2007
Professor Teaches Word 2007 Advanced
Qurb
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sony Picture Utility
Sony USB Driver
Times Reader
Typing Quick & Easy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
V CAST Music with Rhapsody
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
ZENcast Organizer
Zynga Toolbar
.
==== End Of File ===========================
 
Run the tool listed below and then restart in normal mode and see how things are.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKILLER-log

In normal mode my computer background is still blue, my desktop has no icons, and my start up menu is missing features. Took me a moment to figure out how to access my computer since there's no icon and it wasn't in the start menu.

Here's the log info:
17:04:01.0562 1928 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
17:04:01.0734 1928 ============================================================
17:04:01.0734 1928 Current date / time: 2012/01/19 17:04:01.0734
17:04:01.0734 1928 SystemInfo:
17:04:01.0734 1928
17:04:01.0734 1928 OS Version: 5.1.2600 ServicePack: 3.0
17:04:01.0734 1928 Product type: Workstation
17:04:01.0734 1928 ComputerName: MONIQUE
17:04:01.0734 1928 UserName: Administrator
17:04:01.0734 1928 Windows directory: C:\WINDOWS
17:04:01.0734 1928 System windows directory: C:\WINDOWS
17:04:01.0734 1928 Processor architecture: Intel x86
17:04:01.0734 1928 Number of processors: 2
17:04:01.0734 1928 Page size: 0x1000
17:04:01.0734 1928 Boot type: Safe boot with network
17:04:01.0734 1928 ============================================================
17:04:03.0750 1928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:04:03.0906 1928 Initialize success
17:04:13.0390 1248 ============================================================
17:04:13.0390 1248 Scan started
17:04:13.0390 1248 Mode: Manual;
17:04:13.0390 1248 ============================================================
17:04:14.0406 1248 23084 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23084
17:04:14.0406 1248 23084 - ok
17:04:14.0421 1248 23236 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23236
17:04:14.0421 1248 23236 - ok
17:04:14.0453 1248 28046 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\28046
17:04:14.0453 1248 28046 - ok
17:04:14.0468 1248 4135 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\4135
17:04:14.0468 1248 4135 - ok
17:04:14.0484 1248 Abiosdsk - ok
17:04:14.0500 1248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:04:14.0500 1248 abp480n5 - ok
17:04:14.0531 1248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:04:14.0546 1248 ACPI - ok
17:04:14.0546 1248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:04:14.0546 1248 ACPIEC - ok
17:04:14.0562 1248 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:04:14.0562 1248 adpu160m - ok
17:04:14.0609 1248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:04:14.0609 1248 aec - ok
17:04:14.0640 1248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:04:14.0640 1248 AFD - ok
17:04:14.0656 1248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:04:14.0656 1248 agp440 - ok
17:04:14.0671 1248 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:04:14.0671 1248 agpCPQ - ok
17:04:14.0687 1248 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:04:14.0687 1248 Aha154x - ok
17:04:14.0703 1248 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:04:14.0703 1248 aic78u2 - ok
17:04:14.0718 1248 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:04:14.0718 1248 aic78xx - ok
17:04:14.0750 1248 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:04:14.0750 1248 AliIde - ok
17:04:14.0765 1248 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:04:14.0765 1248 alim1541 - ok
17:04:14.0796 1248 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:04:14.0796 1248 amdagp - ok
17:04:14.0828 1248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:04:14.0828 1248 amsint - ok
17:04:14.0843 1248 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:04:14.0843 1248 asc - ok
17:04:14.0859 1248 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:04:14.0859 1248 asc3350p - ok
17:04:14.0875 1248 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:04:14.0875 1248 asc3550 - ok
17:04:14.0921 1248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:04:14.0921 1248 AsyncMac - ok
17:04:14.0937 1248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:04:14.0937 1248 atapi - ok
17:04:14.0953 1248 Atdisk - ok
17:04:15.0031 1248 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:04:15.0078 1248 ati2mtag - ok
17:04:15.0125 1248 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:04:15.0125 1248 AtiHdmiService - ok
17:04:15.0140 1248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:04:15.0140 1248 Atmarpc - ok
17:04:15.0171 1248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:04:15.0171 1248 audstub - ok
17:04:15.0203 1248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:04:15.0203 1248 Beep - ok
17:04:15.0250 1248 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:04:15.0250 1248 cbidf - ok
17:04:15.0265 1248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:04:15.0265 1248 cbidf2k - ok
17:04:15.0281 1248 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:04:15.0281 1248 cd20xrnt - ok
17:04:15.0312 1248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:04:15.0328 1248 Cdaudio - ok
17:04:15.0343 1248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:04:15.0343 1248 Cdfs - ok
17:04:15.0359 1248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:04:15.0359 1248 Cdrom - ok
17:04:15.0359 1248 Changer - ok
17:04:15.0406 1248 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:04:15.0406 1248 CmdIde - ok
17:04:15.0437 1248 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:04:15.0437 1248 Cpqarray - ok
17:04:15.0500 1248 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:04:15.0500 1248 dac2w2k - ok
17:04:15.0500 1248 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:04:15.0500 1248 dac960nt - ok
17:04:15.0531 1248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:04:15.0531 1248 Disk - ok
17:04:15.0578 1248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:04:15.0578 1248 dmboot - ok
17:04:15.0593 1248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:04:15.0593 1248 dmio - ok
17:04:15.0609 1248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:04:15.0609 1248 dmload - ok
17:04:15.0671 1248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:04:15.0671 1248 DMusic - ok
17:04:15.0687 1248 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:04:15.0687 1248 dpti2o - ok
17:04:15.0718 1248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:04:15.0718 1248 drmkaud - ok
17:04:15.0750 1248 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:04:15.0765 1248 e1express - ok
17:04:15.0812 1248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:04:15.0812 1248 Fastfat - ok
17:04:15.0843 1248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:04:15.0843 1248 Fdc - ok
17:04:15.0875 1248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:04:15.0875 1248 Fips - ok
17:04:15.0890 1248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:04:15.0890 1248 Flpydisk - ok
17:04:15.0906 1248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:04:15.0906 1248 FltMgr - ok
17:04:15.0937 1248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:04:15.0937 1248 Fs_Rec - ok
17:04:15.0953 1248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:04:15.0953 1248 Ftdisk - ok
17:04:16.0000 1248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:04:16.0000 1248 Gpc - ok
17:04:16.0015 1248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:04:16.0015 1248 HDAudBus - ok
17:04:16.0062 1248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:04:16.0062 1248 hidusb - ok
17:04:16.0093 1248 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:04:16.0093 1248 hpn - ok
17:04:16.0125 1248 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:04:16.0125 1248 HSFHWBS2 - ok
17:04:16.0156 1248 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:04:16.0156 1248 HSF_DPV - ok
17:04:16.0187 1248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:04:16.0187 1248 HTTP - ok
17:04:16.0203 1248 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:04:16.0203 1248 i2omgmt - ok
17:04:16.0234 1248 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:04:16.0234 1248 i2omp - ok
17:04:16.0250 1248 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
17:04:16.0250 1248 iaStor - ok
17:04:16.0296 1248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:04:16.0296 1248 Imapi - ok
17:04:16.0343 1248 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:04:16.0343 1248 ini910u - ok
17:04:16.0453 1248 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:04:16.0500 1248 IntcAzAudAddService - ok
17:04:16.0531 1248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:04:16.0531 1248 IntelIde - ok
17:04:16.0546 1248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:04:16.0546 1248 intelppm - ok
17:04:16.0578 1248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:04:16.0578 1248 Ip6Fw - ok
17:04:16.0578 1248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:04:16.0578 1248 IpFilterDriver - ok
17:04:16.0625 1248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:04:16.0625 1248 IpInIp - ok
17:04:16.0656 1248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:04:16.0656 1248 IpNat - ok
17:04:16.0671 1248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:04:16.0671 1248 IPSec - ok
17:04:16.0703 1248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:04:16.0703 1248 IRENUM - ok
17:04:16.0734 1248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:04:16.0734 1248 isapnp - ok
17:04:16.0796 1248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:04:16.0796 1248 Kbdclass - ok
17:04:16.0812 1248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:04:16.0812 1248 kbdhid - ok
17:04:16.0859 1248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:04:16.0859 1248 kmixer - ok
17:04:16.0890 1248 KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
17:04:16.0890 1248 KmxAgent - ok
17:04:16.0906 1248 KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
17:04:16.0906 1248 KmxAMRT - ok
17:04:16.0937 1248 KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
17:04:16.0937 1248 KmxCF - ok
17:04:16.0953 1248 KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
17:04:16.0968 1248 KmxCfg - ok
17:04:16.0968 1248 KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
17:04:16.0968 1248 KmxFile - ok
17:04:17.0000 1248 KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
17:04:17.0000 1248 KmxFw - ok
17:04:17.0031 1248 KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
17:04:17.0031 1248 KmxSbx - ok
17:04:17.0046 1248 KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
17:04:17.0046 1248 KmxStart - ok
17:04:17.0078 1248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:04:17.0078 1248 KSecDD - ok
17:04:17.0109 1248 LBeepKE (6a61ba203ba8de6d5f9ca4fe5aecf0a1) C:\WINDOWS\system32\Drivers\LBeepKE.sys
17:04:17.0109 1248 LBeepKE - ok
17:04:17.0125 1248 lbrtfdc - ok
17:04:17.0171 1248 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:04:17.0171 1248 LHidFilt - ok
17:04:17.0203 1248 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:04:17.0203 1248 LMouFilt - ok
17:04:17.0234 1248 MCSTRM - ok
17:04:17.0281 1248 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:04:17.0281 1248 mdmxsdk - ok
17:04:17.0296 1248 mnegmu - ok
17:04:17.0328 1248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:04:17.0328 1248 mnmdd - ok
17:04:17.0343 1248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:04:17.0343 1248 Modem - ok
17:04:17.0359 1248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:04:17.0359 1248 Mouclass - ok
17:04:17.0390 1248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:04:17.0390 1248 mouhid - ok
17:04:17.0406 1248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:04:17.0406 1248 MountMgr - ok
17:04:17.0437 1248 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:04:17.0437 1248 mraid35x - ok
17:04:17.0453 1248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:04:17.0453 1248 MRxDAV - ok
17:04:17.0484 1248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:04:17.0484 1248 MRxSmb - ok
17:04:17.0515 1248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:04:17.0515 1248 Msfs - ok
17:04:17.0546 1248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:04:17.0546 1248 MSKSSRV - ok
17:04:17.0546 1248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:04:17.0546 1248 MSPCLOCK - ok
17:04:17.0562 1248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:04:17.0562 1248 MSPQM - ok
17:04:17.0593 1248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:04:17.0593 1248 mssmbios - ok
17:04:17.0625 1248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:04:17.0625 1248 Mup - ok
17:04:17.0640 1248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:04:17.0656 1248 NDIS - ok
17:04:17.0687 1248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:04:17.0703 1248 NdisTapi - ok
17:04:17.0703 1248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:04:17.0703 1248 Ndisuio - ok
17:04:17.0718 1248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:04:17.0718 1248 NdisWan - ok
17:04:17.0750 1248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:04:17.0750 1248 NDProxy - ok
17:04:17.0765 1248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:04:17.0765 1248 NetBIOS - ok
17:04:17.0796 1248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:04:17.0796 1248 NetBT - ok
17:04:17.0859 1248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:04:17.0859 1248 Npfs - ok
17:04:17.0875 1248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:04:17.0890 1248 Ntfs - ok
17:04:17.0906 1248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:04:17.0906 1248 Null - ok
17:04:17.0937 1248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:04:17.0937 1248 NwlnkFlt - ok
17:04:17.0968 1248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:04:17.0968 1248 NwlnkFwd - ok
17:04:18.0031 1248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:04:18.0031 1248 Parport - ok
17:04:18.0031 1248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:04:18.0031 1248 PartMgr - ok
17:04:18.0062 1248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:04:18.0062 1248 ParVdm - ok
17:04:18.0375 1248 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
17:04:18.0406 1248 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
17:04:18.0406 1248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:04:18.0406 1248 PCI - ok
17:04:18.0421 1248 PCIDump - ok
17:04:18.0453 1248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:04:18.0453 1248 PCIIde - ok
17:04:18.0484 1248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:04:18.0484 1248 Pcmcia - ok
17:04:18.0484 1248 PDCOMP - ok
17:04:18.0500 1248 PDFRAME - ok
17:04:18.0515 1248 PDRELI - ok
17:04:18.0531 1248 PDRFRAME - ok
17:04:18.0546 1248 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:04:18.0562 1248 perc2 - ok
17:04:18.0578 1248 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:04:18.0578 1248 perc2hib - ok
17:04:18.0640 1248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:04:18.0640 1248 PptpMiniport - ok
17:04:18.0656 1248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:04:18.0671 1248 PSched - ok
17:04:18.0687 1248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:04:18.0687 1248 Ptilink - ok
17:04:18.0703 1248 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:04:18.0703 1248 PxHelp20 - ok
17:04:18.0718 1248 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:04:18.0718 1248 ql1080 - ok
17:04:18.0734 1248 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:04:18.0734 1248 Ql10wnt - ok
17:04:18.0750 1248 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:04:18.0750 1248 ql12160 - ok
17:04:18.0765 1248 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:04:18.0781 1248 ql1240 - ok
17:04:18.0781 1248 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:04:18.0796 1248 ql1280 - ok
17:04:18.0828 1248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:04:18.0828 1248 RasAcd - ok
17:04:18.0843 1248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:04:18.0843 1248 Rasl2tp - ok
17:04:18.0859 1248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:04:18.0859 1248 RasPppoe - ok
17:04:18.0875 1248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:04:18.0875 1248 Raspti - ok
17:04:18.0906 1248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:04:18.0906 1248 Rdbss - ok
17:04:18.0921 1248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:04:18.0921 1248 RDPCDD - ok
17:04:18.0937 1248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:04:18.0937 1248 rdpdr - ok
17:04:19.0000 1248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:04:19.0000 1248 RDPWD - ok
17:04:19.0046 1248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:04:19.0046 1248 redbook - ok
17:04:19.0078 1248 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
17:04:19.0093 1248 RimUsb - ok
17:04:19.0093 1248 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:04:19.0109 1248 RimVSerPort - ok
17:04:19.0125 1248 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:04:19.0125 1248 ROOTMODEM - ok
17:04:19.0187 1248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:04:19.0187 1248 Secdrv - ok
17:04:19.0234 1248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:04:19.0234 1248 Serial - ok
17:04:19.0265 1248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:04:19.0265 1248 Sfloppy - ok
17:04:19.0296 1248 Simbad - ok
17:04:19.0328 1248 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:04:19.0328 1248 sisagp - ok
17:04:19.0343 1248 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:04:19.0343 1248 Sparrow - ok
17:04:19.0390 1248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:04:19.0390 1248 splitter - ok
17:04:19.0421 1248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:04:19.0421 1248 sr - ok
17:04:19.0453 1248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:04:19.0468 1248 Srv - ok
17:04:19.0468 1248 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
17:04:19.0468 1248 sscdbus - ok
17:04:19.0515 1248 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
17:04:19.0515 1248 sscdmdfl - ok
17:04:19.0531 1248 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
17:04:19.0531 1248 sscdmdm - ok
17:04:19.0546 1248 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
17:04:19.0546 1248 sscdserd - ok
17:04:19.0593 1248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:04:19.0593 1248 swenum - ok
17:04:19.0640 1248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:04:19.0640 1248 swmidi - ok
17:04:19.0671 1248 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:04:19.0671 1248 symc810 - ok
17:04:19.0687 1248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:04:19.0687 1248 symc8xx - ok
17:04:19.0703 1248 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:04:19.0703 1248 sym_hi - ok
17:04:19.0718 1248 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:04:19.0718 1248 sym_u3 - ok
17:04:19.0750 1248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:04:19.0750 1248 sysaudio - ok
17:04:19.0812 1248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:04:19.0828 1248 Tcpip - ok
17:04:19.0843 1248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:04:19.0843 1248 TDPIPE - ok
17:04:19.0875 1248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:04:19.0875 1248 TDTCP - ok
17:04:19.0906 1248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:04:19.0906 1248 TermDD - ok
17:04:19.0953 1248 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:04:19.0953 1248 TosIde - ok
17:04:19.0984 1248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:04:19.0984 1248 Udfs - ok
17:04:19.0984 1248 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:04:19.0984 1248 ultra - ok
17:04:20.0015 1248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:04:20.0015 1248 Update - ok
17:04:20.0078 1248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:04:20.0078 1248 usbccgp - ok
17:04:20.0109 1248 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:04:20.0109 1248 usbehci - ok
17:04:20.0156 1248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:04:20.0156 1248 usbhub - ok
17:04:20.0187 1248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:04:20.0187 1248 usbprint - ok
17:04:20.0234 1248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:04:20.0234 1248 usbscan - ok
17:04:20.0250 1248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:04:20.0250 1248 USBSTOR - ok
17:04:20.0265 1248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:04:20.0265 1248 usbuhci - ok
17:04:20.0281 1248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:04:20.0281 1248 VgaSave - ok
17:04:20.0312 1248 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:04:20.0312 1248 viaagp - ok
17:04:20.0312 1248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:04:20.0312 1248 ViaIde - ok
17:04:20.0343 1248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:04:20.0343 1248 VolSnap - ok
17:04:20.0375 1248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:04:20.0375 1248 Wanarp - ok
17:04:20.0406 1248 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:04:20.0421 1248 Wdf01000 - ok
17:04:20.0421 1248 WDICA - ok
17:04:20.0468 1248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:04:20.0468 1248 wdmaud - ok
17:04:20.0500 1248 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:04:20.0500 1248 winachsf - ok
17:04:20.0578 1248 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:04:20.0578 1248 WmiAcpi - ok
17:04:20.0656 1248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:04:20.0656 1248 WpdUsb - ok
17:04:20.0671 1248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:04:20.0671 1248 WS2IFSL - ok
17:04:20.0718 1248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:04:20.0718 1248 WudfPf - ok
17:04:20.0734 1248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:04:20.0734 1248 WudfRd - ok
17:04:20.0781 1248 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
17:04:20.0812 1248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:04:20.0812 1248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:04:20.0843 1248 Boot (0x1200) (7a1d682dad0954d9a5cb001a1654805a) \Device\Harddisk0\DR0\Partition0
17:04:20.0843 1248 \Device\Harddisk0\DR0\Partition0 - ok
17:04:20.0843 1248 ============================================================
17:04:20.0843 1248 Scan finished
17:04:20.0843 1248 ============================================================
17:04:20.0875 1100 Detected object count: 1
17:04:20.0875 1100 Actual detected object count: 1
17:04:49.0734 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:04:49.0734 1100 \Device\Harddisk0\DR0 - ok
17:04:49.0734 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:05:34.0296 2496 Deinitialize success
 
See if you can change background manually.

Then....

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
I was able to manually change my background. However, I tried unhide twice and it didn't work. The first time it asked me to disable antivirus protection which can interfere with the process. I disabled it and ran it again, nothing. I did the next two steps.

aswMBR log:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 18:05:19
-----------------------------
18:05:19.494 OS Version: Windows 5.1.2600 Service Pack 3
18:05:19.494 Number of processors: 2 586 0x1706
18:05:19.494 ComputerName: MONIQUE UserName: Mona
18:05:21.588 Initialize success
18:07:13.719 AVAST engine defs: 12011902
18:07:25.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:07:25.000 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
18:07:25.000 Device \Driver\atapi -> DriverStartIo 8a70a2c6
18:07:25.000 Disk 0 MBR read successfully
18:07:25.000 Disk 0 MBR scan
18:07:25.047 Disk 0 MBR:pihar-C [Rtk]
18:07:25.047 Disk 0 TDL4@MBR code has been found
18:07:25.047 Disk 0 MBR hidden
18:07:25.047 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:07:25.063 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476890 MB offset 96390
18:07:25.079 Disk 0 MBR [TDL4] **ROOTKIT**
18:07:25.079 Disk 0 trace - called modules:
18:07:25.079 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a70a49f]<<
18:07:25.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af7aab8]
18:07:25.094 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8afb5258]
18:07:25.094 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8af65940]
18:07:25.110 \Driver\atapi[0x89915938] -> IRP_MJ_CREATE -> 0x8a70a49f
18:07:26.047 AVAST engine scan C:\WINDOWS
18:07:36.282 AVAST engine scan C:\WINDOWS\system32
18:08:36.223 AVAST engine scan C:\WINDOWS\system32\drivers
18:08:43.567 AVAST engine scan C:\Documents and Settings\Mona
18:14:07.568 AVAST engine scan C:\Documents and Settings\All Users
18:14:44.851 Scan finished successfully
18:15:23.884 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:15:23.884 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR-log.txt"


bootkit_remover log:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
18:54:19.0128 5920 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:54:19.0456 5920 ============================================================
18:54:19.0456 5920 Current date / time: 2012/01/19 18:54:19.0456
18:54:19.0456 5920 SystemInfo:
18:54:19.0456 5920
18:54:19.0456 5920 OS Version: 5.1.2600 ServicePack: 3.0
18:54:19.0456 5920 Product type: Workstation
18:54:19.0456 5920 ComputerName: MONIQUE
18:54:19.0456 5920 UserName: Mona
18:54:19.0456 5920 Windows directory: C:\WINDOWS
18:54:19.0456 5920 System windows directory: C:\WINDOWS
18:54:19.0456 5920 Processor architecture: Intel x86
18:54:19.0456 5920 Number of processors: 2
18:54:19.0456 5920 Page size: 0x1000
18:54:19.0456 5920 Boot type: Normal boot
18:54:19.0456 5920 ============================================================
18:54:21.0675 5920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:54:21.0847 5920 Initialize success
18:54:52.0785 8076 ============================================================
18:54:52.0785 8076 Scan started
18:54:52.0785 8076 Mode: Manual;
18:54:52.0785 8076 ============================================================
18:54:53.0597 8076 Scan interrupted by user!
18:54:53.0597 8076 Scan interrupted by user!
18:54:53.0597 8076 Scan interrupted by user!
18:54:53.0597 8076 ============================================================
18:54:53.0597 8076 Scan finished
18:54:53.0597 8076 ============================================================
18:54:53.0613 8068 Detected object count: 0
18:54:53.0613 8068 Actual detected object count: 0
18:55:23.0926 8160 ============================================================
18:55:23.0926 8160 Scan started
18:55:23.0926 8160 Mode: Manual;
18:55:23.0926 8160 ============================================================
18:55:24.0426 8160 23084 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23084
18:55:24.0426 8160 23084 - ok
18:55:24.0458 8160 23236 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23236
18:55:24.0458 8160 23236 - ok
18:55:24.0473 8160 28046 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\28046
18:55:24.0473 8160 28046 - ok
18:55:24.0489 8160 4135 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\4135
18:55:24.0489 8160 4135 - ok
18:55:24.0504 8160 Abiosdsk - ok
18:55:24.0551 8160 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:55:24.0551 8160 abp480n5 - ok
18:55:24.0567 8160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:24.0583 8160 ACPI - ok
18:55:24.0583 8160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:55:24.0583 8160 ACPIEC - ok
18:55:24.0598 8160 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:55:24.0598 8160 adpu160m - ok
18:55:24.0645 8160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:55:24.0645 8160 aec - ok
18:55:24.0692 8160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:55:24.0692 8160 AFD - ok
18:55:24.0692 8160 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:55:24.0708 8160 agp440 - ok
18:55:24.0708 8160 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:55:24.0708 8160 agpCPQ - ok
18:55:24.0723 8160 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:55:24.0723 8160 Aha154x - ok
18:55:24.0739 8160 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:55:24.0739 8160 aic78u2 - ok
18:55:24.0739 8160 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:55:24.0739 8160 aic78xx - ok
18:55:24.0770 8160 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:55:24.0770 8160 AliIde - ok
18:55:24.0786 8160 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:55:24.0786 8160 alim1541 - ok
18:55:24.0786 8160 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:55:24.0786 8160 amdagp - ok
18:55:24.0801 8160 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:55:24.0801 8160 amsint - ok
18:55:24.0801 8160 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:55:24.0817 8160 asc - ok
18:55:24.0817 8160 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:55:24.0817 8160 asc3350p - ok
18:55:24.0833 8160 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:55:24.0833 8160 asc3550 - ok
18:55:24.0864 8160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:55:24.0864 8160 AsyncMac - ok
18:55:24.0879 8160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:55:24.0879 8160 atapi - ok
18:55:24.0879 8160 Atdisk - ok
18:55:24.0958 8160 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:55:25.0004 8160 ati2mtag - ok
18:55:25.0067 8160 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:55:25.0083 8160 AtiHdmiService - ok
18:55:25.0083 8160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:55:25.0098 8160 Atmarpc - ok
18:55:25.0098 8160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:55:25.0114 8160 audstub - ok
18:55:25.0129 8160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:55:25.0129 8160 Beep - ok
18:55:25.0161 8160 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:55:25.0161 8160 cbidf - ok
18:55:25.0176 8160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:55:25.0176 8160 cbidf2k - ok
18:55:25.0192 8160 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:55:25.0192 8160 cd20xrnt - ok
18:55:25.0208 8160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:55:25.0208 8160 Cdaudio - ok
18:55:25.0223 8160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:55:25.0223 8160 Cdfs - ok
18:55:25.0239 8160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:55:25.0239 8160 Cdrom - ok
18:55:25.0254 8160 Changer - ok
18:55:25.0286 8160 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:55:25.0286 8160 CmdIde - ok
18:55:25.0301 8160 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:55:25.0317 8160 Cpqarray - ok
18:55:25.0348 8160 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:55:25.0348 8160 dac2w2k - ok
18:55:25.0364 8160 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:55:25.0364 8160 dac960nt - ok
18:55:25.0379 8160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:55:25.0379 8160 Disk - ok
18:55:25.0395 8160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:55:25.0411 8160 dmboot - ok
18:55:25.0426 8160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:55:25.0442 8160 dmio - ok
18:55:25.0442 8160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:55:25.0442 8160 dmload - ok
18:55:25.0473 8160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:55:25.0473 8160 DMusic - ok
18:55:25.0489 8160 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:55:25.0489 8160 dpti2o - ok
18:55:25.0504 8160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:55:25.0504 8160 drmkaud - ok
18:55:25.0520 8160 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:55:25.0520 8160 e1express - ok
18:55:25.0551 8160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:55:25.0567 8160 Fastfat - ok
18:55:25.0583 8160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:55:25.0583 8160 Fdc - ok
18:55:25.0645 8160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:55:25.0645 8160 Fips - ok
18:55:25.0661 8160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:55:25.0661 8160 Flpydisk - ok
18:55:25.0676 8160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:55:25.0676 8160 FltMgr - ok
18:55:25.0692 8160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:55:25.0708 8160 Fs_Rec - ok
18:55:25.0708 8160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:55:25.0723 8160 Ftdisk - ok
18:55:25.0723 8160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:55:25.0739 8160 Gpc - ok
18:55:25.0754 8160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:55:25.0754 8160 HDAudBus - ok
18:55:25.0786 8160 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:55:25.0801 8160 hidusb - ok
18:55:25.0817 8160 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:55:25.0833 8160 hpn - ok
18:55:25.0848 8160 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:55:25.0848 8160 HSFHWBS2 - ok
18:55:25.0864 8160 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:55:25.0895 8160 HSF_DPV - ok
18:55:25.0942 8160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:55:25.0958 8160 HTTP - ok
18:55:25.0958 8160 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:55:25.0973 8160 i2omgmt - ok
18:55:25.0989 8160 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:55:26.0004 8160 i2omp - ok
18:55:26.0020 8160 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
18:55:26.0020 8160 iaStor - ok
18:55:26.0051 8160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:55:26.0067 8160 Imapi - ok
18:55:26.0098 8160 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:55:26.0098 8160 ini910u - ok
18:55:26.0192 8160 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:55:26.0286 8160 IntcAzAudAddService - ok
18:55:26.0301 8160 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:55:26.0317 8160 IntelIde - ok
18:55:26.0333 8160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:55:26.0348 8160 intelppm - ok
18:55:26.0364 8160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:55:26.0380 8160 Ip6Fw - ok
18:55:26.0380 8160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:55:26.0395 8160 IpFilterDriver - ok
18:55:26.0442 8160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:55:26.0442 8160 IpInIp - ok
18:55:26.0473 8160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:55:26.0473 8160 IpNat - ok
18:55:26.0505 8160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:55:26.0505 8160 IPSec - ok
18:55:26.0536 8160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:55:26.0536 8160 IRENUM - ok
18:55:26.0551 8160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:55:26.0567 8160 isapnp - ok
18:55:26.0614 8160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:55:26.0630 8160 Kbdclass - ok
18:55:26.0661 8160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:55:26.0661 8160 kbdhid - ok
18:55:26.0708 8160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:55:26.0708 8160 kmixer - ok
18:55:26.0739 8160 KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
18:55:26.0739 8160 KmxAgent - ok
18:55:26.0755 8160 KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
18:55:26.0755 8160 KmxAMRT - ok
18:55:26.0786 8160 KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
18:55:26.0801 8160 KmxCF - ok
18:55:26.0817 8160 KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
18:55:26.0817 8160 KmxCfg - ok
18:55:26.0833 8160 KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
18:55:26.0833 8160 KmxFile - ok
18:55:26.0848 8160 KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
18:55:26.0848 8160 KmxFw - ok
18:55:26.0864 8160 KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
18:55:26.0880 8160 KmxSbx - ok
18:55:26.0880 8160 KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
18:55:26.0895 8160 KmxStart - ok
18:55:26.0911 8160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:55:26.0926 8160 KSecDD - ok
18:55:26.0942 8160 LBeepKE (6a61ba203ba8de6d5f9ca4fe5aecf0a1) C:\WINDOWS\system32\Drivers\LBeepKE.sys
18:55:26.0942 8160 LBeepKE - ok
18:55:26.0958 8160 lbrtfdc - ok
18:55:26.0989 8160 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:55:27.0005 8160 LHidFilt - ok
18:55:27.0020 8160 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:55:27.0036 8160 LMouFilt - ok
18:55:27.0051 8160 MCSTRM - ok
18:55:27.0067 8160 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:55:27.0083 8160 mdmxsdk - ok
18:55:27.0083 8160 mnegmu - ok
18:55:27.0098 8160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:55:27.0098 8160 mnmdd - ok
18:55:27.0114 8160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:55:27.0130 8160 Modem - ok
18:55:27.0145 8160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:55:27.0145 8160 Mouclass - ok
18:55:27.0161 8160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:55:27.0176 8160 mouhid - ok
18:55:27.0176 8160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:55:27.0192 8160 MountMgr - ok
18:55:27.0223 8160 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:55:27.0223 8160 mraid35x - ok
18:55:27.0223 8160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:55:27.0239 8160 MRxDAV - ok
18:55:27.0255 8160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:55:27.0270 8160 MRxSmb - ok
18:55:27.0301 8160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:55:27.0317 8160 Msfs - ok
18:55:27.0333 8160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:55:27.0348 8160 MSKSSRV - ok
18:55:27.0348 8160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:55:27.0364 8160 MSPCLOCK - ok
18:55:27.0364 8160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:55:27.0380 8160 MSPQM - ok
18:55:27.0395 8160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:55:27.0411 8160 mssmbios - ok
18:55:27.0426 8160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:55:27.0442 8160 Mup - ok
18:55:27.0442 8160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:55:27.0458 8160 NDIS - ok
18:55:27.0473 8160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:55:27.0473 8160 NdisTapi - ok
18:55:27.0505 8160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:55:27.0505 8160 Ndisuio - ok
18:55:27.0520 8160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:55:27.0520 8160 NdisWan - ok
18:55:27.0551 8160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:55:27.0551 8160 NDProxy - ok
18:55:27.0567 8160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:55:27.0567 8160 NetBIOS - ok
18:55:27.0583 8160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:55:27.0598 8160 NetBT - ok
18:55:27.0645 8160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:55:27.0661 8160 Npfs - ok
18:55:27.0676 8160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:55:27.0692 8160 Ntfs - ok
18:55:27.0723 8160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:55:27.0739 8160 Null - ok
18:55:27.0755 8160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:55:27.0770 8160 NwlnkFlt - ok
18:55:27.0786 8160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:55:27.0801 8160 NwlnkFwd - ok
18:55:27.0833 8160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:55:27.0833 8160 Parport - ok
18:55:27.0848 8160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:55:27.0848 8160 PartMgr - ok
18:55:27.0864 8160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:55:27.0880 8160 ParVdm - ok
18:55:28.0176 8160 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
18:55:28.0192 8160 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
18:55:28.0208 8160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:55:28.0223 8160 PCI - ok
18:55:28.0223 8160 PCIDump - ok
18:55:28.0255 8160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:55:28.0270 8160 PCIIde - ok
18:55:28.0286 8160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:55:28.0286 8160 Pcmcia - ok
18:55:28.0301 8160 PDCOMP - ok
18:55:28.0301 8160 PDFRAME - ok
18:55:28.0317 8160 PDRELI - ok
18:55:28.0333 8160 PDRFRAME - ok
18:55:28.0348 8160 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:55:28.0364 8160 perc2 - ok
18:55:28.0364 8160 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:55:28.0380 8160 perc2hib - ok
18:55:28.0426 8160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:55:28.0442 8160 PptpMiniport - ok
18:55:28.0442 8160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:55:28.0458 8160 PSched - ok
18:55:28.0473 8160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:55:28.0489 8160 Ptilink - ok
18:55:28.0505 8160 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:55:28.0520 8160 PxHelp20 - ok
18:55:28.0536 8160 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:55:28.0551 8160 ql1080 - ok
18:55:28.0583 8160 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:55:28.0583 8160 Ql10wnt - ok
18:55:28.0598 8160 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:55:28.0614 8160 ql12160 - ok
18:55:28.0614 8160 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:55:28.0630 8160 ql1240 - ok
18:55:28.0661 8160 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:55:28.0676 8160 ql1280 - ok
18:55:28.0708 8160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:55:28.0723 8160 RasAcd - ok
18:55:28.0739 8160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:55:28.0755 8160 Rasl2tp - ok
18:55:28.0770 8160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:55:28.0786 8160 RasPppoe - ok
18:55:28.0786 8160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:55:28.0801 8160 Raspti - ok
18:55:28.0817 8160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:55:28.0833 8160 Rdbss - ok
18:55:28.0864 8160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:55:28.0864 8160 RDPCDD - ok
18:55:28.0880 8160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:55:28.0895 8160 rdpdr - ok
18:55:28.0942 8160 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:55:28.0942 8160 RDPWD - ok
18:55:28.0973 8160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:55:28.0989 8160 redbook - ok
18:55:29.0005 8160 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:55:29.0020 8160 RimUsb - ok
18:55:29.0020 8160 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:55:29.0036 8160 RimVSerPort - ok
18:55:29.0036 8160 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:55:29.0051 8160 ROOTMODEM - ok
18:55:29.0114 8160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:55:29.0114 8160 Secdrv - ok
18:55:29.0145 8160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:55:29.0145 8160 Serial - ok
18:55:29.0176 8160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:55:29.0176 8160 Sfloppy - ok
18:55:29.0192 8160 Simbad - ok
18:55:29.0223 8160 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:55:29.0223 8160 sisagp - ok
18:55:29.0255 8160 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:55:29.0255 8160 Sparrow - ok
18:55:29.0301 8160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:55:29.0317 8160 splitter - ok
18:55:29.0333 8160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:55:29.0333 8160 sr - ok
18:55:29.0364 8160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:55:29.0380 8160 Srv - ok
18:55:29.0395 8160 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:55:29.0411 8160 sscdbus - ok
18:55:29.0426 8160 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:55:29.0442 8160 sscdmdfl - ok
18:55:29.0458 8160 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:55:29.0473 8160 sscdmdm - ok
18:55:29.0489 8160 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:55:29.0489 8160 sscdserd - ok
18:55:29.0520 8160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:55:29.0520 8160 swenum - ok
18:55:29.0551 8160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:55:29.0567 8160 swmidi - ok
18:55:29.0583 8160 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:55:29.0598 8160 symc810 - ok
18:55:29.0598 8160 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:55:29.0614 8160 symc8xx - ok
18:55:29.0614 8160 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:55:29.0630 8160 sym_hi - ok
18:55:29.0630 8160 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:55:29.0645 8160 sym_u3 - ok
18:55:29.0676 8160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:55:29.0692 8160 sysaudio - ok
18:55:29.0755 8160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:55:29.0770 8160 Tcpip - ok
18:55:29.0786 8160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:55:29.0801 8160 TDPIPE - ok
18:55:29.0833 8160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:55:29.0848 8160 TDTCP - ok
18:55:29.0848 8160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:55:29.0864 8160 TermDD - ok
18:55:29.0895 8160 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:55:29.0895 8160 TosIde - ok
18:55:29.0926 8160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:55:29.0942 8160 Udfs - ok
18:55:29.0958 8160 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:55:29.0958 8160 ultra - ok
18:55:29.0973 8160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:55:29.0989 8160 Update - ok
18:55:30.0020 8160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:55:30.0036 8160 usbccgp - ok
18:55:30.0083 8160 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:55:30.0083 8160 usbehci - ok
18:55:30.0114 8160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:55:30.0130 8160 usbhub - ok
18:55:30.0161 8160 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:55:30.0161 8160 usbprint - ok
18:55:30.0208 8160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:55:30.0223 8160 usbscan - ok
18:55:30.0255 8160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:55:30.0270 8160 USBSTOR - ok
18:55:30.0317 8160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:55:30.0333 8160 usbuhci - ok
18:55:30.0364 8160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:55:30.0364 8160 VgaSave - ok
18:55:30.0395 8160 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:55:30.0411 8160 viaagp - ok
18:55:30.0411 8160 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:55:30.0426 8160 ViaIde - ok
18:55:30.0442 8160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:55:30.0458 8160 VolSnap - ok
18:55:30.0473 8160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:55:30.0489 8160 Wanarp - ok
18:55:30.0520 8160 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:55:30.0536 8160 Wdf01000 - ok
18:55:30.0551 8160 WDICA - ok
18:55:30.0583 8160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:55:30.0598 8160 wdmaud - ok
18:55:30.0614 8160 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:55:30.0630 8160 winachsf - ok
18:55:30.0692 8160 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:55:30.0708 8160 WmiAcpi - ok
18:55:30.0739 8160 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:55:30.0755 8160 WpdUsb - ok
18:55:30.0770 8160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:55:30.0770 8160 WS2IFSL - ok
18:55:30.0801 8160 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:55:30.0817 8160 WudfPf - ok
18:55:30.0817 8160 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:55:30.0833 8160 WudfRd - ok
18:55:30.0848 8160 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
18:55:30.0880 8160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:55:30.0880 8160 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:55:30.0911 8160 Boot (0x1200) (7a1d682dad0954d9a5cb001a1654805a) \Device\Harddisk0\DR0\Partition0
18:55:30.0911 8160 \Device\Harddisk0\DR0\Partition0 - ok
18:55:30.0911 8160 ============================================================
18:55:30.0911 8160 Scan finished
18:55:30.0911 8160 ============================================================
18:55:30.0926 8152 Detected object count: 1
18:55:30.0926 8152 Actual detected object count: 1
18:55:42.0146 8152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:55:42.0146 8152 \Device\Harddisk0\DR0 - ok
18:55:42.0146 8152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:55:49.0271 7536 Deinitialize success
 
Lol

aswMBR:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:28:57
-----------------------------
19:28:57.156 OS Version: Windows 5.1.2600 Service Pack 3
19:28:57.156 Number of processors: 2 586 0x1706
19:28:57.156 ComputerName: MONIQUE UserName: Mona
19:28:58.906 Initialize success
19:29:05.468 AVAST engine defs: 12011902
19:29:42.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:29:42.953 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
19:29:42.968 Disk 0 MBR read successfully
19:29:42.968 Disk 0 MBR scan
19:29:43.015 Disk 0 Windows VISTA default MBR code
19:29:43.015 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
19:29:43.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476890 MB offset 96390
19:29:43.046 Disk 0 scanning sectors +976768065
19:29:43.125 Disk 0 scanning C:\WINDOWS\system32\drivers
19:29:49.578 Service scanning
19:29:50.968 Modules scanning
19:30:23.421 Disk 0 trace - called modules:
19:30:23.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
19:30:23.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
19:30:23.453 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8af951e0]
19:30:23.468 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af4ed98]
19:30:24.093 AVAST engine scan C:\WINDOWS
19:30:34.859 AVAST engine scan C:\WINDOWS\system32
19:31:51.703 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:08.218 AVAST engine scan C:\Documents and Settings\Mona
19:40:28.671 AVAST engine scan C:\Documents and Settings\All Users
19:41:43.062 Scan finished successfully
19:43:17.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
19:43:17.156 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR-log2.txt"


bootkit remover:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Very good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
It states to close/disable anti virus and anti malware before running. I disabled my anti virus but I'm not sure how to disable malwarebytes or if it's ok to leave alone.
 
If you have free version don't worry about it.
It doesn't run in real time.

If you have free trial or paid version see HERE
 
Before I start combo fix it says I need to remove CA internet security. My anti virus protection says CA security center. Is this the same?
 
You must log in or register to reply here.

Similar threads

Jess_123
My num pad + doesn't work ...
Replies
0
Views
267
Jess_123
Jess_123
I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni
K
Question Assistance Needed for HPE DL30 Proliant Server Error Codes
Replies
0
Views
608
KJ707
K

Latest posts

Back