Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google adware/malware

Started by kattysam , Feb 21 2012 08:32 PM

  • Please log in to reply
27 replies to this topic

#1 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 21 February 2012 - 08:32 PM

Every time I do a google search and try to click through to the results, vipsearch takes over and sends me to a completely different website. I also cannot view the google images. It seems to only happen when I search through google, not when I enter the actual web address in the address bar. I have tried running AVG and malware bytes and they found nothing. I am running windows XP home 2002 service pack 3 and it is affecting both explorer and firefox. Please help!!!

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 21 February 2012 - 08:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 21 February 2012 - 09:45 PM

Thanks for your prompt reply. Here we go:
TDSSKiller results:
20:51:00.0093 5120 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:51:00.0093 5120 perc2hib - ok
20:51:00.0171 5120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:51:00.0171 5120 PptpMiniport - ok
20:51:00.0203 5120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:51:00.0203 5120 PSched - ok
20:51:00.0218 5120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:51:00.0218 5120 Ptilink - ok
20:51:00.0265 5120 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:51:00.0265 5120 PxHelp20 - ok
20:51:00.0281 5120 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:51:00.0296 5120 ql1080 - ok
20:51:00.0296 5120 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:51:00.0296 5120 Ql10wnt - ok
20:51:00.0359 5120 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:51:00.0359 5120 ql12160 - ok
20:51:00.0390 5120 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:51:00.0390 5120 ql1240 - ok
20:51:00.0406 5120 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:51:00.0406 5120 ql1280 - ok
20:51:00.0421 5120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:51:00.0421 5120 RasAcd - ok
20:51:00.0468 5120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:51:00.0484 5120 Rasl2tp - ok
20:51:00.0500 5120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:51:00.0500 5120 RasPppoe - ok
20:51:00.0500 5120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:51:00.0500 5120 Raspti - ok
20:51:00.0531 5120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:51:00.0531 5120 Rdbss - ok
20:51:00.0562 5120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:51:00.0562 5120 RDPCDD - ok
20:51:00.0609 5120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:51:00.0609 5120 rdpdr - ok
20:51:00.0656 5120 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:51:00.0656 5120 RDPWD - ok
20:51:00.0671 5120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:51:00.0671 5120 redbook - ok
20:51:00.0734 5120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:51:00.0750 5120 Secdrv - ok
20:51:00.0796 5120 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:51:00.0796 5120 serenum - ok
20:51:00.0828 5120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:51:00.0828 5120 Serial - ok
20:51:00.0859 5120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:51:00.0859 5120 Sfloppy - ok
20:51:00.0875 5120 Simbad - ok
20:51:00.0921 5120 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:51:00.0937 5120 sisagp - ok
20:51:00.0968 5120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:51:00.0968 5120 SLIP - ok
20:51:01.0046 5120 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:51:01.0046 5120 Sparrow - ok
20:51:01.0062 5120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:51:01.0062 5120 splitter - ok
20:51:01.0093 5120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:51:01.0109 5120 sr - ok
20:51:01.0156 5120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:51:01.0156 5120 Srv - ok
20:51:01.0250 5120 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
20:51:01.0281 5120 STHDA - ok
20:51:01.0328 5120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:51:01.0328 5120 streamip - ok
20:51:01.0375 5120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:51:01.0375 5120 swenum - ok
20:51:01.0390 5120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:51:01.0390 5120 swmidi - ok
20:51:01.0437 5120 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:51:01.0437 5120 symc810 - ok
20:51:01.0453 5120 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:51:01.0453 5120 symc8xx - ok
20:51:01.0468 5120 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:51:01.0468 5120 sym_hi - ok
20:51:01.0484 5120 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:51:01.0484 5120 sym_u3 - ok
20:51:01.0546 5120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:51:01.0546 5120 sysaudio - ok
20:51:01.0593 5120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:51:01.0609 5120 Tcpip - ok
20:51:01.0625 5120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:51:01.0625 5120 TDPIPE - ok
20:51:01.0656 5120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:51:01.0671 5120 TDTCP - ok
20:51:01.0687 5120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:51:01.0687 5120 TermDD - ok
20:51:01.0718 5120 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:51:01.0718 5120 TosIde - ok
20:51:01.0750 5120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:51:01.0750 5120 Udfs - ok
20:51:01.0781 5120 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:51:01.0781 5120 ultra - ok
20:51:01.0843 5120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:51:01.0843 5120 Update - ok
20:51:01.0906 5120 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:51:01.0906 5120 USBAAPL - ok
20:51:01.0937 5120 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:51:01.0953 5120 usbaudio - ok
20:51:01.0953 5120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:51:01.0968 5120 usbccgp - ok
20:51:02.0000 5120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:51:02.0000 5120 usbehci - ok
20:51:02.0031 5120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:51:02.0031 5120 usbhub - ok
20:51:02.0093 5120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:51:02.0093 5120 usbprint - ok
20:51:02.0109 5120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:51:02.0109 5120 usbscan - ok
20:51:02.0125 5120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:51:02.0125 5120 USBSTOR - ok
20:51:02.0156 5120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:51:02.0156 5120 usbuhci - ok
20:51:02.0171 5120 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
20:51:02.0171 5120 USB_RNDIS_XP - ok
20:51:02.0187 5120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:51:02.0187 5120 VgaSave - ok
20:51:02.0234 5120 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:51:02.0234 5120 viaagp - ok
20:51:02.0281 5120 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:51:02.0281 5120 ViaIde - ok
20:51:02.0312 5120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:51:02.0328 5120 VolSnap - ok
20:51:02.0406 5120 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
20:51:02.0468 5120 VX1000 - ok
20:51:02.0500 5120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:51:02.0500 5120 Wanarp - ok
20:51:02.0546 5120 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:51:02.0578 5120 Wdf01000 - ok
20:51:02.0593 5120 WDICA - ok
20:51:02.0625 5120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:51:02.0640 5120 wdmaud - ok
20:51:02.0718 5120 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:51:02.0734 5120 WpdUsb - ok
20:51:02.0765 5120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:51:02.0765 5120 WSTCODEC - ok
20:51:02.0796 5120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:51:02.0796 5120 WudfPf - ok
20:51:02.0828 5120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:51:02.0828 5120 WudfRd - ok
20:51:02.0875 5120 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
20:51:02.0906 5120 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:51:02.0906 5120 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:51:02.0937 5120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:51:02.0937 5120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:51:02.0968 5120 Boot (0x1200) (807fe6e9766c2484ac77edf8f054947b) \Device\Harddisk0\DR0\Partition0
20:51:02.0968 5120 \Device\Harddisk0\DR0\Partition0 - ok
20:51:02.0968 5120 ============================================================
20:51:02.0968 5120 Scan finished
20:51:02.0968 5120 ============================================================
20:51:02.0984 5112 Detected object count: 2
20:51:02.0984 5112 Actual detected object count: 2

GMER results:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-21 21:29:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST316081 rev.3.AD
Running: jlf2uw5c.exe; Driver: C:\DOCUME~1\Aron\LOCALS~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x99346F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x99346FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x99347080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9934711C]

---- Kernel code sections - GMER 1.0.15 ----

? system32\drivers\58534017.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0079000C
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1352] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00FE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01855B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\09031599 \Device\KLMD16012012_207010 58534017.sys
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 979E2D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

aswMBR results:

9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 21:30:40
-----------------------------
21:30:40.281 OS Version: Windows 5.1.2600 Service Pack 3
21:30:40.281 Number of processors: 2 586 0xF02
21:30:40.296 ComputerName: MAIN UserName: Aron
21:30:44.593 Initialize success
21:35:14.875 AVAST engine defs: 12022101
21:35:58.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:35:58.140 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
21:35:58.156 Disk 0 MBR read successfully
21:35:58.171 Disk 0 MBR scan
21:35:58.234 Disk 0 MBR:Pihar-C [Rtk]
21:35:58.234 Disk 0 TDL4@MBR code has been found
21:35:58.234 Disk 0 MBR hidden
21:35:58.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:35:58.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
21:35:58.296 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
21:35:58.296 Disk 0 MBR [TDL4] **ROOTKIT**
21:35:58.312 Disk 0 trace - called modules:
21:35:58.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8646449f]<<
21:35:58.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87161030]
21:35:58.343 3 CLASSPNP.SYS[f7530fd7] -> nt!IofCallDriver -> [0x85f76030]
21:35:58.343 \Driver\iaStor[0x86487428] -> IRP_MJ_CREATE -> 0x8646449f
21:35:59.375 AVAST engine scan C:\WINDOWS
21:36:23.640 AVAST engine scan C:\WINDOWS\system32
21:39:27.953 AVAST engine scan C:\WINDOWS\system32\drivers
21:39:40.421 AVAST engine scan C:\Documents and Settings\Aron
21:41:54.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aron\Desktop\MBR.dat"
21:41:54.687 The log file has been saved successfully to "C:\Documents and Settings\Aron\Desktop\aswMBR.txt"

#4 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 21 February 2012 - 10:12 PM

TDSSkiller log is incomplete

I want you to restart the PC and run TDSSkiller and aswmbr once again and post the logs

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Remove infections,run a scan again and post the Clean log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 21 February 2012 - 10:51 PM

tdss:
20:50:36.0968 5072 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:50:37.0265 5072 ============================================================
20:50:37.0265 5072 Current date / time: 2012/02/21 20:50:37.0265
20:50:37.0265 5072 SystemInfo:
20:50:37.0265 5072
20:50:37.0265 5072 OS Version: 5.1.2600 ServicePack: 3.0
20:50:37.0265 5072 Product type: Workstation
20:50:37.0265 5072 ComputerName: MAIN
20:50:37.0265 5072 UserName: Aron
20:50:37.0265 5072 Windows directory: C:\WINDOWS
20:50:37.0265 5072 System windows directory: C:\WINDOWS
20:50:37.0265 5072 Processor architecture: Intel x86
20:50:37.0265 5072 Number of processors: 2
20:50:37.0265 5072 Page size: 0x1000
20:50:37.0265 5072 Boot type: Normal boot
20:50:37.0265 5072 ============================================================
20:50:38.0609 5072 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:50:38.0625 5072 \Device\Harddisk0\DR0:
20:50:38.0625 5072 MBR used
20:50:38.0625 5072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
20:50:38.0687 5072 Initialize success
20:50:38.0687 5072 ============================================================
20:50:53.0250 5120 ============================================================
20:50:53.0250 5120 Scan started
20:50:53.0250 5120 Mode: Manual; TDLFS;
20:50:53.0250 5120 ============================================================
20:50:54.0281 5120 Abiosdsk - ok
20:50:54.0328 5120 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:50:54.0328 5120 abp480n5 - ok
20:50:54.0375 5120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:50:54.0390 5120 ACPI - ok
20:50:54.0406 5120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:50:54.0406 5120 ACPIEC - ok
20:50:54.0437 5120 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:50:54.0453 5120 adpu160m - ok
20:50:54.0468 5120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:50:54.0484 5120 aec - ok
20:50:54.0531 5120 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:50:54.0546 5120 AFD - ok
20:50:54.0593 5120 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:50:54.0593 5120 agp440 - ok
20:50:54.0625 5120 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:50:54.0640 5120 agpCPQ - ok
20:50:54.0656 5120 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:50:54.0656 5120 Aha154x - ok
20:50:54.0703 5120 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:50:54.0703 5120 aic78u2 - ok
20:50:54.0734 5120 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:50:54.0734 5120 aic78xx - ok
20:50:54.0765 5120 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:50:54.0765 5120 AliIde - ok
20:50:54.0812 5120 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:50:54.0812 5120 alim1541 - ok
20:50:54.0859 5120 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:50:54.0859 5120 amdagp - ok
20:50:54.0875 5120 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:50:54.0875 5120 amsint - ok
20:50:54.0906 5120 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:50:54.0906 5120 asc - ok
20:50:54.0937 5120 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:50:54.0953 5120 asc3350p - ok
20:50:54.0984 5120 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:50:54.0984 5120 asc3550 - ok
20:50:55.0031 5120 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
20:50:55.0031 5120 Aspi32 - ok
20:50:55.0062 5120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:50:55.0062 5120 AsyncMac - ok
20:50:55.0093 5120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:50:55.0093 5120 atapi - ok
20:50:55.0109 5120 Atdisk - ok
20:50:55.0140 5120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:50:55.0140 5120 Atmarpc - ok
20:50:55.0156 5120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:50:55.0156 5120 audstub - ok
20:50:55.0218 5120 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:50:55.0218 5120 AVGIDSDriver - ok
20:50:55.0234 5120 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:50:55.0234 5120 AVGIDSEH - ok
20:50:55.0265 5120 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:50:55.0265 5120 AVGIDSFilter - ok
20:50:55.0296 5120 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:50:55.0296 5120 AVGIDSShim - ok
20:50:55.0328 5120 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:50:55.0328 5120 Avgldx86 - ok
20:50:55.0375 5120 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:50:55.0375 5120 Avgmfx86 - ok
20:50:55.0406 5120 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:50:55.0421 5120 Avgrkx86 - ok
20:50:55.0468 5120 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:50:55.0468 5120 Avgtdix - ok
20:50:55.0500 5120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:50:55.0500 5120 Beep - ok
20:50:55.0546 5120 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:50:55.0546 5120 cbidf - ok
20:50:55.0578 5120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:50:55.0578 5120 cbidf2k - ok
20:50:55.0609 5120 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:50:55.0609 5120 CCDECODE - ok
20:50:55.0640 5120 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:50:55.0640 5120 cd20xrnt - ok
20:50:55.0656 5120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:50:55.0656 5120 Cdaudio - ok
20:50:55.0687 5120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:50:55.0687 5120 Cdfs - ok
20:50:55.0718 5120 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:50:55.0734 5120 Cdrom - ok
20:50:55.0734 5120 Changer - ok
20:50:55.0765 5120 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:50:55.0781 5120 CmdIde - ok
20:50:55.0796 5120 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:50:55.0796 5120 Cpqarray - ok
20:50:55.0828 5120 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:50:55.0843 5120 dac2w2k - ok
20:50:55.0890 5120 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:50:55.0890 5120 dac960nt - ok
20:50:55.0921 5120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:50:55.0937 5120 Disk - ok
20:50:56.0015 5120 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:50:56.0015 5120 DLABOIOM - ok
20:50:56.0031 5120 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:50:56.0031 5120 DLACDBHM - ok
20:50:56.0078 5120 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:50:56.0078 5120 DLADResN - ok
20:50:56.0125 5120 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:50:56.0125 5120 DLAIFS_M - ok
20:50:56.0156 5120 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:50:56.0156 5120 DLAOPIOM - ok
20:50:56.0156 5120 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:50:56.0156 5120 DLAPoolM - ok
20:50:56.0234 5120 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:50:56.0234 5120 DLARTL_N - ok
20:50:56.0250 5120 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:50:56.0250 5120 DLAUDFAM - ok
20:50:56.0281 5120 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:50:56.0281 5120 DLAUDF_M - ok
20:50:56.0343 5120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:50:56.0375 5120 dmboot - ok
20:50:56.0406 5120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:50:56.0406 5120 dmio - ok
20:50:56.0437 5120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:50:56.0437 5120 dmload - ok
20:50:56.0468 5120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:50:56.0468 5120 DMusic - ok
20:50:56.0515 5120 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:50:56.0515 5120 dpti2o - ok
20:50:56.0531 5120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:50:56.0531 5120 drmkaud - ok
20:50:56.0578 5120 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:50:56.0578 5120 DRVMCDB - ok
20:50:56.0593 5120 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:50:56.0593 5120 DRVNDDM - ok
20:50:56.0687 5120 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
20:50:56.0687 5120 DSproct - ok
20:50:56.0750 5120 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:50:56.0765 5120 E100B - ok
20:50:56.0812 5120 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:50:56.0812 5120 e1express - ok
20:50:56.0859 5120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:50:56.0875 5120 Fastfat - ok
20:50:56.0906 5120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:50:56.0906 5120 Fdc - ok
20:50:56.0921 5120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:50:56.0937 5120 Fips - ok
20:50:56.0953 5120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:50:56.0968 5120 Flpydisk - ok
20:50:57.0015 5120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:50:57.0015 5120 FltMgr - ok
20:50:57.0046 5120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:50:57.0046 5120 Fs_Rec - ok
20:50:57.0062 5120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:50:57.0078 5120 Ftdisk - ok
20:50:57.0109 5120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:50:57.0125 5120 GEARAspiWDM - ok
20:50:57.0171 5120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:50:57.0171 5120 Gpc - ok
20:50:57.0218 5120 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
20:50:57.0218 5120 grmnusb - ok
20:50:57.0265 5120 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:50:57.0265 5120 HDAudBus - ok
20:50:57.0296 5120 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:50:57.0312 5120 HidUsb - ok
20:50:57.0343 5120 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:50:57.0343 5120 hpn - ok
20:50:57.0437 5120 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:50:57.0437 5120 HPZid412 - ok
20:50:57.0437 5120 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:50:57.0437 5120 HPZipr12 - ok
20:50:57.0468 5120 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:50:57.0468 5120 HPZius12 - ok
20:50:57.0515 5120 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:50:57.0515 5120 HTTP - ok
20:50:57.0546 5120 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:50:57.0546 5120 i2omgmt - ok
20:50:57.0593 5120 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:50:57.0593 5120 i2omp - ok
20:50:57.0609 5120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:50:57.0625 5120 i8042prt - ok
20:50:57.0687 5120 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:50:57.0718 5120 ialm - ok
20:50:57.0765 5120 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
20:50:57.0765 5120 iaStor - ok
20:50:57.0796 5120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:50:57.0796 5120 Imapi - ok
20:50:57.0843 5120 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:50:57.0843 5120 ini910u - ok
20:50:57.0875 5120 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:50:57.0875 5120 IntelIde - ok
20:50:57.0890 5120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:50:57.0890 5120 intelppm - ok
20:50:57.0921 5120 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:50:57.0937 5120 Ip6Fw - ok
20:50:57.0968 5120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:50:57.0968 5120 IpFilterDriver - ok
20:50:58.0015 5120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:50:58.0015 5120 IpInIp - ok
20:50:58.0046 5120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:50:58.0046 5120 IpNat - ok
20:50:58.0078 5120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:50:58.0078 5120 IPSec - ok
20:50:58.0109 5120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:50:58.0109 5120 IRENUM - ok
20:50:58.0140 5120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:50:58.0140 5120 isapnp - ok
20:50:58.0171 5120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:50:58.0171 5120 Kbdclass - ok
20:50:58.0171 5120 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:50:58.0187 5120 kbdhid - ok
20:50:58.0218 5120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:50:58.0218 5120 kmixer - ok
20:50:58.0265 5120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:50:58.0265 5120 KSecDD - ok
20:50:58.0328 5120 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:50:58.0328 5120 LBeepKE - ok
20:50:58.0343 5120 lbrtfdc - ok
20:50:58.0390 5120 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:50:58.0390 5120 LHidFilt - ok
20:50:58.0421 5120 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:50:58.0421 5120 LMouFilt - ok
20:50:58.0468 5120 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
20:50:58.0468 5120 LUsbFilt - ok
20:50:58.0484 5120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:50:58.0484 5120 mnmdd - ok
20:50:58.0531 5120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:50:58.0531 5120 Modem - ok
20:50:58.0562 5120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:50:58.0562 5120 Mouclass - ok
20:50:58.0593 5120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:50:58.0593 5120 mouhid - ok
20:50:58.0640 5120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:50:58.0640 5120 MountMgr - ok
20:50:58.0671 5120 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:50:58.0671 5120 mraid35x - ok
20:50:58.0734 5120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:50:58.0734 5120 MRxDAV - ok
20:50:58.0765 5120 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:50:58.0796 5120 MRxSmb - ok
20:50:58.0843 5120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:50:58.0843 5120 Msfs - ok
20:50:58.0859 5120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:50:58.0859 5120 MSKSSRV - ok
20:50:58.0890 5120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:50:58.0890 5120 MSPCLOCK - ok
20:50:58.0906 5120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:50:58.0906 5120 MSPQM - ok
20:50:58.0937 5120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:50:58.0937 5120 mssmbios - ok
20:50:58.0968 5120 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:50:58.0984 5120 MSTEE - ok
20:50:59.0015 5120 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:50:59.0031 5120 Mup - ok
20:50:59.0062 5120 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:50:59.0062 5120 NABTSFEC - ok
20:50:59.0093 5120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:50:59.0093 5120 NDIS - ok
20:50:59.0125 5120 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:50:59.0125 5120 NdisIP - ok
20:50:59.0156 5120 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:50:59.0171 5120 NdisTapi - ok
20:50:59.0187 5120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:50:59.0187 5120 Ndisuio - ok
20:50:59.0203 5120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:50:59.0203 5120 NdisWan - ok
20:50:59.0234 5120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:50:59.0234 5120 NDProxy - ok
20:50:59.0265 5120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:50:59.0265 5120 NetBIOS - ok
20:50:59.0296 5120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:50:59.0296 5120 NetBT - ok
20:50:59.0375 5120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:50:59.0375 5120 Npfs - ok
20:50:59.0406 5120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:50:59.0421 5120 Ntfs - ok
20:50:59.0437 5120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:50:59.0437 5120 Null - ok
20:50:59.0531 5120 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:50:59.0609 5120 nv - ok
20:50:59.0640 5120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:50:59.0640 5120 NwlnkFlt - ok
20:50:59.0671 5120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:50:59.0671 5120 NwlnkFwd - ok
20:50:59.0718 5120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:50:59.0718 5120 Parport - ok
20:50:59.0750 5120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:50:59.0750 5120 PartMgr - ok
20:50:59.0781 5120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:50:59.0781 5120 ParVdm - ok
20:50:59.0828 5120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:50:59.0828 5120 PCI - ok
20:50:59.0843 5120 PCIDump - ok
20:50:59.0875 5120 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:50:59.0875 5120 PCIIde - ok
20:50:59.0921 5120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:50:59.0921 5120 Pcmcia - ok
20:50:59.0937 5120 PDCOMP - ok
20:50:59.0953 5120 PDFRAME - ok
20:50:59.0953 5120 PDRELI - ok
20:50:59.0968 5120 PDRFRAME - ok
20:51:00.0046 5120 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:51:00.0046 5120 perc2 - ok
20:51:00.0093 5120 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:51:00.0093 5120 perc2hib - ok
20:51:00.0171 5120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:51:00.0171 5120 PptpMiniport - ok
20:51:00.0203 5120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:51:00.0203 5120 PSched - ok
20:51:00.0218 5120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:51:00.0218 5120 Ptilink - ok
20:51:00.0265 5120 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:51:00.0265 5120 PxHelp20 - ok
20:51:00.0281 5120 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:51:00.0296 5120 ql1080 - ok
20:51:00.0296 5120 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:51:00.0296 5120 Ql10wnt - ok
20:51:00.0359 5120 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:51:00.0359 5120 ql12160 - ok
20:51:00.0390 5120 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:51:00.0390 5120 ql1240 - ok
20:51:00.0406 5120 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:51:00.0406 5120 ql1280 - ok
20:51:00.0421 5120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:51:00.0421 5120 RasAcd - ok
20:51:00.0468 5120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:51:00.0484 5120 Rasl2tp - ok
20:51:00.0500 5120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:51:00.0500 5120 RasPppoe - ok
20:51:00.0500 5120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:51:00.0500 5120 Raspti - ok
20:51:00.0531 5120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:51:00.0531 5120 Rdbss - ok
20:51:00.0562 5120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:51:00.0562 5120 RDPCDD - ok
20:51:00.0609 5120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:51:00.0609 5120 rdpdr - ok
20:51:00.0656 5120 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:51:00.0656 5120 RDPWD - ok
20:51:00.0671 5120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:51:00.0671 5120 redbook - ok
20:51:00.0734 5120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:51:00.0750 5120 Secdrv - ok
20:51:00.0796 5120 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:51:00.0796 5120 serenum - ok
20:51:00.0828 5120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:51:00.0828 5120 Serial - ok
20:51:00.0859 5120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:51:00.0859 5120 Sfloppy - ok
20:51:00.0875 5120 Simbad - ok
20:51:00.0921 5120 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:51:00.0937 5120 sisagp - ok
20:51:00.0968 5120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:51:00.0968 5120 SLIP - ok
20:51:01.0046 5120 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:51:01.0046 5120 Sparrow - ok
20:51:01.0062 5120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:51:01.0062 5120 splitter - ok
20:51:01.0093 5120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:51:01.0109 5120 sr - ok
20:51:01.0156 5120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:51:01.0156 5120 Srv - ok
20:51:01.0250 5120 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
20:51:01.0281 5120 STHDA - ok
20:51:01.0328 5120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:51:01.0328 5120 streamip - ok
20:51:01.0375 5120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:51:01.0375 5120 swenum - ok
20:51:01.0390 5120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:51:01.0390 5120 swmidi - ok
20:51:01.0437 5120 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:51:01.0437 5120 symc810 - ok
20:51:01.0453 5120 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:51:01.0453 5120 symc8xx - ok
20:51:01.0468 5120 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:51:01.0468 5120 sym_hi - ok
20:51:01.0484 5120 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:51:01.0484 5120 sym_u3 - ok
20:51:01.0546 5120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:51:01.0546 5120 sysaudio - ok
20:51:01.0593 5120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:51:01.0609 5120 Tcpip - ok
20:51:01.0625 5120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:51:01.0625 5120 TDPIPE - ok
20:51:01.0656 5120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:51:01.0671 5120 TDTCP - ok
20:51:01.0687 5120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:51:01.0687 5120 TermDD - ok
20:51:01.0718 5120 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:51:01.0718 5120 TosIde - ok
20:51:01.0750 5120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:51:01.0750 5120 Udfs - ok
20:51:01.0781 5120 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:51:01.0781 5120 ultra - ok
20:51:01.0843 5120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:51:01.0843 5120 Update - ok
20:51:01.0906 5120 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:51:01.0906 5120 USBAAPL - ok
20:51:01.0937 5120 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:51:01.0953 5120 usbaudio - ok
20:51:01.0953 5120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:51:01.0968 5120 usbccgp - ok
20:51:02.0000 5120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:51:02.0000 5120 usbehci - ok
20:51:02.0031 5120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:51:02.0031 5120 usbhub - ok
20:51:02.0093 5120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:51:02.0093 5120 usbprint - ok
20:51:02.0109 5120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:51:02.0109 5120 usbscan - ok
20:51:02.0125 5120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:51:02.0125 5120 USBSTOR - ok
20:51:02.0156 5120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:51:02.0156 5120 usbuhci - ok
20:51:02.0171 5120 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
20:51:02.0171 5120 USB_RNDIS_XP - ok
20:51:02.0187 5120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:51:02.0187 5120 VgaSave - ok
20:51:02.0234 5120 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:51:02.0234 5120 viaagp - ok
20:51:02.0281 5120 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:51:02.0281 5120 ViaIde - ok
20:51:02.0312 5120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:51:02.0328 5120 VolSnap - ok
20:51:02.0406 5120 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
20:51:02.0468 5120 VX1000 - ok
20:51:02.0500 5120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:51:02.0500 5120 Wanarp - ok
20:51:02.0546 5120 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:51:02.0578 5120 Wdf01000 - ok
20:51:02.0593 5120 WDICA - ok
20:51:02.0625 5120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:51:02.0640 5120 wdmaud - ok
20:51:02.0718 5120 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:51:02.0734 5120 WpdUsb - ok
20:51:02.0765 5120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:51:02.0765 5120 WSTCODEC - ok
20:51:02.0796 5120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:51:02.0796 5120 WudfPf - ok
20:51:02.0828 5120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:51:02.0828 5120 WudfRd - ok
20:51:02.0875 5120 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
20:51:02.0906 5120 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:51:02.0906 5120 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:51:02.0937 5120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:51:02.0937 5120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:51:02.0968 5120 Boot (0x1200) (807fe6e9766c2484ac77edf8f054947b) \Device\Harddisk0\DR0\Partition0
20:51:02.0968 5120 \Device\Harddisk0\DR0\Partition0 - ok
20:51:02.0968 5120 ============================================================
20:51:02.0968 5120 Scan finished
20:51:02.0968 5120 ============================================================
20:51:02.0984 5112 Detected object count: 2

aswmbr:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 22:28:48
-----------------------------
22:28:48.750 OS Version: Windows 5.1.2600 Service Pack 3
22:28:48.750 Number of processors: 2 586 0xF02
22:28:48.750 ComputerName: MAIN UserName: Aron
22:28:50.406 Initialize success
22:29:00.718 AVAST engine defs: 12022101
22:29:02.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:02.562 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
22:29:02.562 Disk 0 MBR read successfully
22:29:02.562 Disk 0 MBR scan
22:29:02.625 Disk 0 MBR:Pihar-C [Rtk]
22:29:02.625 Disk 0 TDL4@MBR code has been found
22:29:02.625 Disk 0 MBR hidden
22:29:02.625 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:29:02.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
22:29:02.671 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
22:29:02.687 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:02.687 Disk 0 trace - called modules:
22:29:02.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8645249f]<<
22:29:02.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717e030]
22:29:02.718 3 CLASSPNP.SYS[f7530fd7] -> nt!IofCallDriver -> [0x85ebf030]
22:29:02.718 \Driver\iaStor[0x86549e78] -> IRP_MJ_CREATE -> 0x8645249f
22:29:04.265 AVAST engine scan C:\WINDOWS
22:29:26.531 AVAST engine scan C:\WINDOWS\system32
22:31:27.765 AVAST engine scan C:\WINDOWS\system32\drivers
22:31:40.187 AVAST engine scan C:\Documents and Settings\Aron
22:36:45.453 File: C:\Documents and Settings\Aron\Local Settings\Temp\130.tmp **INFECTED** Win32:MalOb-IK [Cryp]
22:44:01.046 AVAST engine scan C:\Documents and Settings\All Users
22:46:13.171 Scan finished successfully
22:48:44.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aron\Desktop\MBR.dat"
22:48:44.062 The log file has been saved successfully to "C:\Documents and Settings\Aron\Desktop\aswMBR.txt"

I already have malware bytes. I updated it and am doing a scan now...

#6 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 February 2012 - 12:26 AM

Did you RESTART THE PC?

TDSSkiller log is still incomplete

I want you to run TDSSkiller once again.Let me know if it still finds infections.

Pause MBAM scan and ESET scan now.

If TDSSkiller finds rootkit even after reboot we need some advanced tools to remove it

#7 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 22 February 2012 - 06:58 AM

I did restart. Let me uninstall TDSS, restart, and try it again. Malwarebytes found nothing.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Aron :: MAIN [administrator]

2/21/2012 10:52:42 PM
mbam-log-2012-02-21 (22-52-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446795
Time elapsed: 2 hour(s), 19 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 22 February 2012 - 07:11 AM

TDSS Wouldn't let me uninstall. I restarted. Realized there was more than one log. Ran it again. here is what I got:
07:05:29.0671 3872 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
07:05:30.0015 3872 ============================================================
07:05:30.0015 3872 Current date / time: 2012/02/22 07:05:30.0015
07:05:30.0015 3872 SystemInfo:
07:05:30.0015 3872
07:05:30.0015 3872 OS Version: 5.1.2600 ServicePack: 3.0
07:05:30.0015 3872 Product type: Workstation
07:05:30.0015 3872 ComputerName: MAIN
07:05:30.0015 3872 UserName: Aron
07:05:30.0015 3872 Windows directory: C:\WINDOWS
07:05:30.0015 3872 System windows directory: C:\WINDOWS
07:05:30.0015 3872 Processor architecture: Intel x86
07:05:30.0015 3872 Number of processors: 2
07:05:30.0015 3872 Page size: 0x1000
07:05:30.0015 3872 Boot type: Normal boot
07:05:30.0015 3872 ============================================================
07:05:30.0515 3872 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:05:30.0515 3872 \Device\Harddisk0\DR0:
07:05:30.0515 3872 MBR used
07:05:30.0515 3872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
07:05:30.0562 3872 Initialize success
07:05:30.0562 3872 ============================================================
07:05:36.0656 4088 ============================================================
07:05:36.0656 4088 Scan started
07:05:36.0656 4088 Mode: Manual; TDLFS;
07:05:36.0656 4088 ============================================================
07:05:37.0109 4088 Abiosdsk - ok
07:05:37.0140 4088 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:05:37.0140 4088 abp480n5 - ok
07:05:37.0203 4088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:05:37.0203 4088 ACPI - ok
07:05:37.0234 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:05:37.0234 4088 ACPIEC - ok
07:05:37.0281 4088 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:05:37.0281 4088 adpu160m - ok
07:05:37.0312 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:05:37.0312 4088 aec - ok
07:05:37.0343 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:05:37.0359 4088 AFD - ok
07:05:37.0390 4088 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:05:37.0390 4088 agp440 - ok
07:05:37.0421 4088 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:05:37.0421 4088 agpCPQ - ok
07:05:37.0468 4088 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:05:37.0468 4088 Aha154x - ok
07:05:37.0515 4088 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:05:37.0515 4088 aic78u2 - ok
07:05:37.0562 4088 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:05:37.0562 4088 aic78xx - ok
07:05:37.0578 4088 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:05:37.0578 4088 AliIde - ok
07:05:37.0593 4088 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:05:37.0593 4088 alim1541 - ok
07:05:37.0625 4088 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:05:37.0640 4088 amdagp - ok
07:05:37.0656 4088 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:05:37.0656 4088 amsint - ok
07:05:37.0718 4088 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:05:37.0718 4088 asc - ok
07:05:37.0750 4088 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:05:37.0750 4088 asc3350p - ok
07:05:37.0765 4088 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:05:37.0765 4088 asc3550 - ok
07:05:37.0828 4088 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
07:05:37.0828 4088 Aspi32 - ok
07:05:37.0843 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:05:37.0843 4088 AsyncMac - ok
07:05:37.0875 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:05:37.0875 4088 atapi - ok
07:05:37.0890 4088 Atdisk - ok
07:05:37.0921 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:05:37.0921 4088 Atmarpc - ok
07:05:37.0968 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:05:37.0968 4088 audstub - ok
07:05:38.0015 4088 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
07:05:38.0031 4088 AVGIDSDriver - ok
07:05:38.0062 4088 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
07:05:38.0062 4088 AVGIDSEH - ok
07:05:38.0093 4088 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
07:05:38.0093 4088 AVGIDSFilter - ok
07:05:38.0125 4088 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
07:05:38.0125 4088 AVGIDSShim - ok
07:05:38.0156 4088 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:05:38.0156 4088 Avgldx86 - ok
07:05:38.0203 4088 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:05:38.0203 4088 Avgmfx86 - ok
07:05:38.0234 4088 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:05:38.0234 4088 Avgrkx86 - ok
07:05:38.0265 4088 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:05:38.0265 4088 Avgtdix - ok
07:05:38.0296 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:05:38.0296 4088 Beep - ok
07:05:38.0328 4088 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:05:38.0328 4088 cbidf - ok
07:05:38.0343 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:05:38.0343 4088 cbidf2k - ok
07:05:38.0406 4088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:05:38.0406 4088 CCDECODE - ok
07:05:38.0500 4088 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:05:38.0500 4088 cd20xrnt - ok
07:05:38.0531 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:05:38.0531 4088 Cdaudio - ok
07:05:38.0578 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:05:38.0578 4088 Cdfs - ok
07:05:38.0593 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:05:38.0593 4088 Cdrom - ok
07:05:38.0609 4088 Changer - ok
07:05:38.0656 4088 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:05:38.0656 4088 CmdIde - ok
07:05:38.0671 4088 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:05:38.0687 4088 Cpqarray - ok
07:05:38.0718 4088 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:05:38.0718 4088 dac2w2k - ok
07:05:38.0765 4088 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:05:38.0765 4088 dac960nt - ok
07:05:38.0812 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:05:38.0812 4088 Disk - ok
07:05:38.0875 4088 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
07:05:38.0875 4088 DLABOIOM - ok
07:05:38.0890 4088 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
07:05:38.0890 4088 DLACDBHM - ok
07:05:38.0921 4088 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
07:05:38.0921 4088 DLADResN - ok
07:05:38.0953 4088 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
07:05:38.0953 4088 DLAIFS_M - ok
07:05:38.0968 4088 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
07:05:38.0968 4088 DLAOPIOM - ok
07:05:39.0000 4088 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
07:05:39.0000 4088 DLAPoolM - ok
07:05:39.0015 4088 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
07:05:39.0031 4088 DLARTL_N - ok
07:05:39.0046 4088 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
07:05:39.0046 4088 DLAUDFAM - ok
07:05:39.0062 4088 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
07:05:39.0062 4088 DLAUDF_M - ok
07:05:39.0125 4088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:05:39.0171 4088 dmboot - ok
07:05:39.0203 4088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:05:39.0203 4088 dmio - ok
07:05:39.0234 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:05:39.0234 4088 dmload - ok
07:05:39.0265 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:05:39.0265 4088 DMusic - ok
07:05:39.0296 4088 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:05:39.0296 4088 dpti2o - ok
07:05:39.0328 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:05:39.0328 4088 drmkaud - ok
07:05:39.0375 4088 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
07:05:39.0375 4088 DRVMCDB - ok
07:05:39.0390 4088 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
07:05:39.0390 4088 DRVNDDM - ok
07:05:39.0500 4088 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
07:05:39.0500 4088 DSproct - ok
07:05:39.0546 4088 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:05:39.0546 4088 E100B - ok
07:05:39.0593 4088 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
07:05:39.0609 4088 e1express - ok
07:05:39.0656 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:05:39.0656 4088 Fastfat - ok
07:05:39.0687 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:05:39.0687 4088 Fdc - ok
07:05:39.0718 4088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:05:39.0718 4088 Fips - ok
07:05:39.0734 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:05:39.0734 4088 Flpydisk - ok
07:05:39.0781 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:05:39.0781 4088 FltMgr - ok
07:05:39.0812 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:05:39.0812 4088 Fs_Rec - ok
07:05:39.0812 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:05:39.0828 4088 Ftdisk - ok
07:05:39.0843 4088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:05:39.0843 4088 GEARAspiWDM - ok
07:05:39.0890 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:05:39.0890 4088 Gpc - ok
07:05:39.0921 4088 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
07:05:39.0921 4088 grmnusb - ok
07:05:39.0953 4088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:05:39.0953 4088 HDAudBus - ok
07:05:40.0015 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:05:40.0015 4088 HidUsb - ok
07:05:40.0031 4088 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:05:40.0046 4088 hpn - ok
07:05:40.0078 4088 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:05:40.0078 4088 HPZid412 - ok
07:05:40.0093 4088 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:05:40.0093 4088 HPZipr12 - ok
07:05:40.0109 4088 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:05:40.0109 4088 HPZius12 - ok
07:05:40.0156 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:05:40.0156 4088 HTTP - ok
07:05:40.0234 4088 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:05:40.0234 4088 i2omgmt - ok
07:05:40.0265 4088 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:05:40.0265 4088 i2omp - ok
07:05:40.0296 4088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:05:40.0296 4088 i8042prt - ok
07:05:40.0375 4088 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:05:40.0421 4088 ialm - ok
07:05:40.0468 4088 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
07:05:40.0468 4088 iaStor - ok
07:05:40.0500 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:05:40.0500 4088 Imapi - ok
07:05:40.0546 4088 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:05:40.0546 4088 ini910u - ok
07:05:40.0578 4088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:05:40.0578 4088 IntelIde - ok
07:05:40.0640 4088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:05:40.0640 4088 intelppm - ok
07:05:40.0656 4088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:05:40.0656 4088 Ip6Fw - ok
07:05:40.0687 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:05:40.0687 4088 IpFilterDriver - ok
07:05:40.0734 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:05:40.0734 4088 IpInIp - ok
07:05:40.0765 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:05:40.0765 4088 IpNat - ok
07:05:40.0812 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:05:40.0812 4088 IPSec - ok
07:05:40.0828 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:05:40.0828 4088 IRENUM - ok
07:05:40.0875 4088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:05:40.0875 4088 isapnp - ok
07:05:40.0890 4088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:05:40.0906 4088 Kbdclass - ok
07:05:40.0921 4088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:05:40.0921 4088 kbdhid - ok
07:05:40.0953 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:05:40.0953 4088 kmixer - ok
07:05:40.0984 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:05:41.0000 4088 KSecDD - ok
07:05:41.0062 4088 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
07:05:41.0062 4088 LBeepKE - ok
07:05:41.0062 4088 lbrtfdc - ok
07:05:41.0109 4088 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
07:05:41.0109 4088 LHidFilt - ok
07:05:41.0140 4088 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
07:05:41.0140 4088 LMouFilt - ok
07:05:41.0171 4088 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
07:05:41.0171 4088 LUsbFilt - ok
07:05:41.0203 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:05:41.0203 4088 mnmdd - ok
07:05:41.0250 4088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:05:41.0250 4088 Modem - ok
07:05:41.0281 4088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:05:41.0281 4088 Mouclass - ok
07:05:41.0328 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:05:41.0328 4088 mouhid - ok
07:05:41.0359 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:05:41.0375 4088 MountMgr - ok
07:05:41.0390 4088 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:05:41.0390 4088 mraid35x - ok
07:05:41.0421 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:05:41.0421 4088 MRxDAV - ok
07:05:41.0453 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:05:41.0468 4088 MRxSmb - ok
07:05:41.0500 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:05:41.0500 4088 Msfs - ok
07:05:41.0515 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:05:41.0515 4088 MSKSSRV - ok
07:05:41.0546 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:05:41.0546 4088 MSPCLOCK - ok
07:05:41.0562 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:05:41.0562 4088 MSPQM - ok
07:05:41.0593 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:05:41.0593 4088 mssmbios - ok
07:05:41.0625 4088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:05:41.0625 4088 MSTEE - ok
07:05:41.0671 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:05:41.0671 4088 Mup - ok
07:05:41.0703 4088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:05:41.0703 4088 NABTSFEC - ok
07:05:41.0750 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:05:41.0750 4088 NDIS - ok
07:05:41.0765 4088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:05:41.0781 4088 NdisIP - ok
07:05:41.0812 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:05:41.0812 4088 NdisTapi - ok
07:05:41.0859 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:05:41.0859 4088 Ndisuio - ok
07:05:41.0890 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:05:41.0890 4088 NdisWan - ok
07:05:41.0921 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:05:41.0921 4088 NDProxy - ok
07:05:41.0968 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:05:41.0968 4088 NetBIOS - ok
07:05:41.0984 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:05:42.0000 4088 NetBT - ok
07:05:42.0046 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:05:42.0046 4088 Npfs - ok
07:05:42.0093 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:05:42.0109 4088 Ntfs - ok
07:05:42.0125 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:05:42.0125 4088 Null - ok
07:05:42.0218 4088 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:05:42.0296 4088 nv - ok
07:05:42.0343 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:05:42.0343 4088 NwlnkFlt - ok
07:05:42.0359 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:05:42.0375 4088 NwlnkFwd - ok
07:05:42.0421 4088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:05:42.0421 4088 Parport - ok
07:05:42.0453 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:05:42.0453 4088 PartMgr - ok
07:05:42.0500 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:05:42.0500 4088 ParVdm - ok
07:05:42.0531 4088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:05:42.0531 4088 PCI - ok
07:05:42.0546 4088 PCIDump - ok
07:05:42.0578 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:05:42.0578 4088 PCIIde - ok
07:05:42.0625 4088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:05:42.0625 4088 Pcmcia - ok
07:05:42.0640 4088 PDCOMP - ok
07:05:42.0656 4088 PDFRAME - ok
07:05:42.0671 4088 PDRELI - ok
07:05:42.0687 4088 PDRFRAME - ok
07:05:42.0718 4088 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:05:42.0718 4088 perc2 - ok
07:05:42.0750 4088 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:05:42.0750 4088 perc2hib - ok
07:05:42.0812 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:05:42.0812 4088 PptpMiniport - ok
07:05:42.0843 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:05:42.0843 4088 PSched - ok
07:05:42.0859 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:05:42.0859 4088 Ptilink - ok
07:05:42.0906 4088 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:05:42.0906 4088 PxHelp20 - ok
07:05:42.0921 4088 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:05:42.0937 4088 ql1080 - ok
07:05:42.0968 4088 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:05:42.0968 4088 Ql10wnt - ok
07:05:43.0000 4088 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:05:43.0015 4088 ql12160 - ok
07:05:43.0015 4088 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:05:43.0015 4088 ql1240 - ok
07:05:43.0031 4088 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:05:43.0046 4088 ql1280 - ok
07:05:43.0078 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:05:43.0078 4088 RasAcd - ok
07:05:43.0109 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:05:43.0109 4088 Rasl2tp - ok
07:05:43.0140 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:05:43.0140 4088 RasPppoe - ok
07:05:43.0171 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:05:43.0171 4088 Raspti - ok
07:05:43.0203 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:05:43.0203 4088 Rdbss - ok
07:05:43.0234 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:05:43.0234 4088 RDPCDD - ok
07:05:43.0281 4088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:05:43.0281 4088 rdpdr - ok
07:05:43.0343 4088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:05:43.0343 4088 RDPWD - ok
07:05:43.0390 4088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:05:43.0390 4088 redbook - ok
07:05:43.0453 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:05:43.0453 4088 Secdrv - ok
07:05:43.0531 4088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:05:43.0531 4088 serenum - ok
07:05:43.0562 4088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:05:43.0578 4088 Serial - ok
07:05:43.0609 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:05:43.0609 4088 Sfloppy - ok
07:05:43.0640 4088 Simbad - ok
07:05:43.0687 4088 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:05:43.0687 4088 sisagp - ok
07:05:43.0750 4088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:05:43.0750 4088 SLIP - ok
07:05:43.0781 4088 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:05:43.0781 4088 Sparrow - ok
07:05:43.0796 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:05:43.0796 4088 splitter - ok
07:05:43.0828 4088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:05:43.0828 4088 sr - ok
07:05:43.0890 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:05:43.0890 4088 Srv - ok
07:05:43.0953 4088 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
07:05:44.0000 4088 STHDA - ok
07:05:44.0046 4088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:05:44.0046 4088 streamip - ok
07:05:44.0093 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:05:44.0093 4088 swenum - ok
07:05:44.0125 4088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:05:44.0125 4088 swmidi - ok
07:05:44.0156 4088 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:05:44.0156 4088 symc810 - ok
07:05:44.0171 4088 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:05:44.0171 4088 symc8xx - ok
07:05:44.0187 4088 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:05:44.0187 4088 sym_hi - ok
07:05:44.0203 4088 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:05:44.0218 4088 sym_u3 - ok
07:05:44.0250 4088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:05:44.0250 4088 sysaudio - ok
07:05:44.0296 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:05:44.0312 4088 Tcpip - ok
07:05:44.0359 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:05:44.0359 4088 TDPIPE - ok
07:05:44.0375 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:05:44.0375 4088 TDTCP - ok
07:05:44.0390 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:05:44.0390 4088 TermDD - ok
07:05:44.0421 4088 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:05:44.0437 4088 TosIde - ok
07:05:44.0468 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:05:44.0468 4088 Udfs - ok
07:05:44.0484 4088 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:05:44.0484 4088 ultra - ok
07:05:44.0546 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:05:44.0546 4088 Update - ok
07:05:44.0609 4088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:05:44.0625 4088 USBAAPL - ok
07:05:44.0656 4088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:05:44.0656 4088 usbaudio - ok
07:05:44.0687 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:05:44.0687 4088 usbccgp - ok
07:05:44.0734 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:05:44.0734 4088 usbehci - ok
07:05:44.0750 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:05:44.0750 4088 usbhub - ok
07:05:44.0781 4088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:05:44.0781 4088 usbprint - ok
07:05:44.0812 4088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:05:44.0812 4088 usbscan - ok
07:05:44.0812 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:05:44.0828 4088 USBSTOR - ok
07:05:44.0859 4088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:05:44.0859 4088 usbuhci - ok
07:05:44.0906 4088 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
07:05:44.0906 4088 USB_RNDIS_XP - ok
07:05:44.0953 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:05:44.0953 4088 VgaSave - ok
07:05:45.0015 4088 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:05:45.0015 4088 viaagp - ok
07:05:45.0046 4088 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:05:45.0046 4088 ViaIde - ok
07:05:45.0078 4088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:05:45.0078 4088 VolSnap - ok
07:05:45.0171 4088 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
07:05:45.0218 4088 VX1000 - ok
07:05:45.0265 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:05:45.0265 4088 Wanarp - ok
07:05:45.0312 4088 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:05:45.0343 4088 Wdf01000 - ok
07:05:45.0343 4088 WDICA - ok
07:05:45.0375 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:05:45.0375 4088 wdmaud - ok
07:05:45.0437 4088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:05:45.0437 4088 WpdUsb - ok
07:05:45.0468 4088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:05:45.0468 4088 WSTCODEC - ok
07:05:45.0500 4088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:05:45.0500 4088 WudfPf - ok
07:05:45.0531 4088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:05:45.0531 4088 WudfRd - ok
07:05:45.0578 4088 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
07:05:45.0625 4088 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:05:45.0625 4088 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:05:45.0671 4088 Boot (0x1200) (807fe6e9766c2484ac77edf8f054947b) \Device\Harddisk0\DR0\Partition0
07:05:45.0671 4088 \Device\Harddisk0\DR0\Partition0 - ok
07:05:45.0671 4088 ============================================================
07:05:45.0671 4088 Scan finished
07:05:45.0671 4088 ============================================================
07:05:45.0687 0172 Detected object count: 1
07:05:45.0687 0172 Actual detected object count: 1
07:05:57.0625 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:05:57.0625 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Here was the log from the 2nd scan last night:
22:21:34.0421 3656 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:21:34.0796 3656 ============================================================
22:21:34.0796 3656 Current date / time: 2012/02/21 22:21:34.0796
22:21:34.0796 3656 SystemInfo:
22:21:34.0796 3656
22:21:34.0796 3656 OS Version: 5.1.2600 ServicePack: 3.0
22:21:34.0796 3656 Product type: Workstation
22:21:34.0796 3656 ComputerName: MAIN
22:21:34.0796 3656 UserName: Aron
22:21:34.0796 3656 Windows directory: C:\WINDOWS
22:21:34.0796 3656 System windows directory: C:\WINDOWS
22:21:34.0796 3656 Processor architecture: Intel x86
22:21:34.0796 3656 Number of processors: 2
22:21:34.0796 3656 Page size: 0x1000
22:21:34.0796 3656 Boot type: Normal boot
22:21:34.0796 3656 ============================================================
22:21:36.0140 3656 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:21:36.0156 3656 \Device\Harddisk0\DR0:
22:21:36.0156 3656 MBR used
22:21:36.0156 3656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
22:21:36.0203 3656 Initialize success
22:21:36.0203 3656 ============================================================
22:21:43.0750 3500 ============================================================
22:21:43.0750 3500 Scan started
22:21:43.0750 3500 Mode: Manual; TDLFS;
22:21:43.0750 3500 ============================================================
22:21:43.0890 3500 Abiosdsk - ok
22:21:43.0921 3500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:21:43.0921 3500 abp480n5 - ok
22:21:43.0984 3500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:21:43.0984 3500 ACPI - ok
22:21:44.0015 3500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:21:44.0015 3500 ACPIEC - ok
22:21:44.0046 3500 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:21:44.0062 3500 adpu160m - ok
22:21:44.0109 3500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:21:44.0109 3500 aec - ok
22:21:44.0140 3500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:21:44.0140 3500 AFD - ok
22:21:44.0187 3500 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:21:44.0187 3500 agp440 - ok
22:21:44.0250 3500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:21:44.0250 3500 agpCPQ - ok
22:21:44.0296 3500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:21:44.0296 3500 Aha154x - ok
22:21:44.0328 3500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:21:44.0328 3500 aic78u2 - ok
22:21:44.0375 3500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:21:44.0375 3500 aic78xx - ok
22:21:44.0390 3500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:21:44.0390 3500 AliIde - ok
22:21:44.0421 3500 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:21:44.0421 3500 alim1541 - ok
22:21:44.0437 3500 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:21:44.0437 3500 amdagp - ok
22:21:44.0453 3500 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:21:44.0453 3500 amsint - ok
22:21:44.0484 3500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:21:44.0484 3500 asc - ok
22:21:44.0500 3500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:21:44.0500 3500 asc3350p - ok
22:21:44.0515 3500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:21:44.0515 3500 asc3550 - ok
22:21:44.0562 3500 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
22:21:44.0562 3500 Aspi32 - ok
22:21:44.0609 3500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:21:44.0609 3500 AsyncMac - ok
22:21:44.0656 3500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:21:44.0656 3500 atapi - ok
22:21:44.0671 3500 Atdisk - ok
22:21:44.0703 3500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:21:44.0703 3500 Atmarpc - ok
22:21:44.0734 3500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:21:44.0734 3500 audstub - ok
22:21:44.0781 3500 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:21:44.0781 3500 AVGIDSDriver - ok
22:21:44.0812 3500 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:21:44.0828 3500 AVGIDSEH - ok
22:21:44.0843 3500 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:21:44.0843 3500 AVGIDSFilter - ok
22:21:44.0875 3500 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:21:44.0890 3500 AVGIDSShim - ok
22:21:44.0921 3500 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:21:44.0921 3500 Avgldx86 - ok
22:21:44.0953 3500 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:21:44.0953 3500 Avgmfx86 - ok
22:21:44.0984 3500 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:21:45.0000 3500 Avgrkx86 - ok
22:21:45.0015 3500 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:21:45.0031 3500 Avgtdix - ok
22:21:45.0062 3500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:21:45.0078 3500 Beep - ok
22:21:45.0093 3500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:21:45.0093 3500 cbidf - ok
22:21:45.0109 3500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:21:45.0109 3500 cbidf2k - ok
22:21:45.0156 3500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:21:45.0156 3500 CCDECODE - ok
22:21:45.0203 3500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:21:45.0203 3500 cd20xrnt - ok
22:21:45.0234 3500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:21:45.0234 3500 Cdaudio - ok
22:21:45.0281 3500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:21:45.0281 3500 Cdfs - ok
22:21:45.0296 3500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:21:45.0296 3500 Cdrom - ok
22:21:45.0312 3500 Changer - ok
22:21:45.0343 3500 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:21:45.0343 3500 CmdIde - ok
22:21:45.0375 3500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:21:45.0375 3500 Cpqarray - ok
22:21:45.0406 3500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:21:45.0421 3500 dac2w2k - ok
22:21:45.0437 3500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:21:45.0437 3500 dac960nt - ok
22:21:45.0484 3500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:21:45.0484 3500 Disk - ok
22:21:45.0546 3500 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:21:45.0546 3500 DLABOIOM - ok
22:21:45.0562 3500 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:21:45.0562 3500 DLACDBHM - ok
22:21:45.0578 3500 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:21:45.0578 3500 DLADResN - ok
22:21:45.0593 3500 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:21:45.0593 3500 DLAIFS_M - ok
22:21:45.0625 3500 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:21:45.0625 3500 DLAOPIOM - ok
22:21:45.0640 3500 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:21:45.0640 3500 DLAPoolM - ok
22:21:45.0671 3500 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:21:45.0671 3500 DLARTL_N - ok
22:21:45.0687 3500 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:21:45.0687 3500 DLAUDFAM - ok
22:21:45.0718 3500 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:21:45.0718 3500 DLAUDF_M - ok
22:21:45.0765 3500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:21:45.0812 3500 dmboot - ok
22:21:45.0828 3500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:21:45.0828 3500 dmio - ok
22:21:45.0875 3500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:21:45.0875 3500 dmload - ok
22:21:45.0890 3500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:21:45.0906 3500 DMusic - ok
22:21:45.0937 3500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:21:45.0953 3500 dpti2o - ok
22:21:45.0984 3500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:21:45.0984 3500 drmkaud - ok
22:21:46.0031 3500 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:21:46.0046 3500 DRVMCDB - ok
22:21:46.0046 3500 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:21:46.0046 3500 DRVNDDM - ok
22:21:46.0140 3500 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:21:46.0156 3500 DSproct - ok
22:21:46.0218 3500 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:21:46.0234 3500 E100B - ok
22:21:46.0296 3500 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:21:46.0296 3500 e1express - ok
22:21:46.0359 3500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:21:46.0359 3500 Fastfat - ok
22:21:46.0421 3500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:21:46.0421 3500 Fdc - ok
22:21:46.0421 3500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:21:46.0421 3500 Fips - ok
22:21:46.0453 3500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:21:46.0453 3500 Flpydisk - ok
22:21:46.0484 3500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:21:46.0484 3500 FltMgr - ok
22:21:46.0546 3500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:21:46.0546 3500 Fs_Rec - ok
22:21:46.0593 3500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:21:46.0593 3500 Ftdisk - ok
22:21:46.0625 3500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:21:46.0625 3500 GEARAspiWDM - ok
22:21:46.0671 3500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:21:46.0671 3500 Gpc - ok
22:21:46.0718 3500 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
22:21:46.0718 3500 grmnusb - ok
22:21:46.0765 3500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:21:46.0765 3500 HDAudBus - ok
22:21:46.0828 3500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:21:46.0828 3500 HidUsb - ok
22:21:46.0859 3500 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:21:46.0875 3500 hpn - ok
22:21:46.0906 3500 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:21:46.0906 3500 HPZid412 - ok
22:21:46.0921 3500 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:21:46.0921 3500 HPZipr12 - ok
22:21:46.0937 3500 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:21:46.0937 3500 HPZius12 - ok
22:21:46.0984 3500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:21:46.0984 3500 HTTP - ok
22:21:47.0031 3500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:21:47.0031 3500 i2omgmt - ok
22:21:47.0062 3500 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:21:47.0062 3500 i2omp - ok
22:21:47.0093 3500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:21:47.0093 3500 i8042prt - ok
22:21:47.0156 3500 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:21:47.0187 3500 ialm - ok
22:21:47.0234 3500 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
22:21:47.0234 3500 iaStor - ok
22:21:47.0250 3500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:21:47.0265 3500 Imapi - ok
22:21:47.0296 3500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:21:47.0312 3500 ini910u - ok
22:21:47.0359 3500 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:21:47.0359 3500 IntelIde - ok
22:21:47.0390 3500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:21:47.0390 3500 intelppm - ok
22:21:47.0406 3500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:21:47.0421 3500 Ip6Fw - ok
22:21:47.0453 3500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:21:47.0453 3500 IpFilterDriver - ok
22:21:47.0500 3500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:21:47.0515 3500 IpInIp - ok
22:21:47.0531 3500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:21:47.0531 3500 IpNat - ok
22:21:47.0562 3500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:21:47.0562 3500 IPSec - ok
22:21:47.0593 3500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:21:47.0593 3500 IRENUM - ok
22:21:47.0640 3500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:21:47.0640 3500 isapnp - ok
22:21:47.0671 3500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:21:47.0671 3500 Kbdclass - ok
22:21:47.0687 3500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:21:47.0687 3500 kbdhid - ok
22:21:47.0718 3500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:21:47.0718 3500 kmixer - ok
22:21:47.0765 3500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:21:47.0765 3500 KSecDD - ok
22:21:47.0828 3500 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:21:47.0828 3500 LBeepKE - ok
22:21:47.0843 3500 lbrtfdc - ok
22:21:47.0906 3500 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:21:47.0921 3500 LHidFilt - ok
22:21:47.0937 3500 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:21:47.0937 3500 LMouFilt - ok
22:21:47.0984 3500 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:21:47.0984 3500 LUsbFilt - ok
22:21:48.0015 3500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:21:48.0015 3500 mnmdd - ok
22:21:48.0062 3500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:21:48.0062 3500 Modem - ok
22:21:48.0093 3500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:21:48.0093 3500 Mouclass - ok
22:21:48.0125 3500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:21:48.0125 3500 mouhid - ok
22:21:48.0171 3500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:21:48.0171 3500 MountMgr - ok
22:21:48.0203 3500 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:21:48.0203 3500 mraid35x - ok
22:21:48.0234 3500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:21:48.0234 3500 MRxDAV - ok
22:21:48.0281 3500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:21:48.0328 3500 MRxSmb - ok
22:21:48.0359 3500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:21:48.0375 3500 Msfs - ok
22:21:48.0390 3500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:21:48.0390 3500 MSKSSRV - ok
22:21:48.0421 3500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:21:48.0437 3500 MSPCLOCK - ok
22:21:48.0468 3500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:21:48.0468 3500 MSPQM - ok
22:21:48.0500 3500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:21:48.0515 3500 mssmbios - ok
22:21:48.0531 3500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:21:48.0531 3500 MSTEE - ok
22:21:48.0562 3500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:21:48.0562 3500 Mup - ok
22:21:48.0593 3500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:21:48.0593 3500 NABTSFEC - ok
22:21:48.0625 3500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:21:48.0640 3500 NDIS - ok
22:21:48.0656 3500 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:21:48.0656 3500 NdisIP - ok
22:21:48.0703 3500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:21:48.0703 3500 NdisTapi - ok
22:21:48.0718 3500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:21:48.0718 3500 Ndisuio - ok
22:21:48.0750 3500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:21:48.0781 3500 NdisWan - ok
22:21:48.0796 3500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:21:48.0796 3500 NDProxy - ok
22:21:48.0843 3500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:21:48.0843 3500 NetBIOS - ok
22:21:48.0875 3500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:21:48.0875 3500 NetBT - ok
22:21:48.0937 3500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:21:48.0937 3500 Npfs - ok
22:21:48.0984 3500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:21:48.0984 3500 Ntfs - ok
22:21:49.0031 3500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:21:49.0031 3500 Null - ok
22:21:49.0140 3500 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:21:49.0234 3500 nv - ok
22:21:49.0265 3500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:21:49.0265 3500 NwlnkFlt - ok
22:21:49.0296 3500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:21:49.0296 3500 NwlnkFwd - ok
22:21:49.0359 3500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:21:49.0359 3500 Parport - ok
22:21:49.0390 3500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:21:49.0390 3500 PartMgr - ok
22:21:49.0421 3500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:21:49.0421 3500 ParVdm - ok
22:21:49.0468 3500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:21:49.0468 3500 PCI - ok
22:21:49.0500 3500 PCIDump - ok
22:21:49.0515 3500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:21:49.0531 3500 PCIIde - ok
22:21:49.0562 3500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:21:49.0562 3500 Pcmcia - ok
22:21:49.0578 3500 PDCOMP - ok
22:21:49.0578 3500 PDFRAME - ok
22:21:49.0593 3500 PDRELI - ok
22:21:49.0609 3500 PDRFRAME - ok
22:21:49.0640 3500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:21:49.0640 3500 perc2 - ok
22:21:49.0671 3500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:21:49.0671 3500 perc2hib - ok
22:21:49.0734 3500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:21:49.0734 3500 PptpMiniport - ok
22:21:49.0765 3500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:21:49.0765 3500 PSched - ok
22:21:49.0812 3500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:21:49.0812 3500 Ptilink - ok
22:21:49.0843 3500 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:21:49.0843 3500 PxHelp20 - ok
22:21:49.0875 3500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:21:49.0890 3500 ql1080 - ok
22:21:49.0906 3500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:21:49.0921 3500 Ql10wnt - ok
22:21:49.0937 3500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:21:49.0937 3500 ql12160 - ok
22:21:49.0953 3500 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:21:49.0953 3500 ql1240 - ok
22:21:49.0984 3500 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:21:50.0000 3500 ql1280 - ok
22:21:50.0015 3500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:21:50.0015 3500 RasAcd - ok
22:21:50.0078 3500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:21:50.0078 3500 Rasl2tp - ok
22:21:50.0140 3500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:21:50.0140 3500 RasPppoe - ok
22:21:50.0156 3500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:21:50.0156 3500 Raspti - ok
22:21:50.0187 3500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:21:50.0187 3500 Rdbss - ok
22:21:50.0203 3500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:21:50.0203 3500 RDPCDD - ok
22:21:50.0234 3500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:21:50.0234 3500 rdpdr - ok
22:21:50.0281 3500 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:21:50.0281 3500 RDPWD - ok
22:21:50.0328 3500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:21:50.0343 3500 redbook - ok
22:21:50.0406 3500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:21:50.0406 3500 Secdrv - ok
22:21:50.0468 3500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:21:50.0468 3500 serenum - ok
22:21:50.0484 3500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:21:50.0484 3500 Serial - ok
22:21:50.0546 3500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:21:50.0546 3500 Sfloppy - ok
22:21:50.0562 3500 Simbad - ok
22:21:50.0593 3500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:21:50.0593 3500 sisagp - ok
22:21:50.0671 3500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:21:50.0671 3500 SLIP - ok
22:21:50.0718 3500 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:21:50.0718 3500 Sparrow - ok
22:21:50.0734 3500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:21:50.0734 3500 splitter - ok
22:21:50.0796 3500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:21:50.0812 3500 sr - ok
22:21:50.0859 3500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:21:50.0859 3500 Srv - ok
22:21:50.0921 3500 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
22:21:50.0968 3500 STHDA - ok
22:21:51.0015 3500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:21:51.0015 3500 streamip - ok
22:21:51.0046 3500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:21:51.0062 3500 swenum - ok
22:21:51.0078 3500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:21:51.0078 3500 swmidi - ok
22:21:51.0109 3500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:21:51.0109 3500 symc810 - ok
22:21:51.0125 3500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:21:51.0125 3500 symc8xx - ok
22:21:51.0140 3500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:21:51.0140 3500 sym_hi - ok
22:21:51.0187 3500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:21:51.0187 3500 sym_u3 - ok
22:21:51.0218 3500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:21:51.0218 3500 sysaudio - ok
22:21:51.0296 3500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:21:51.0296 3500 Tcpip - ok
22:21:51.0343 3500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:21:51.0359 3500 TDPIPE - ok
22:21:51.0421 3500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:21:51.0421 3500 TDTCP - ok
22:21:51.0421 3500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:21:51.0437 3500 TermDD - ok
22:21:51.0453 3500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:21:51.0453 3500 TosIde - ok
22:21:51.0484 3500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:21:51.0484 3500 Udfs - ok
22:21:51.0515 3500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:21:51.0515 3500 ultra - ok
22:21:51.0578 3500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:21:51.0578 3500 Update - ok
22:21:51.0640 3500 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:21:51.0640 3500 USBAAPL - ok
22:21:51.0671 3500 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:21:51.0687 3500 usbaudio - ok
22:21:51.0687 3500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:21:51.0703 3500 usbccgp - ok
22:21:51.0734 3500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:21:51.0734 3500 usbehci - ok
22:21:51.0781 3500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:21:51.0781 3500 usbhub - ok
22:21:51.0796 3500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:21:51.0796 3500 usbprint - ok
22:21:51.0828 3500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:21:51.0828 3500 usbscan - ok
22:21:51.0890 3500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:21:51.0890 3500 USBSTOR - ok
22:21:51.0937 3500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:21:51.0937 3500 usbuhci - ok
22:21:51.0968 3500 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
22:21:51.0984 3500 USB_RNDIS_XP - ok
22:21:52.0015 3500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:21:52.0015 3500 VgaSave - ok
22:21:52.0062 3500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:21:52.0062 3500 viaagp - ok
22:21:52.0109 3500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:21:52.0109 3500 ViaIde - ok
22:21:52.0156 3500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:21:52.0156 3500 VolSnap - ok
22:21:52.0281 3500 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
22:21:52.0343 3500 VX1000 - ok
22:21:52.0421 3500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:21:52.0421 3500 Wanarp - ok
22:21:52.0484 3500 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:21:52.0484 3500 Wdf01000 - ok
22:21:52.0500 3500 WDICA - ok
22:21:52.0531 3500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:21:52.0531 3500 wdmaud - ok
22:21:52.0593 3500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:21:52.0593 3500 WpdUsb - ok
22:21:52.0640 3500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:21:52.0640 3500 WSTCODEC - ok
22:21:52.0687 3500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:21:52.0687 3500 WudfPf - ok
22:21:52.0718 3500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:21:52.0718 3500 WudfRd - ok
22:21:52.0765 3500 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
22:21:52.0781 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:21:52.0781 3500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:21:52.0812 3500 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:21:52.0812 3500 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:21:52.0843 3500 Boot (0x1200) (807fe6e9766c2484ac77edf8f054947b) \Device\Harddisk0\DR0\Partition0
22:21:52.0843 3500 \Device\Harddisk0\DR0\Partition0 - ok
22:21:52.0843 3500 ============================================================
22:21:52.0843 3500 Scan finished
22:21:52.0843 3500 ============================================================
22:21:52.0859 0928 Detected object count: 2
22:21:52.0859 0928 Actual detected object count: 2
06:59:26.0343 0928 \Device\Harddisk0\DR0\# - copied to quarantine
06:59:26.0375 0928 \Device\Harddisk0\DR0 - copied to quarantine
06:59:26.0437 0928 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
06:59:26.0453 0928 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
06:59:26.0484 0928 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
06:59:26.0515 0928 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
06:59:26.0515 0928 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
06:59:26.0531 0928 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
06:59:26.0546 0928 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
06:59:26.0546 0928 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
06:59:26.0546 0928 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
06:59:26.0562 0928 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
06:59:26.0578 0928 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
06:59:26.0578 0928 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine
06:59:26.0609 0928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
06:59:26.0609 0928 \Device\Harddisk0\DR0 - ok
06:59:26.0625 0928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
06:59:26.0625 0928 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:59:26.0625 0928 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:59:36.0109 0140 Deinitialize success

Will run MBAM and ESET now.

#9 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 February 2012 - 08:18 AM

I want you to restart the PC and run TDSSkiller once again and make sure it comes out CLEAN

Run aswmbr again,post the new LOG

#10 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 22 February 2012 - 08:20 AM

eset is in the middle of the scan. 2612 infected filed so far. should I stop the scan and follow your instructions above?

#11 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 February 2012 - 08:22 AM

Run aswmbr after ESET scanner :thumbup2:

#12 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 22 February 2012 - 08:27 AM

but restart first, or is that not necessary? And will eset quarantine/delete the infected files and should i do that before moving on to aswmbr? do you want me to post the eset log?

#13 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 February 2012 - 08:34 AM

Save the ESET log on the destkop,restart the pc,run aswmbr and post the logs together in your next reply

#14 kattysam

kattysam

    Member

  • Members
  • PipPip
  • 16 posts

Posted 22 February 2012 - 10:34 AM

I had to shorten the results as the post was too long. What I deleted were files that were variations from the same folders. I did not delete what was quarantined. Please advise if I should.
ESET results:
C:\Documents and Settings\Aron\Desktop\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
C:\Documents and Settings\Aron\Local Settings\Temp\130.tmp a variant of Win32/Kryptik.AAKQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Aron\My Documents\Downloads\couponprinter(4).exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\28B4.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\28B9.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DB9.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DBE.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DC3.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DC8.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DCD.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DD2.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DD7.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DDC.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DE1.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DE6.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lena\Local Settings\Temp\2DEB.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting
C:\Documents and Settings\Lena\Local Settings\Temp\2DF0.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting
C:\Documents and Settings\Lena\Local Settings\Temp\2DF5.tmp a variant of Win32/Olmarik.ASN trojan cleaned by deleting
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.02.2012_22.21.34\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYG trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\11.tmp a variant of Win32/Kryptik.AAJL trojan cleaned by deleting - quarantined

aswmbr results:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 09:28:50
-----------------------------
09:28:50.312 OS Version: Windows 5.1.2600 Service Pack 3
09:28:50.312 Number of processors: 2 586 0xF02
09:28:50.312 ComputerName: MAIN UserName: Aron
09:28:51.656 Initialize success
09:28:57.843 AVAST engine defs: 12022101
09:29:05.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:29:05.640 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
09:29:05.687 Disk 0 MBR read successfully
09:29:05.687 Disk 0 MBR scan
09:29:05.718 Disk 0 unknown MBR code
09:29:05.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:29:05.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
09:29:05.781 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
09:29:05.781 Disk 0 scanning sectors +312496380
09:29:05.843 Disk 0 scanning C:\WINDOWS\system32\drivers
09:29:22.562 Service scanning
09:29:40.375 Modules scanning
09:29:45.734 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
09:29:46.593 Disk 0 trace - called modules:
09:29:46.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:29:46.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717e030]
09:29:46.625 3 CLASSPNP.SYS[f7530fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87161030]
09:29:47.125 AVAST engine scan C:\WINDOWS
09:30:08.562 AVAST engine scan C:\WINDOWS\system32
09:33:11.078 AVAST engine scan C:\WINDOWS\system32\drivers
09:33:29.921 AVAST engine scan C:\Documents and Settings\Aron
09:53:08.656 AVAST engine scan C:\Documents and Settings\All Users
09:59:34.375 Scan finished successfully
10:24:48.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aron\Desktop\MBR.dat"
10:24:48.703 The log file has been saved successfully to "C:\Documents and Settings\Aron\Desktop\aswMBR.txt"

Thanks!

#15 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 February 2012 - 11:21 AM

Yes,delete them

I want you to run TDSSkiller once again,

Select-DELETE for TDSSfilesystem

Post the new log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 22 February 2012 - 11:22 AM.

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·