I've tried following steps all over the internet. Not even sure if I have the virus anymore, but I do know that my computer is NOT normal. It hangs, it's so slow and weird things are still happening. Please help!
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
System Check Virus
Started by
dawnmomoffour
, Mar 19 2012 05:16 PM
39 replies to this topic
Back to top- BC Ads
- BleepingComputer.com
#2
Budapest
-
- Moderator
-
- 22,661 posts
Bleepin' Cynic
- Gender:Male
Posted 19 March 2012 - 05:30 PM
Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.
—George Bernard Shaw
—George Bernard Shaw
#3
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 19 March 2012 - 06:49 PM
Step 6: Done
Step 7: The scan does exactly what it says, window is same etc...but it never finishes! It just keeps putting blocks on the black screen and never finishes so no scan results.
Step 8: I follow until the screen that shows what to uncheck comes up. There, the results are so different. I don't hae to uncheck, most of them are greyed out. Services, registry and files, along with C: and ads are checked, the rest are greyed out. In fact, when I first start it a screen comes up (Pic attached) and if I exit it the next screen with greyed out areas comes up.
I sooo need help. Thank you!
Step 7: The scan does exactly what it says, window is same etc...but it never finishes! It just keeps putting blocks on the black screen and never finishes so no scan results.
Step 8: I follow until the screen that shows what to uncheck comes up. There, the results are so different. I don't hae to uncheck, most of them are greyed out. Services, registry and files, along with C: and ads are checked, the rest are greyed out. In fact, when I first start it a screen comes up (Pic attached) and if I exit it the next screen with greyed out areas comes up.
I sooo need help. Thank you!
Attached Files
-
gmer.jpg 97.61K
2 downloads
#4
Budapest
-
- Moderator
-
- 22,661 posts
Bleepin' Cynic
- Gender:Male
Posted 19 March 2012 - 07:07 PM
In that case skip the GMER scan and just post the DDS log.
Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.
Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.
The power of accurate observation is commonly called cynicism by those who haven't got it.
—George Bernard Shaw
—George Bernard Shaw
#5
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 19 March 2012 - 07:40 PM
The DDS scan doesn't finish. (Step 7)There are no logs to post. I get the black screen that says it should take more than 3 minutes. It shows little blocks going across like it is working. It gets more and more blocks but never finishes then freezes up my computer and I have to restart. There are no logs to post.
Edited by dawnmomoffour, 19 March 2012 - 07:40 PM.
#6
Budapest
-
- Moderator
-
- 22,661 posts
Bleepin' Cynic
- Gender:Male
Posted 19 March 2012 - 07:49 PM
Sorry I missed that part in your reply where you said that DDS scan never finishes.
In that case just sit tight. When one of our Malware Removal Team picks up your topic they will know what to do.
Thanks.
In that case just sit tight. When one of our Malware Removal Team picks up your topic they will know what to do.
Thanks.
The power of accurate observation is commonly called cynicism by those who haven't got it.
—George Bernard Shaw
—George Bernard Shaw
#7
dawnmomoffour
-
- Members
-
- 27 posts
Member
#8
Aaflac
-
- Malware Response Team
-
- 1,628 posts
Doin' Dis 'n Dat...
- Gender:Not Telling
- Location:USA
Posted 20 March 2012 - 12:25 PM
Welcome, dawnmomoffour!
System Check is a member of the FakeHDD family, and is known to bundle with the TDL rootkit.
Let's see what the following short scan shows...
Please download RogueKiller
•When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
•Click the dark-blue button to download.
•Save to the Desktop
•Close all windows and browsers
•XP: Double-click the program to run it
•Vista/Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt
Please copy/paste the RKreport.txt , and provide it in your reply.
Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.
If you cannot download, but can run programs, instead of downloading the program requested to the problem computer, download it to a clean computer.
Next, save it to a USB flash drive (or removable media), move it to the Desktop of the infected computer, and run the program as described at the beginning of these instructions.
System Check is a member of the FakeHDD family, and is known to bundle with the TDL rootkit.
Let's see what the following short scan shows...
Please download RogueKiller
•When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
•Click the dark-blue button to download.
•Save to the Desktop
•Close all windows and browsers
•XP: Double-click the program to run it
•Vista/Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt
Please copy/paste the RKreport.txt , and provide it in your reply.
Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.
If you cannot download, but can run programs, instead of downloading the program requested to the problem computer, download it to a clean computer.
Next, save it to a USB flash drive (or removable media), move it to the Desktop of the infected computer, and run the program as described at the beginning of these instructions.
Edited by Aaflac, 20 March 2012 - 12:26 PM.
To do is to be - Socrates
#9
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 21 March 2012 - 12:36 PM
Sorry it took so long, my computer is laggy, freezing and a bunch of other stuff LOL Here is what you asked for:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Scan -- Date: 03/21/2012 13:33:44
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Scan -- Date: 03/21/2012 13:33:44
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
#10
Aaflac
-
- Malware Response Team
-
- 1,628 posts
Doin' Dis 'n Dat...
- Gender:Not Telling
- Location:USA
Posted 21 March 2012 - 09:12 PM
Let's press on with RogueKiller...
•Please quit all programs
•Double-click the RogueKiller file to run the program
•Wait until the Prescan finishes
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
(The RKreport also opens using the Report button on the console.)
•Once again at the RogueKiller console, click the Hosts tab.
•Make sure the entries there are checked, if there is an option to do so.
•Then, press the [HostFix] button.
An RKreport (Mode: HostFix) is also created on the Desktop.
You should have 2 RogueKiller RKreports to post:
1. Mode: Delete
2. Mode: HostFix
The above should allow you to get past the System Check fake rogue, however, we still have another infection to deal with, so, we have some more work ahead. Just stay with it.
•Please quit all programs
•Double-click the RogueKiller file to run the program
•Wait until the Prescan finishes
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
(The RKreport also opens using the Report button on the console.)
•Once again at the RogueKiller console, click the Hosts tab.
•Make sure the entries there are checked, if there is an option to do so.
•Then, press the [HostFix] button.
An RKreport (Mode: HostFix) is also created on the Desktop.
You should have 2 RogueKiller RKreports to post:
1. Mode: Delete
2. Mode: HostFix
The above should allow you to get past the System Check fake rogue, however, we still have another infection to deal with, so, we have some more work ahead. Just stay with it.
To do is to be - Socrates
#11
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 22 March 2012 - 12:16 AM
After the prescan I did everything exactly as you said. There were no entries to delete on registry tab nor were there any entries on the hosts tabs. Therefore, no reports were made. Should I scan after the prescan and check those 2 tabs for entries?
Thanks so much for the help.
-Dawn
Thanks so much for the help.
-Dawn
#12
Aaflac
-
- Malware Response Team
-
- 1,628 posts
Doin' Dis 'n Dat...
- Gender:Not Telling
- Location:USA
Posted 22 March 2012 - 09:18 PM
Do run a Scan with RogueKiller once again, and let's see what it shows.
To do is to be - Socrates
#13
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 23 March 2012 - 03:01 AM
ok, I ran RogueKiller again. Then I hit registry key and this is what it said:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Scan -- Date: 03/23/2012 02:15:49
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Then I checked all entries, hit delete and this report was given:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Remove -- Date: 03/23/2012 02:19:50
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[3].txt >>
RKreport[2].txt ; RKreport[3].txt
Last, I hit Hosts tab and then host fix button and this report was given:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: HOSTSFix -- Date: 03/23/2012 02:20:19
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[4].txt >>
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Thanks again for all the help! Will await further instructions.
-Dawn
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Scan -- Date: 03/23/2012 02:15:49
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Then I checked all entries, hit delete and this report was given:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Remove -- Date: 03/23/2012 02:19:50
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 10 ¤¤¤
[BLACKLIST] HKLM\[...]\services : SSHNAS (%SystemRoot%\system32\svchost.exe -k netsvcs) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] efd1d876a949b5802ad6462235b24fae
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 160071660 | Size: 7 Mo
Finished : << RKreport[3].txt >>
RKreport[2].txt ; RKreport[3].txt
Last, I hit Hosts tab and then host fix button and this report was given:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: HOSTSFix -- Date: 03/23/2012 02:20:19
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1 spe.atdmt.com
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[4].txt >>
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Thanks again for all the help! Will await further instructions.
-Dawn
#14
Aaflac
-
- Malware Response Team
-
- 1,628 posts
Doin' Dis 'n Dat...
- Gender:Not Telling
- Location:USA
Posted 23 March 2012 - 04:59 PM
Please run RogueKiller once again, and do a SCAN.
This time the Hosts file may be OK.
Next, download the latest version of: TDSSKiller.exe
Save to the Desktop.
Execute the downloaded file:
XP: Double-click the file to run the program
In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK
Press the button: Start Scan
The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)
When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.
It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.
It also prompts the User to select an action to apply to Suspicious objects (Skip, by default).
Leave the setting as it is.
After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection.
Please reboot!!
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).
Logs have a name like:
C:\TDSSKiller.2.4.7_22.02.2012_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
Also need to know whether TDSSKiller needed a reboot.
This time the Hosts file may be OK.
Next, download the latest version of: TDSSKiller.exe
Save to the Desktop.
Execute the downloaded file:
XP: Double-click the file to run the program
In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK
Press the button: Start Scan
The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)
When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.
It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.
It also prompts the User to select an action to apply to Suspicious objects (Skip, by default).
Leave the setting as it is.
After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection.
Please reboot!!
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).
Logs have a name like:
C:\TDSSKiller.2.4.7_22.02.2012_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
Also need to know whether TDSSKiller needed a reboot.
To do is to be - Socrates
#15
dawnmomoffour
-
- Members
-
- 27 posts
Member
Posted 24 March 2012 - 04:15 PM
ok, I did the scan on Roguekiller again and there was nothing under registry and hosts just said local host.
After downloading and running the TDSSKiller I got this log:
17:08:17.0023 3584 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:08:17.0335 3584 ============================================================
17:08:17.0335 3584 Current date / time: 2012/03/24 17:08:17.0335
17:08:17.0335 3584 SystemInfo:
17:08:17.0335 3584
17:08:17.0335 3584 OS Version: 5.1.2600 ServicePack: 2.0
17:08:17.0335 3584 Product type: Workstation
17:08:17.0335 3584 ComputerName: DAWNS-RFU
17:08:17.0335 3584 UserName: Dawn
17:08:17.0335 3584 Windows directory: C:\WINDOWS
17:08:17.0335 3584 System windows directory: C:\WINDOWS
17:08:17.0335 3584 Processor architecture: Intel x86
17:08:17.0335 3584 Number of processors: 1
17:08:17.0335 3584 Page size: 0x1000
17:08:17.0335 3584 Boot type: Normal boot
17:08:17.0335 3584 ============================================================
17:08:19.0976 3584 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:08:19.0976 3584 \Device\Harddisk0\DR0:
17:08:19.0976 3584 MBR used
17:08:19.0976 3584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9CE28, BlocksNum 0x980B1C4
17:08:20.0038 3584 Initialize success
17:08:20.0038 3584 ============================================================
17:08:40.0820 2324 ============================================================
17:08:40.0820 2324 Scan started
17:08:40.0820 2324 Mode: Manual; TDLFS;
17:08:40.0820 2324 ============================================================
17:08:41.0288 2324 Abiosdsk - ok
17:08:41.0382 2324 abp480n5 - ok
17:08:41.0492 2324 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:08:41.0492 2324 ACPI - ok
17:08:41.0570 2324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:08:41.0570 2324 ACPIEC - ok
17:08:41.0632 2324 adpu160m - ok
17:08:41.0710 2324 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:08:41.0710 2324 aec - ok
17:08:41.0773 2324 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:08:41.0773 2324 AFD - ok
17:08:41.0835 2324 Aha154x - ok
17:08:41.0898 2324 aic78u2 - ok
17:08:41.0992 2324 aic78xx - ok
17:08:42.0242 2324 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:08:42.0304 2324 ALCXWDM - ok
17:08:42.0398 2324 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
17:08:42.0398 2324 Alerter - ok
17:08:42.0492 2324 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
17:08:42.0507 2324 ALG - ok
17:08:42.0570 2324 AliIde - ok
17:08:42.0632 2324 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:08:42.0632 2324 AmdK7 - ok
17:08:42.0695 2324 amsint - ok
17:08:42.0835 2324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:42.0835 2324 Apple Mobile Device - ok
17:08:42.0929 2324 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
17:08:42.0929 2324 AppMgmt - ok
17:08:43.0023 2324 asc - ok
17:08:43.0085 2324 asc3350p - ok
17:08:43.0148 2324 asc3550 - ok
17:08:43.0320 2324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:08:43.0320 2324 aspnet_state - ok
17:08:43.0382 2324 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:08:43.0398 2324 AsyncMac - ok
17:08:43.0476 2324 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:08:43.0492 2324 atapi - ok
17:08:43.0554 2324 Atdisk - ok
17:08:43.0632 2324 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:08:43.0648 2324 Atmarpc - ok
17:08:43.0726 2324 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
17:08:43.0726 2324 AudioSrv - ok
17:08:43.0804 2324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:08:43.0804 2324 audstub - ok
17:08:43.0945 2324 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
17:08:43.0960 2324 avg9wd - ok
17:08:44.0023 2324 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
17:08:44.0023 2324 AvgLdx86 - ok
17:08:44.0070 2324 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:08:44.0070 2324 AvgMfx86 - ok
17:08:44.0210 2324 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
17:08:44.0210 2324 AvgTdiX - ok
17:08:44.0320 2324 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
17:08:44.0351 2324 bbcap - ok
17:08:44.0413 2324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:08:44.0413 2324 Beep - ok
17:08:44.0523 2324 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
17:08:44.0554 2324 BITS - ok
17:08:44.0726 2324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:08:44.0742 2324 Bonjour Service - ok
17:08:44.0820 2324 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
17:08:44.0835 2324 Browser - ok
17:08:44.0898 2324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:08:44.0898 2324 cbidf2k - ok
17:08:44.0960 2324 cd20xrnt - ok
17:08:45.0023 2324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:08:45.0023 2324 Cdaudio - ok
17:08:45.0085 2324 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:08:45.0085 2324 Cdfs - ok
17:08:45.0148 2324 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:08:45.0148 2324 Cdrom - ok
17:08:45.0210 2324 Changer - ok
17:08:45.0351 2324 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\System32\cisvc.exe
17:08:45.0351 2324 cisvc - ok
17:08:45.0460 2324 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
17:08:45.0476 2324 ClipSrv - ok
17:08:45.0601 2324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:45.0601 2324 clr_optimization_v2.0.50727_32 - ok
17:08:45.0663 2324 CmdIde - ok
17:08:45.0820 2324 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
17:08:45.0835 2324 cmuda - ok
17:08:45.0898 2324 COMSysApp - ok
17:08:45.0976 2324 Cpqarray - ok
17:08:46.0101 2324 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
17:08:46.0101 2324 CryptSvc - ok
17:08:46.0163 2324 dac2w2k - ok
17:08:46.0257 2324 dac960nt - ok
17:08:46.0351 2324 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:08:46.0367 2324 DcomLaunch - ok
17:08:46.0460 2324 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:08:46.0460 2324 dg_ssudbus - ok
17:08:46.0554 2324 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
17:08:46.0570 2324 Dhcp - ok
17:08:46.0632 2324 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:08:46.0632 2324 Disk - ok
17:08:46.0663 2324 dmadmin - ok
17:08:46.0788 2324 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:08:46.0804 2324 dmboot - ok
17:08:46.0867 2324 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:08:46.0867 2324 dmio - ok
17:08:46.0960 2324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:08:46.0960 2324 dmload - ok
17:08:47.0054 2324 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
17:08:47.0054 2324 dmserver - ok
17:08:47.0132 2324 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:08:47.0132 2324 DMusic - ok
17:08:47.0210 2324 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
17:08:47.0210 2324 Dnscache - ok
17:08:47.0273 2324 dpti2o - ok
17:08:47.0367 2324 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:47.0367 2324 drmkaud - ok
17:08:47.0445 2324 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
17:08:47.0445 2324 ERSvc - ok
17:08:47.0538 2324 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:08:47.0538 2324 Eventlog - ok
17:08:47.0632 2324 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
17:08:47.0663 2324 EventSystem - ok
17:08:47.0742 2324 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:47.0757 2324 Fastfat - ok
17:08:47.0804 2324 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:08:47.0835 2324 FastUserSwitchingCompatibility - ok
17:08:47.0945 2324 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:47.0945 2324 Fdc - ok
17:08:48.0007 2324 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:08:48.0007 2324 FETNDIS - ok
17:08:48.0070 2324 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:08:48.0070 2324 Fips - ok
17:08:48.0163 2324 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:48.0163 2324 Flpydisk - ok
17:08:48.0242 2324 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
17:08:48.0242 2324 FltMgr - ok
17:08:48.0382 2324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:48.0382 2324 FontCache3.0.0.0 - ok
17:08:48.0492 2324 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:08:48.0492 2324 fssfltr - ok
17:08:48.0679 2324 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:08:48.0742 2324 fsssvc - ok
17:08:48.0804 2324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:48.0804 2324 Fs_Rec - ok
17:08:48.0898 2324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:48.0898 2324 Ftdisk - ok
17:08:48.0929 2324 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:08:48.0929 2324 gameenum - ok
17:08:49.0007 2324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:08:49.0007 2324 GEARAspiWDM - ok
17:08:49.0101 2324 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:49.0101 2324 Gpc - ok
17:08:49.0288 2324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:49.0288 2324 gupdate - ok
17:08:49.0351 2324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:49.0351 2324 gupdatem - ok
17:08:49.0413 2324 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:08:49.0413 2324 helpsvc - ok
17:08:49.0476 2324 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
17:08:49.0492 2324 HidServ - ok
17:08:49.0570 2324 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:49.0570 2324 HidUsb - ok
17:08:49.0648 2324 hpn - ok
17:08:49.0710 2324 hpt3xx - ok
17:08:49.0804 2324 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:49.0820 2324 HTTP - ok
17:08:49.0929 2324 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
17:08:49.0945 2324 HTTPFilter - ok
17:08:50.0007 2324 i2omgmt - ok
17:08:50.0070 2324 i2omp - ok
17:08:50.0163 2324 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:50.0163 2324 i8042prt - ok
17:08:50.0367 2324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:50.0429 2324 idsvc - ok
17:08:50.0507 2324 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:50.0507 2324 Imapi - ok
17:08:50.0585 2324 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
17:08:50.0601 2324 ImapiService - ok
17:08:50.0679 2324 ini910u - ok
17:08:50.0757 2324 IntelIde - ok
17:08:50.0835 2324 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
17:08:50.0851 2324 ip6fw - ok
17:08:50.0929 2324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:50.0929 2324 IpFilterDriver - ok
17:08:51.0070 2324 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:51.0070 2324 IpInIp - ok
17:08:51.0132 2324 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:51.0132 2324 IpNat - ok
17:08:51.0257 2324 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
17:08:51.0304 2324 iPod Service - ok
17:08:51.0382 2324 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:51.0382 2324 IPSec - ok
17:08:51.0460 2324 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:51.0476 2324 IRENUM - ok
17:08:51.0601 2324 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:51.0601 2324 isapnp - ok
17:08:51.0710 2324 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
17:08:51.0710 2324 JavaQuickStarterService - ok
17:08:51.0788 2324 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:51.0788 2324 Kbdclass - ok
17:08:51.0867 2324 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:08:51.0867 2324 kmixer - ok
17:08:51.0929 2324 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:51.0929 2324 KSecDD - ok
17:08:52.0038 2324 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
17:08:52.0054 2324 lanmanserver - ok
17:08:52.0163 2324 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
17:08:52.0179 2324 lanmanworkstation - ok
17:08:52.0242 2324 lbrtfdc - ok
17:08:52.0382 2324 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
17:08:52.0382 2324 LmHosts - ok
17:08:52.0476 2324 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
17:08:52.0492 2324 Messenger - ok
17:08:52.0554 2324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:52.0554 2324 mnmdd - ok
17:08:52.0632 2324 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
17:08:52.0632 2324 mnmsrvc - ok
17:08:52.0742 2324 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:08:52.0742 2324 Modem - ok
17:08:52.0835 2324 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:52.0835 2324 Mouclass - ok
17:08:52.0898 2324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:52.0898 2324 mouhid - ok
17:08:52.0992 2324 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:53.0007 2324 MountMgr - ok
17:08:53.0054 2324 mraid35x - ok
17:08:53.0132 2324 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:53.0132 2324 MRxDAV - ok
17:08:53.0273 2324 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:53.0273 2324 MRxSmb - ok
17:08:53.0351 2324 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
17:08:53.0351 2324 MSDTC - ok
17:08:53.0460 2324 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:08:53.0460 2324 Msfs - ok
17:08:53.0523 2324 MSIServer - ok
17:08:53.0601 2324 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:53.0601 2324 MSKSSRV - ok
17:08:53.0695 2324 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:53.0695 2324 MSPCLOCK - ok
17:08:53.0757 2324 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:53.0757 2324 MSPQM - ok
17:08:53.0835 2324 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:53.0835 2324 mssmbios - ok
17:08:53.0898 2324 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:08:53.0898 2324 Mup - ok
17:08:53.0976 2324 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:08:53.0976 2324 NDIS - ok
17:08:54.0038 2324 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:54.0038 2324 NdisTapi - ok
17:08:54.0117 2324 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:54.0117 2324 Ndisuio - ok
17:08:54.0179 2324 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:54.0179 2324 NdisWan - ok
17:08:54.0257 2324 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:54.0257 2324 NDProxy - ok
17:08:54.0304 2324 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:54.0304 2324 NetBIOS - ok
17:08:54.0413 2324 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:54.0413 2324 NetBT - ok
17:08:54.0492 2324 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:08:54.0492 2324 NetDDE - ok
17:08:54.0538 2324 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:08:54.0538 2324 NetDDEdsdm - ok
17:08:54.0617 2324 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:54.0617 2324 Netlogon - ok
17:08:54.0710 2324 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
17:08:54.0710 2324 Netman - ok
17:08:54.0867 2324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:54.0867 2324 NetTcpPortSharing - ok
17:08:54.0929 2324 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
17:08:54.0945 2324 Nla - ok
17:08:55.0038 2324 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:08:55.0038 2324 Npfs - ok
17:08:55.0101 2324 npggsvc - ok
17:08:55.0179 2324 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
17:08:55.0195 2324 NPPTNT2 - ok
17:08:55.0288 2324 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:55.0288 2324 Ntfs - ok
17:08:55.0367 2324 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:55.0382 2324 NtLmSsp - ok
17:08:55.0507 2324 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
17:08:55.0523 2324 NtmsSvc - ok
17:08:55.0585 2324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:08:55.0585 2324 Null - ok
17:08:55.0835 2324 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:08:55.0882 2324 nv - ok
17:08:55.0992 2324 NVSvc (60d62603950220b51df57e461a601659) C:\WINDOWS\system32\nvsvc32.exe
17:08:55.0992 2324 NVSvc - ok
17:08:56.0085 2324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:56.0085 2324 NwlnkFlt - ok
17:08:56.0148 2324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:56.0148 2324 NwlnkFwd - ok
17:08:56.0226 2324 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:56.0226 2324 Parport - ok
17:08:56.0335 2324 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:56.0335 2324 PartMgr - ok
17:08:56.0398 2324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:56.0398 2324 ParVdm - ok
17:08:56.0445 2324 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:56.0445 2324 PCI - ok
17:08:56.0492 2324 PCIDump - ok
17:08:56.0570 2324 PCIIde - ok
17:08:56.0648 2324 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:56.0648 2324 Pcmcia - ok
17:08:56.0710 2324 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:08:56.0710 2324 pcouffin - ok
17:08:56.0788 2324 PDCOMP - ok
17:08:56.0882 2324 PDFRAME - ok
17:08:56.0945 2324 PDRELI - ok
17:08:57.0007 2324 PDRFRAME - ok
17:08:57.0101 2324 perc2 - ok
17:08:57.0163 2324 perc2hib - ok
17:08:57.0367 2324 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:08:57.0367 2324 PlugPlay - ok
17:08:57.0460 2324 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:57.0460 2324 PolicyAgent - ok
17:08:57.0554 2324 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:57.0554 2324 PptpMiniport - ok
17:08:57.0632 2324 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
17:08:57.0632 2324 Processor - ok
17:08:57.0695 2324 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:08:57.0695 2324 ProtectedStorage - ok
17:08:57.0788 2324 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:57.0788 2324 PSched - ok
17:08:57.0835 2324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:57.0835 2324 Ptilink - ok
17:08:57.0882 2324 ql1080 - ok
17:08:57.0960 2324 Ql10wnt - ok
17:08:58.0054 2324 ql12160 - ok
17:08:58.0148 2324 ql1240 - ok
17:08:58.0210 2324 ql1280 - ok
17:08:58.0304 2324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:58.0304 2324 RasAcd - ok
17:08:58.0382 2324 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
17:08:58.0398 2324 RasAuto - ok
17:08:58.0460 2324 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:58.0460 2324 Rasl2tp - ok
17:08:58.0570 2324 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
17:08:58.0585 2324 RasMan - ok
17:08:58.0648 2324 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:58.0648 2324 RasPppoe - ok
17:08:58.0757 2324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:58.0757 2324 Raspti - ok
17:08:58.0882 2324 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:58.0882 2324 Rdbss - ok
17:08:58.0960 2324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:58.0960 2324 RDPCDD - ok
17:08:59.0132 2324 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:08:59.0132 2324 rdpdr - ok
17:08:59.0257 2324 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:59.0257 2324 RDPWD - ok
17:08:59.0304 2324 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
17:08:59.0320 2324 RDSessMgr - ok
17:08:59.0382 2324 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:59.0382 2324 redbook - ok
17:08:59.0476 2324 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
17:08:59.0492 2324 RemoteAccess - ok
17:08:59.0554 2324 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
17:08:59.0570 2324 RemoteRegistry - ok
17:08:59.0710 2324 RoxioNow Service (f7e69a05751b24360bf2a17e9ef001b1) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
17:08:59.0726 2324 RoxioNow Service - ok
17:08:59.0804 2324 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
17:08:59.0804 2324 RpcLocator - ok
17:08:59.0929 2324 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:08:59.0929 2324 RpcSs - ok
17:09:00.0007 2324 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:09:00.0023 2324 RSVP - ok
17:09:00.0101 2324 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:09:00.0101 2324 SamSs - ok
17:09:00.0195 2324 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
17:09:00.0210 2324 SCardSvr - ok
17:09:00.0288 2324 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
17:09:00.0304 2324 Schedule - ok
17:09:00.0429 2324 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:09:00.0460 2324 SeaPort - ok
17:09:00.0554 2324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:00.0554 2324 Secdrv - ok
17:09:00.0648 2324 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
17:09:00.0648 2324 seclogon - ok
17:09:00.0757 2324 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
17:09:00.0757 2324 SENS - ok
17:09:00.0835 2324 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:09:00.0835 2324 serenum - ok
17:09:00.0898 2324 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:09:00.0898 2324 Serial - ok
17:09:00.0992 2324 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:09:01.0007 2324 Sfloppy - ok
17:09:01.0085 2324 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
17:09:01.0117 2324 SharedAccess - ok
17:09:01.0257 2324 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:09:01.0257 2324 ShellHWDetection - ok
17:09:01.0304 2324 Simbad - ok
17:09:01.0382 2324 Sparrow - ok
17:09:01.0460 2324 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:09:01.0460 2324 splitter - ok
17:09:01.0523 2324 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
17:09:01.0554 2324 Spooler - ok
17:09:01.0617 2324 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:01.0617 2324 sr - ok
17:09:01.0742 2324 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
17:09:01.0773 2324 srservice - ok
17:09:01.0882 2324 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:01.0882 2324 Srv - ok
17:09:01.0992 2324 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
17:09:01.0992 2324 SSDPSRV - ok
17:09:02.0132 2324 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
17:09:02.0195 2324 stisvc - ok
17:09:02.0351 2324 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:02.0382 2324 swenum - ok
17:09:02.0492 2324 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:09:02.0492 2324 swmidi - ok
17:09:02.0585 2324 SwPrv - ok
17:09:02.0726 2324 symc810 - ok
17:09:02.0804 2324 symc8xx - ok
17:09:02.0913 2324 sym_hi - ok
17:09:03.0038 2324 sym_u3 - ok
17:09:03.0163 2324 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:03.0179 2324 sysaudio - ok
17:09:03.0351 2324 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
17:09:03.0351 2324 SysmonLog - ok
17:09:03.0492 2324 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
17:09:03.0523 2324 TapiSrv - ok
17:09:03.0788 2324 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:03.0804 2324 Tcpip - ok
17:09:03.0898 2324 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:03.0898 2324 TDPIPE - ok
17:09:03.0945 2324 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:03.0945 2324 TDTCP - ok
17:09:04.0070 2324 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:04.0070 2324 TermDD - ok
17:09:04.0320 2324 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
17:09:04.0351 2324 TermService - ok
17:09:04.0476 2324 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:09:04.0476 2324 Themes - ok
17:09:04.0585 2324 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
17:09:04.0601 2324 TlntSvr - ok
17:09:04.0679 2324 TosIde - ok
17:09:04.0742 2324 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
17:09:04.0757 2324 TrkWks - ok
17:09:04.0867 2324 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:09:04.0867 2324 uagp35 - ok
17:09:04.0913 2324 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:09:04.0913 2324 Udfs - ok
17:09:05.0007 2324 ultra - ok
17:09:05.0070 2324 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:09:05.0085 2324 Update - ok
17:09:05.0210 2324 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
17:09:05.0210 2324 upnphost - ok
17:09:05.0288 2324 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
17:09:05.0288 2324 UPS - ok
17:09:05.0398 2324 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:09:05.0398 2324 USBAAPL - ok
17:09:05.0492 2324 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:05.0492 2324 usbccgp - ok
17:09:05.0570 2324 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:05.0570 2324 usbehci - ok
17:09:05.0632 2324 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:05.0632 2324 usbhub - ok
17:09:05.0710 2324 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:09:05.0710 2324 usbscan - ok
17:09:05.0773 2324 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:05.0773 2324 USBSTOR - ok
17:09:05.0835 2324 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:05.0835 2324 usbuhci - ok
17:09:05.0929 2324 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:09:05.0929 2324 VgaSave - ok
17:09:05.0992 2324 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:09:05.0992 2324 ViaIde - ok
17:09:06.0038 2324 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:06.0054 2324 VolSnap - ok
17:09:06.0132 2324 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
17:09:06.0148 2324 VSS - ok
17:09:06.0226 2324 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
17:09:06.0242 2324 W32Time - ok
17:09:06.0367 2324 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:06.0367 2324 Wanarp - ok
17:09:06.0429 2324 WDICA - ok
17:09:06.0507 2324 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:06.0507 2324 wdmaud - ok
17:09:06.0601 2324 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
17:09:06.0601 2324 WebClient - ok
17:09:06.0742 2324 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:09:06.0757 2324 winmgmt - ok
17:09:06.0882 2324 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:09:06.0882 2324 WmdmPmSN - ok
17:09:07.0007 2324 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
17:09:07.0038 2324 Wmi - ok
17:09:07.0179 2324 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:09:07.0179 2324 WmiApSrv - ok
17:09:07.0304 2324 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:09:07.0351 2324 WMPNetworkSvc - ok
17:09:07.0460 2324 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:09:07.0460 2324 WpdUsb - ok
17:09:07.0554 2324 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
17:09:07.0554 2324 wscsvc - ok
17:09:07.0601 2324 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
17:09:07.0601 2324 wuauserv - ok
17:09:07.0726 2324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:09:07.0726 2324 WudfPf - ok
17:09:07.0804 2324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:09:07.0804 2324 WudfRd - ok
17:09:07.0898 2324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:09:07.0898 2324 WudfSvc - ok
17:09:08.0007 2324 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
17:09:08.0023 2324 WZCSVC - ok
17:09:08.0101 2324 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
17:09:08.0101 2324 xmlprov - ok
17:09:08.0210 2324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:09:08.0242 2324 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:09:08.0242 2324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:09:08.0242 2324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:09:08.0242 2324 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:09:08.0288 2324 Boot (0x1200) (2cfb822adc883ab1332f27e73d1f437f) \Device\Harddisk0\DR0\Partition0
17:09:08.0288 2324 \Device\Harddisk0\DR0\Partition0 - ok
17:09:08.0288 2324 ============================================================
17:09:08.0288 2324 Scan finished
17:09:08.0288 2324 ============================================================
17:09:08.0413 2256 Detected object count: 2
17:09:08.0413 2256 Actual detected object count: 2
17:09:34.0617 2256 \Device\Harddisk0\DR0\# - copied to quarantine
17:09:34.0617 2256 \Device\Harddisk0\DR0 - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:09:34.0757 2256 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:09:34.0773 2256 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:09:34.0773 2256 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:09:34.0788 2256 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:09:34.0788 2256 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
17:09:34.0820 2256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:09:34.0820 2256 \Device\Harddisk0\DR0 - ok
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:09:46.0257 2852 Deinitialize success
It did say to reboot so I did.
After downloading and running the TDSSKiller I got this log:
17:08:17.0023 3584 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:08:17.0335 3584 ============================================================
17:08:17.0335 3584 Current date / time: 2012/03/24 17:08:17.0335
17:08:17.0335 3584 SystemInfo:
17:08:17.0335 3584
17:08:17.0335 3584 OS Version: 5.1.2600 ServicePack: 2.0
17:08:17.0335 3584 Product type: Workstation
17:08:17.0335 3584 ComputerName: DAWNS-RFU
17:08:17.0335 3584 UserName: Dawn
17:08:17.0335 3584 Windows directory: C:\WINDOWS
17:08:17.0335 3584 System windows directory: C:\WINDOWS
17:08:17.0335 3584 Processor architecture: Intel x86
17:08:17.0335 3584 Number of processors: 1
17:08:17.0335 3584 Page size: 0x1000
17:08:17.0335 3584 Boot type: Normal boot
17:08:17.0335 3584 ============================================================
17:08:19.0976 3584 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:08:19.0976 3584 \Device\Harddisk0\DR0:
17:08:19.0976 3584 MBR used
17:08:19.0976 3584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9CE28, BlocksNum 0x980B1C4
17:08:20.0038 3584 Initialize success
17:08:20.0038 3584 ============================================================
17:08:40.0820 2324 ============================================================
17:08:40.0820 2324 Scan started
17:08:40.0820 2324 Mode: Manual; TDLFS;
17:08:40.0820 2324 ============================================================
17:08:41.0288 2324 Abiosdsk - ok
17:08:41.0382 2324 abp480n5 - ok
17:08:41.0492 2324 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:08:41.0492 2324 ACPI - ok
17:08:41.0570 2324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:08:41.0570 2324 ACPIEC - ok
17:08:41.0632 2324 adpu160m - ok
17:08:41.0710 2324 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:08:41.0710 2324 aec - ok
17:08:41.0773 2324 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:08:41.0773 2324 AFD - ok
17:08:41.0835 2324 Aha154x - ok
17:08:41.0898 2324 aic78u2 - ok
17:08:41.0992 2324 aic78xx - ok
17:08:42.0242 2324 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:08:42.0304 2324 ALCXWDM - ok
17:08:42.0398 2324 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
17:08:42.0398 2324 Alerter - ok
17:08:42.0492 2324 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
17:08:42.0507 2324 ALG - ok
17:08:42.0570 2324 AliIde - ok
17:08:42.0632 2324 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:08:42.0632 2324 AmdK7 - ok
17:08:42.0695 2324 amsint - ok
17:08:42.0835 2324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:42.0835 2324 Apple Mobile Device - ok
17:08:42.0929 2324 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
17:08:42.0929 2324 AppMgmt - ok
17:08:43.0023 2324 asc - ok
17:08:43.0085 2324 asc3350p - ok
17:08:43.0148 2324 asc3550 - ok
17:08:43.0320 2324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:08:43.0320 2324 aspnet_state - ok
17:08:43.0382 2324 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:08:43.0398 2324 AsyncMac - ok
17:08:43.0476 2324 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:08:43.0492 2324 atapi - ok
17:08:43.0554 2324 Atdisk - ok
17:08:43.0632 2324 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:08:43.0648 2324 Atmarpc - ok
17:08:43.0726 2324 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
17:08:43.0726 2324 AudioSrv - ok
17:08:43.0804 2324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:08:43.0804 2324 audstub - ok
17:08:43.0945 2324 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
17:08:43.0960 2324 avg9wd - ok
17:08:44.0023 2324 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
17:08:44.0023 2324 AvgLdx86 - ok
17:08:44.0070 2324 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:08:44.0070 2324 AvgMfx86 - ok
17:08:44.0210 2324 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
17:08:44.0210 2324 AvgTdiX - ok
17:08:44.0320 2324 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
17:08:44.0351 2324 bbcap - ok
17:08:44.0413 2324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:08:44.0413 2324 Beep - ok
17:08:44.0523 2324 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
17:08:44.0554 2324 BITS - ok
17:08:44.0726 2324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:08:44.0742 2324 Bonjour Service - ok
17:08:44.0820 2324 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
17:08:44.0835 2324 Browser - ok
17:08:44.0898 2324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:08:44.0898 2324 cbidf2k - ok
17:08:44.0960 2324 cd20xrnt - ok
17:08:45.0023 2324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:08:45.0023 2324 Cdaudio - ok
17:08:45.0085 2324 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:08:45.0085 2324 Cdfs - ok
17:08:45.0148 2324 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:08:45.0148 2324 Cdrom - ok
17:08:45.0210 2324 Changer - ok
17:08:45.0351 2324 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\System32\cisvc.exe
17:08:45.0351 2324 cisvc - ok
17:08:45.0460 2324 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
17:08:45.0476 2324 ClipSrv - ok
17:08:45.0601 2324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:45.0601 2324 clr_optimization_v2.0.50727_32 - ok
17:08:45.0663 2324 CmdIde - ok
17:08:45.0820 2324 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
17:08:45.0835 2324 cmuda - ok
17:08:45.0898 2324 COMSysApp - ok
17:08:45.0976 2324 Cpqarray - ok
17:08:46.0101 2324 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
17:08:46.0101 2324 CryptSvc - ok
17:08:46.0163 2324 dac2w2k - ok
17:08:46.0257 2324 dac960nt - ok
17:08:46.0351 2324 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:08:46.0367 2324 DcomLaunch - ok
17:08:46.0460 2324 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:08:46.0460 2324 dg_ssudbus - ok
17:08:46.0554 2324 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
17:08:46.0570 2324 Dhcp - ok
17:08:46.0632 2324 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:08:46.0632 2324 Disk - ok
17:08:46.0663 2324 dmadmin - ok
17:08:46.0788 2324 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:08:46.0804 2324 dmboot - ok
17:08:46.0867 2324 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:08:46.0867 2324 dmio - ok
17:08:46.0960 2324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:08:46.0960 2324 dmload - ok
17:08:47.0054 2324 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
17:08:47.0054 2324 dmserver - ok
17:08:47.0132 2324 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:08:47.0132 2324 DMusic - ok
17:08:47.0210 2324 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
17:08:47.0210 2324 Dnscache - ok
17:08:47.0273 2324 dpti2o - ok
17:08:47.0367 2324 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:47.0367 2324 drmkaud - ok
17:08:47.0445 2324 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
17:08:47.0445 2324 ERSvc - ok
17:08:47.0538 2324 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:08:47.0538 2324 Eventlog - ok
17:08:47.0632 2324 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
17:08:47.0663 2324 EventSystem - ok
17:08:47.0742 2324 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:47.0757 2324 Fastfat - ok
17:08:47.0804 2324 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:08:47.0835 2324 FastUserSwitchingCompatibility - ok
17:08:47.0945 2324 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:47.0945 2324 Fdc - ok
17:08:48.0007 2324 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:08:48.0007 2324 FETNDIS - ok
17:08:48.0070 2324 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:08:48.0070 2324 Fips - ok
17:08:48.0163 2324 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:48.0163 2324 Flpydisk - ok
17:08:48.0242 2324 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
17:08:48.0242 2324 FltMgr - ok
17:08:48.0382 2324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:48.0382 2324 FontCache3.0.0.0 - ok
17:08:48.0492 2324 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:08:48.0492 2324 fssfltr - ok
17:08:48.0679 2324 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:08:48.0742 2324 fsssvc - ok
17:08:48.0804 2324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:48.0804 2324 Fs_Rec - ok
17:08:48.0898 2324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:48.0898 2324 Ftdisk - ok
17:08:48.0929 2324 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:08:48.0929 2324 gameenum - ok
17:08:49.0007 2324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:08:49.0007 2324 GEARAspiWDM - ok
17:08:49.0101 2324 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:49.0101 2324 Gpc - ok
17:08:49.0288 2324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:49.0288 2324 gupdate - ok
17:08:49.0351 2324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:49.0351 2324 gupdatem - ok
17:08:49.0413 2324 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:08:49.0413 2324 helpsvc - ok
17:08:49.0476 2324 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
17:08:49.0492 2324 HidServ - ok
17:08:49.0570 2324 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:49.0570 2324 HidUsb - ok
17:08:49.0648 2324 hpn - ok
17:08:49.0710 2324 hpt3xx - ok
17:08:49.0804 2324 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:49.0820 2324 HTTP - ok
17:08:49.0929 2324 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
17:08:49.0945 2324 HTTPFilter - ok
17:08:50.0007 2324 i2omgmt - ok
17:08:50.0070 2324 i2omp - ok
17:08:50.0163 2324 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:50.0163 2324 i8042prt - ok
17:08:50.0367 2324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:50.0429 2324 idsvc - ok
17:08:50.0507 2324 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:50.0507 2324 Imapi - ok
17:08:50.0585 2324 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
17:08:50.0601 2324 ImapiService - ok
17:08:50.0679 2324 ini910u - ok
17:08:50.0757 2324 IntelIde - ok
17:08:50.0835 2324 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
17:08:50.0851 2324 ip6fw - ok
17:08:50.0929 2324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:50.0929 2324 IpFilterDriver - ok
17:08:51.0070 2324 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:51.0070 2324 IpInIp - ok
17:08:51.0132 2324 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:51.0132 2324 IpNat - ok
17:08:51.0257 2324 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
17:08:51.0304 2324 iPod Service - ok
17:08:51.0382 2324 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:51.0382 2324 IPSec - ok
17:08:51.0460 2324 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:51.0476 2324 IRENUM - ok
17:08:51.0601 2324 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:51.0601 2324 isapnp - ok
17:08:51.0710 2324 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
17:08:51.0710 2324 JavaQuickStarterService - ok
17:08:51.0788 2324 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:51.0788 2324 Kbdclass - ok
17:08:51.0867 2324 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:08:51.0867 2324 kmixer - ok
17:08:51.0929 2324 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:51.0929 2324 KSecDD - ok
17:08:52.0038 2324 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
17:08:52.0054 2324 lanmanserver - ok
17:08:52.0163 2324 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
17:08:52.0179 2324 lanmanworkstation - ok
17:08:52.0242 2324 lbrtfdc - ok
17:08:52.0382 2324 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
17:08:52.0382 2324 LmHosts - ok
17:08:52.0476 2324 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
17:08:52.0492 2324 Messenger - ok
17:08:52.0554 2324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:52.0554 2324 mnmdd - ok
17:08:52.0632 2324 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
17:08:52.0632 2324 mnmsrvc - ok
17:08:52.0742 2324 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:08:52.0742 2324 Modem - ok
17:08:52.0835 2324 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:52.0835 2324 Mouclass - ok
17:08:52.0898 2324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:52.0898 2324 mouhid - ok
17:08:52.0992 2324 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:53.0007 2324 MountMgr - ok
17:08:53.0054 2324 mraid35x - ok
17:08:53.0132 2324 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:53.0132 2324 MRxDAV - ok
17:08:53.0273 2324 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:53.0273 2324 MRxSmb - ok
17:08:53.0351 2324 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
17:08:53.0351 2324 MSDTC - ok
17:08:53.0460 2324 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:08:53.0460 2324 Msfs - ok
17:08:53.0523 2324 MSIServer - ok
17:08:53.0601 2324 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:53.0601 2324 MSKSSRV - ok
17:08:53.0695 2324 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:53.0695 2324 MSPCLOCK - ok
17:08:53.0757 2324 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:53.0757 2324 MSPQM - ok
17:08:53.0835 2324 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:53.0835 2324 mssmbios - ok
17:08:53.0898 2324 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:08:53.0898 2324 Mup - ok
17:08:53.0976 2324 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:08:53.0976 2324 NDIS - ok
17:08:54.0038 2324 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:54.0038 2324 NdisTapi - ok
17:08:54.0117 2324 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:54.0117 2324 Ndisuio - ok
17:08:54.0179 2324 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:54.0179 2324 NdisWan - ok
17:08:54.0257 2324 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:54.0257 2324 NDProxy - ok
17:08:54.0304 2324 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:54.0304 2324 NetBIOS - ok
17:08:54.0413 2324 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:54.0413 2324 NetBT - ok
17:08:54.0492 2324 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:08:54.0492 2324 NetDDE - ok
17:08:54.0538 2324 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:08:54.0538 2324 NetDDEdsdm - ok
17:08:54.0617 2324 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:54.0617 2324 Netlogon - ok
17:08:54.0710 2324 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
17:08:54.0710 2324 Netman - ok
17:08:54.0867 2324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:54.0867 2324 NetTcpPortSharing - ok
17:08:54.0929 2324 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
17:08:54.0945 2324 Nla - ok
17:08:55.0038 2324 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:08:55.0038 2324 Npfs - ok
17:08:55.0101 2324 npggsvc - ok
17:08:55.0179 2324 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
17:08:55.0195 2324 NPPTNT2 - ok
17:08:55.0288 2324 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:55.0288 2324 Ntfs - ok
17:08:55.0367 2324 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:55.0382 2324 NtLmSsp - ok
17:08:55.0507 2324 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
17:08:55.0523 2324 NtmsSvc - ok
17:08:55.0585 2324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:08:55.0585 2324 Null - ok
17:08:55.0835 2324 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:08:55.0882 2324 nv - ok
17:08:55.0992 2324 NVSvc (60d62603950220b51df57e461a601659) C:\WINDOWS\system32\nvsvc32.exe
17:08:55.0992 2324 NVSvc - ok
17:08:56.0085 2324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:56.0085 2324 NwlnkFlt - ok
17:08:56.0148 2324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:56.0148 2324 NwlnkFwd - ok
17:08:56.0226 2324 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:56.0226 2324 Parport - ok
17:08:56.0335 2324 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:56.0335 2324 PartMgr - ok
17:08:56.0398 2324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:56.0398 2324 ParVdm - ok
17:08:56.0445 2324 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:56.0445 2324 PCI - ok
17:08:56.0492 2324 PCIDump - ok
17:08:56.0570 2324 PCIIde - ok
17:08:56.0648 2324 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:56.0648 2324 Pcmcia - ok
17:08:56.0710 2324 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:08:56.0710 2324 pcouffin - ok
17:08:56.0788 2324 PDCOMP - ok
17:08:56.0882 2324 PDFRAME - ok
17:08:56.0945 2324 PDRELI - ok
17:08:57.0007 2324 PDRFRAME - ok
17:08:57.0101 2324 perc2 - ok
17:08:57.0163 2324 perc2hib - ok
17:08:57.0367 2324 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:08:57.0367 2324 PlugPlay - ok
17:08:57.0460 2324 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
17:08:57.0460 2324 PolicyAgent - ok
17:08:57.0554 2324 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:57.0554 2324 PptpMiniport - ok
17:08:57.0632 2324 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
17:08:57.0632 2324 Processor - ok
17:08:57.0695 2324 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:08:57.0695 2324 ProtectedStorage - ok
17:08:57.0788 2324 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:57.0788 2324 PSched - ok
17:08:57.0835 2324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:57.0835 2324 Ptilink - ok
17:08:57.0882 2324 ql1080 - ok
17:08:57.0960 2324 Ql10wnt - ok
17:08:58.0054 2324 ql12160 - ok
17:08:58.0148 2324 ql1240 - ok
17:08:58.0210 2324 ql1280 - ok
17:08:58.0304 2324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:58.0304 2324 RasAcd - ok
17:08:58.0382 2324 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
17:08:58.0398 2324 RasAuto - ok
17:08:58.0460 2324 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:58.0460 2324 Rasl2tp - ok
17:08:58.0570 2324 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
17:08:58.0585 2324 RasMan - ok
17:08:58.0648 2324 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:58.0648 2324 RasPppoe - ok
17:08:58.0757 2324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:58.0757 2324 Raspti - ok
17:08:58.0882 2324 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:58.0882 2324 Rdbss - ok
17:08:58.0960 2324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:58.0960 2324 RDPCDD - ok
17:08:59.0132 2324 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:08:59.0132 2324 rdpdr - ok
17:08:59.0257 2324 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:59.0257 2324 RDPWD - ok
17:08:59.0304 2324 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
17:08:59.0320 2324 RDSessMgr - ok
17:08:59.0382 2324 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:59.0382 2324 redbook - ok
17:08:59.0476 2324 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
17:08:59.0492 2324 RemoteAccess - ok
17:08:59.0554 2324 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
17:08:59.0570 2324 RemoteRegistry - ok
17:08:59.0710 2324 RoxioNow Service (f7e69a05751b24360bf2a17e9ef001b1) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
17:08:59.0726 2324 RoxioNow Service - ok
17:08:59.0804 2324 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
17:08:59.0804 2324 RpcLocator - ok
17:08:59.0929 2324 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:08:59.0929 2324 RpcSs - ok
17:09:00.0007 2324 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:09:00.0023 2324 RSVP - ok
17:09:00.0101 2324 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:09:00.0101 2324 SamSs - ok
17:09:00.0195 2324 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
17:09:00.0210 2324 SCardSvr - ok
17:09:00.0288 2324 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
17:09:00.0304 2324 Schedule - ok
17:09:00.0429 2324 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:09:00.0460 2324 SeaPort - ok
17:09:00.0554 2324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:00.0554 2324 Secdrv - ok
17:09:00.0648 2324 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
17:09:00.0648 2324 seclogon - ok
17:09:00.0757 2324 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
17:09:00.0757 2324 SENS - ok
17:09:00.0835 2324 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:09:00.0835 2324 serenum - ok
17:09:00.0898 2324 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:09:00.0898 2324 Serial - ok
17:09:00.0992 2324 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:09:01.0007 2324 Sfloppy - ok
17:09:01.0085 2324 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
17:09:01.0117 2324 SharedAccess - ok
17:09:01.0257 2324 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:09:01.0257 2324 ShellHWDetection - ok
17:09:01.0304 2324 Simbad - ok
17:09:01.0382 2324 Sparrow - ok
17:09:01.0460 2324 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:09:01.0460 2324 splitter - ok
17:09:01.0523 2324 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
17:09:01.0554 2324 Spooler - ok
17:09:01.0617 2324 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:01.0617 2324 sr - ok
17:09:01.0742 2324 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
17:09:01.0773 2324 srservice - ok
17:09:01.0882 2324 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:01.0882 2324 Srv - ok
17:09:01.0992 2324 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
17:09:01.0992 2324 SSDPSRV - ok
17:09:02.0132 2324 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
17:09:02.0195 2324 stisvc - ok
17:09:02.0351 2324 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:02.0382 2324 swenum - ok
17:09:02.0492 2324 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:09:02.0492 2324 swmidi - ok
17:09:02.0585 2324 SwPrv - ok
17:09:02.0726 2324 symc810 - ok
17:09:02.0804 2324 symc8xx - ok
17:09:02.0913 2324 sym_hi - ok
17:09:03.0038 2324 sym_u3 - ok
17:09:03.0163 2324 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:03.0179 2324 sysaudio - ok
17:09:03.0351 2324 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
17:09:03.0351 2324 SysmonLog - ok
17:09:03.0492 2324 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
17:09:03.0523 2324 TapiSrv - ok
17:09:03.0788 2324 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:03.0804 2324 Tcpip - ok
17:09:03.0898 2324 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:03.0898 2324 TDPIPE - ok
17:09:03.0945 2324 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:03.0945 2324 TDTCP - ok
17:09:04.0070 2324 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:04.0070 2324 TermDD - ok
17:09:04.0320 2324 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
17:09:04.0351 2324 TermService - ok
17:09:04.0476 2324 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:09:04.0476 2324 Themes - ok
17:09:04.0585 2324 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
17:09:04.0601 2324 TlntSvr - ok
17:09:04.0679 2324 TosIde - ok
17:09:04.0742 2324 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
17:09:04.0757 2324 TrkWks - ok
17:09:04.0867 2324 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:09:04.0867 2324 uagp35 - ok
17:09:04.0913 2324 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:09:04.0913 2324 Udfs - ok
17:09:05.0007 2324 ultra - ok
17:09:05.0070 2324 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:09:05.0085 2324 Update - ok
17:09:05.0210 2324 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
17:09:05.0210 2324 upnphost - ok
17:09:05.0288 2324 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
17:09:05.0288 2324 UPS - ok
17:09:05.0398 2324 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:09:05.0398 2324 USBAAPL - ok
17:09:05.0492 2324 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:05.0492 2324 usbccgp - ok
17:09:05.0570 2324 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:05.0570 2324 usbehci - ok
17:09:05.0632 2324 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:05.0632 2324 usbhub - ok
17:09:05.0710 2324 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:09:05.0710 2324 usbscan - ok
17:09:05.0773 2324 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:05.0773 2324 USBSTOR - ok
17:09:05.0835 2324 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:05.0835 2324 usbuhci - ok
17:09:05.0929 2324 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:09:05.0929 2324 VgaSave - ok
17:09:05.0992 2324 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:09:05.0992 2324 ViaIde - ok
17:09:06.0038 2324 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:06.0054 2324 VolSnap - ok
17:09:06.0132 2324 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
17:09:06.0148 2324 VSS - ok
17:09:06.0226 2324 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
17:09:06.0242 2324 W32Time - ok
17:09:06.0367 2324 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:06.0367 2324 Wanarp - ok
17:09:06.0429 2324 WDICA - ok
17:09:06.0507 2324 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:06.0507 2324 wdmaud - ok
17:09:06.0601 2324 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
17:09:06.0601 2324 WebClient - ok
17:09:06.0742 2324 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:09:06.0757 2324 winmgmt - ok
17:09:06.0882 2324 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:09:06.0882 2324 WmdmPmSN - ok
17:09:07.0007 2324 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
17:09:07.0038 2324 Wmi - ok
17:09:07.0179 2324 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:09:07.0179 2324 WmiApSrv - ok
17:09:07.0304 2324 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:09:07.0351 2324 WMPNetworkSvc - ok
17:09:07.0460 2324 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:09:07.0460 2324 WpdUsb - ok
17:09:07.0554 2324 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
17:09:07.0554 2324 wscsvc - ok
17:09:07.0601 2324 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
17:09:07.0601 2324 wuauserv - ok
17:09:07.0726 2324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:09:07.0726 2324 WudfPf - ok
17:09:07.0804 2324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:09:07.0804 2324 WudfRd - ok
17:09:07.0898 2324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:09:07.0898 2324 WudfSvc - ok
17:09:08.0007 2324 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
17:09:08.0023 2324 WZCSVC - ok
17:09:08.0101 2324 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
17:09:08.0101 2324 xmlprov - ok
17:09:08.0210 2324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:09:08.0242 2324 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:09:08.0242 2324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:09:08.0242 2324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:09:08.0242 2324 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:09:08.0288 2324 Boot (0x1200) (2cfb822adc883ab1332f27e73d1f437f) \Device\Harddisk0\DR0\Partition0
17:09:08.0288 2324 \Device\Harddisk0\DR0\Partition0 - ok
17:09:08.0288 2324 ============================================================
17:09:08.0288 2324 Scan finished
17:09:08.0288 2324 ============================================================
17:09:08.0413 2256 Detected object count: 2
17:09:08.0413 2256 Actual detected object count: 2
17:09:34.0617 2256 \Device\Harddisk0\DR0\# - copied to quarantine
17:09:34.0617 2256 \Device\Harddisk0\DR0 - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:09:34.0632 2256 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:09:34.0695 2256 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:09:34.0757 2256 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:09:34.0773 2256 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:09:34.0773 2256 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:09:34.0788 2256 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:09:34.0788 2256 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
17:09:34.0820 2256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:09:34.0820 2256 \Device\Harddisk0\DR0 - ok
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:09:35.0898 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:09:46.0257 2852 Deinitialize success
It did say to reboot so I did.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
