Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection


  • This topic is locked This topic is locked
28 replies to this topic

#1 Bill175

Bill175

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 03 May 2011 - 02:24 PM

Hello,
As instructed, I am creating a new thread with logs attached.

Original thread is here: http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=103&t=394399

Ran Defogger as instructed - successful.

Ran DDS.scr successful - one log pasted below, the other attached as instructed.

Ran Gmer and completed after about 4 hours - it is attached.

Will await further instructions.

Note: Still have no internet with infected machine, so transfer files/logs via a jump drive.

Thank you!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ken Wood at 11:40:19.29 on Tue 05/03/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.174 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ken Wood\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [bcmwltry] bcmwltry.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kenwoo~1\applic~1\mozilla\firefox\profiles\ccl7qdnn.default\
.
============= SERVICES / DRIVERS ===============
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2010-6-23 20352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
.
=============== Created Last 30 ================
.
2011-04-28 03:14:43 98816 ----a-w- c:\windows\sed.exe
2011-04-28 03:14:43 89088 ----a-w- c:\windows\MBR.exe
2011-04-28 03:14:43 256512 ----a-w- c:\windows\PEV.exe
2011-04-28 03:14:43 161792 ----a-w- c:\windows\SWREG.exe
2011-04-27 18:01:16 -------- d-----w- C:\found.008
2011-04-26 21:58:53 -------- d-----w- C:\found.007
2011-04-26 21:45:28 -------- dc----w- C:\fx
2011-04-26 10:57:06 -------- d-----w- C:\found.004
2011-04-26 08:43:01 -------- d-----w- C:\found.006
2011-04-22 17:17:04 -------- d-----w- C:\found.005
2011-04-22 15:12:42 -------- dcsha-r- C:\cmdcons
2011-04-20 20:29:29 -------- d-----w- C:\found.003
2011-04-20 13:28:30 -------- d-----w- C:\found.002
2011-04-20 13:07:37 -------- d-----w- c:\docume~1\kenwoo~1\applic~1\SUPERAntiSpyware.com
2011-04-20 13:07:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-20 13:07:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-20 03:39:45 -------- d-----w- C:\found.000
2011-04-20 00:28:31 -------- d-----w- C:\found.001
.
==================== Find3M ====================
.
2011-02-23 18:43:18 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 11:41:15.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 11 May 2011 - 01:47 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 May 2011 - 02:05 PM

Hi KM,
Just to make sure, you want me to run the same programs and post the same logs as are above? I haven't touched the infected computer since I posted originally above. I ran both DDS and GMER as per the instructions on how to post a request for help. Please verify you want me to rerun the same thing as I have posted above.
Thanks!

#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 11 May 2011 - 11:53 PM

Hi. :)

Since you haven't used/touched the computer since you first post we'll continue on with the fix. :)


Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

1)Antivir PersonalEdition Classic
2)avast! Home Edition

Download and install only one!



IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus Vuze

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


If you have run ComboFix on this computer, please delete ComboFix.exe off of the computer. You'll be downloading and running the latest version of ComboFix in this post.


Step # 1: Download and Run ComboFix

Download ComboFix from any of the links below. You must rename it to bill175.exe before saving it. Save it to your Desktop.

Link 1
Link 2

--------------------------------------------------------------------

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on bill175.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please include C:\ComboFix.txt in your next reply so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 May 2011 - 10:01 AM

Hi KM,

-I will install avast as soon as my internet connection is restored. At the beginning of this rootkit, I had internet, but it has since been cut off by this virus, so I can't download or update an antivirus. I'm having to download programs you instruct me too on a clean machine and transfer with a jump drive. The "disconnect" actually started when I couldn't get Mbam to run and uninstalled it and went to download a fresh copy and the internet was shut off somehow.. Anywho, once that is re-established, I'll download avast.

-Uninstalled Azureus per your instructions.

- I had previously run Combofix way back on April 28th and will be providing you a copy of that log, as well as the new one. Before I run Combofix this time, it is at the point saying it doesn't detect Microsoft Retore Program and wants to install it. Problem is, I don't have internet so I am at the screen that says "please restore your internet before clicking ok.". Do you want to work on the internet connection or do you want me to just click ok and bypass that part and let combofix run? Strange thing is, when I previously ran combofix, I HAD a internet connection and it installed the the Microsoft Program, and I see it when I reboot, so I don't know why it's saying it doesn't detect it.

Let me know if I should continue the combofix run or need to work on the internet connection first.

I've tried to restablish a connection with my limited abilities and don't know why it won't connect. I've tried to let the wizard fix it and it doesn't and I"ve tried manually - can't figure it out and assume the virus/rootkit is doing it.

Thanks!

#6 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 12 May 2011 - 01:35 PM

-I will install avast as soon as my internet connection is restored.


Ok, sounds good. :)

Do you want to work on the internet connection or do you want me to just click ok and bypass that part and let combofix run?


Go ahead and click OK and let the latest version of ComboFix run. If we need to install/reinstall the Recovery Console via ComboFix, we can do it another way that doesn't require you to be connected to the Internet.

In your next post/reply, I need to see the following:

1. The April 28th ComboFix Log
2. The new ComboFix Log from the latest version of CF.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#7 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 May 2011 - 03:58 PM

Hi Km,
Both reports are attached - the "oldcombofix" is the one I ran a few weeks ago. Combofix is the new one from the new downloaded combofix.

Will await your instruction.
Thanks!

Attached Files



#8 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 12 May 2011 - 05:22 PM

Thanks for the ComboFix Logs. :) From now on, please just post the logs I ask for normally, do not attach them. Only attach them if requested to do so. Thanks. :)


C: is FIXED (NTFS) - 74 GiB total, 7.496 GiB free.

Your computer is running low on free space. Go to Add/Remove Programs and uninstall any programs you no longer use. Plus if you have any music, movies, etc. that you can copy to a USB/Flash Drive or External Hard Drive that'll free up some space as well.



Step # 1: Download and Run TDSSKiller

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

If TDSSKiller does not reboot your computer, please reboot it.

Once it has booted back up, do the following:

---------------

Run Batchfile

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the codebox to Notepad. Save it as "All Files" and name it mbrlog.bat Please save it on your desktop.

@echo off
mbr.exe -t
start mbr.log
del %0


Double click mbrlog.bat. A window will open and close. This is normal.


In your next post/reply, I need to see the following:

1. TDSSKiller Log
2. The mbrlog.bat Log

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#9 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 May 2011 - 05:56 PM

Ran TDDSKiller, which incidentally, I was unable to run previously and all of a sudden it ran. It wouldn't initialize. I haven't touched the system since posting, so don't know why it worked, but it ran...lol. Didn't find anything.

I will delete some programs once I get the all clear to free up more space - thanks!

Both logs are below - understand not to attach like I have been unless specifically told to attach.

Will await your instructions!
Thanks!

2011/05/12 18:45:38.0953 4016 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 18:45:39.0093 4016 ================================================================================
2011/05/12 18:45:39.0093 4016 SystemInfo:
2011/05/12 18:45:39.0093 4016
2011/05/12 18:45:39.0093 4016 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/12 18:45:39.0093 4016 Product type: Workstation
2011/05/12 18:45:39.0093 4016 ComputerName: KWOOD
2011/05/12 18:45:39.0093 4016 UserName: Ken Wood
2011/05/12 18:45:39.0093 4016 Windows directory: C:\WINDOWS
2011/05/12 18:45:39.0093 4016 System windows directory: C:\WINDOWS
2011/05/12 18:45:39.0093 4016 Processor architecture: Intel x86
2011/05/12 18:45:39.0093 4016 Number of processors: 1
2011/05/12 18:45:39.0093 4016 Page size: 0x1000
2011/05/12 18:45:39.0093 4016 Boot type: Normal boot
2011/05/12 18:45:39.0093 4016 ================================================================================
2011/05/12 18:45:39.0296 4016 Initialize success
2011/05/12 18:45:57.0843 1832 ================================================================================
2011/05/12 18:45:57.0843 1832 Scan started
2011/05/12 18:45:57.0843 1832 Mode: Manual;
2011/05/12 18:45:57.0843 1832 ================================================================================
2011/05/12 18:45:58.0250 1832 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/12 18:45:58.0406 1832 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/12 18:45:58.0546 1832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/12 18:45:58.0671 1832 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/12 18:45:58.0812 1832 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/12 18:45:58.0968 1832 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/12 18:45:59.0140 1832 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/12 18:45:59.0281 1832 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/05/12 18:45:59.0437 1832 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/12 18:45:59.0562 1832 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/12 18:45:59.0718 1832 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/12 18:45:59.0843 1832 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/12 18:46:00.0031 1832 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/12 18:46:00.0156 1832 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/12 18:46:00.0296 1832 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/12 18:46:00.0437 1832 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/12 18:46:00.0625 1832 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/12 18:46:00.0750 1832 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/12 18:46:00.0890 1832 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/12 18:46:01.0109 1832 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/12 18:46:01.0265 1832 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/12 18:46:01.0468 1832 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/12 18:46:01.0625 1832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/12 18:46:01.0796 1832 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/12 18:46:01.0937 1832 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/12 18:46:02.0078 1832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/12 18:46:02.0453 1832 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/12 18:46:02.0593 1832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/12 18:46:02.0734 1832 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/12 18:46:02.0859 1832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/12 18:46:03.0015 1832 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/12 18:46:03.0171 1832 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/12 18:46:03.0296 1832 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/12 18:46:03.0453 1832 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/12 18:46:03.0593 1832 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/05/12 18:46:03.0859 1832 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/12 18:46:04.0015 1832 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/12 18:46:04.0171 1832 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/12 18:46:04.0312 1832 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/12 18:46:04.0468 1832 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/12 18:46:04.0656 1832 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/12 18:46:04.0843 1832 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/12 18:46:04.0984 1832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/12 18:46:05.0140 1832 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/12 18:46:05.0328 1832 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/12 18:46:05.0484 1832 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/12 18:46:05.0640 1832 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/05/12 18:46:05.0765 1832 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/12 18:46:05.0953 1832 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/12 18:46:06.0140 1832 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/12 18:46:06.0265 1832 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/12 18:46:06.0406 1832 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/12 18:46:06.0578 1832 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/12 18:46:06.0671 1832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/12 18:46:06.0781 1832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/12 18:46:06.0906 1832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/12 18:46:07.0031 1832 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/12 18:46:07.0187 1832 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/12 18:46:07.0343 1832 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/12 18:46:07.0546 1832 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/12 18:46:07.0718 1832 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/12 18:46:07.0890 1832 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/12 18:46:08.0031 1832 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/12 18:46:08.0171 1832 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/12 18:46:08.0343 1832 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/12 18:46:08.0437 1832 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/12 18:46:08.0578 1832 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/12 18:46:08.0687 1832 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/12 18:46:08.0812 1832 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/12 18:46:08.0953 1832 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/12 18:46:09.0140 1832 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/12 18:46:09.0281 1832 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/12 18:46:09.0515 1832 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/12 18:46:09.0671 1832 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/12 18:46:09.0843 1832 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/12 18:46:10.0046 1832 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/12 18:46:10.0218 1832 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/12 18:46:10.0359 1832 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/12 18:46:10.0515 1832 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/12 18:46:10.0656 1832 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/12 18:46:10.0781 1832 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/12 18:46:10.0906 1832 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/12 18:46:11.0078 1832 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/12 18:46:11.0218 1832 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/12 18:46:11.0375 1832 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/12 18:46:11.0531 1832 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/12 18:46:11.0671 1832 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/12 18:46:11.0812 1832 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/12 18:46:12.0171 1832 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/12 18:46:12.0312 1832 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/05/12 18:46:12.0453 1832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/12 18:46:12.0609 1832 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/12 18:46:12.0765 1832 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/12 18:46:12.0906 1832 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/12 18:46:13.0031 1832 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/12 18:46:13.0156 1832 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/12 18:46:13.0265 1832 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/12 18:46:13.0421 1832 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/12 18:46:13.0593 1832 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/12 18:46:13.0765 1832 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/12 18:46:13.0906 1832 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/12 18:46:14.0031 1832 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/12 18:46:14.0234 1832 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/12 18:46:14.0375 1832 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/12 18:46:14.0515 1832 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/12 18:46:14.0640 1832 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/12 18:46:14.0765 1832 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/12 18:46:14.0921 1832 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/12 18:46:14.0984 1832 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/12 18:46:15.0093 1832 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/12 18:46:15.0218 1832 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/12 18:46:15.0406 1832 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/12 18:46:15.0562 1832 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/12 18:46:15.0750 1832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/12 18:46:15.0968 1832 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/12 18:46:16.0171 1832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/12 18:46:16.0281 1832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/12 18:46:16.0421 1832 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/12 18:46:16.0562 1832 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/12 18:46:16.0718 1832 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/12 18:46:16.0828 1832 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/12 18:46:16.0921 1832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/12 18:46:17.0046 1832 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/12 18:46:17.0265 1832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/12 18:46:17.0421 1832 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/12 18:46:17.0828 1832 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/12 18:46:17.0968 1832 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/12 18:46:18.0187 1832 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/12 18:46:18.0328 1832 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/12 18:46:18.0671 1832 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/12 18:46:18.0921 1832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/12 18:46:19.0015 1832 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/05/12 18:46:19.0171 1832 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/12 18:46:19.0296 1832 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/12 18:46:19.0406 1832 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/12 18:46:19.0500 1832 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/12 18:46:19.0625 1832 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/12 18:46:19.0765 1832 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/12 18:46:19.0859 1832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/12 18:46:19.0984 1832 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/12 18:46:20.0156 1832 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/12 18:46:20.0281 1832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/12 18:46:20.0406 1832 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/12 18:46:20.0500 1832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/12 18:46:20.0625 1832 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/12 18:46:20.0796 1832 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/12 18:46:20.0953 1832 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/12 18:46:21.0156 1832 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/12 18:46:21.0296 1832 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/12 18:46:21.0468 1832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/12 18:46:21.0640 1832 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/12 18:46:21.0781 1832 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/12 18:46:21.0953 1832 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/12 18:46:22.0203 1832 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/12 18:46:22.0343 1832 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/12 18:46:22.0500 1832 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/12 18:46:22.0750 1832 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/12 18:46:22.0906 1832 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/12 18:46:23.0062 1832 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/12 18:46:23.0281 1832 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/12 18:46:23.0406 1832 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/12 18:46:23.0562 1832 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/12 18:46:23.0671 1832 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/12 18:46:23.0765 1832 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/12 18:46:23.0859 1832 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/12 18:46:23.0968 1832 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/12 18:46:24.0140 1832 tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\WINDOWS\system32\DRIVERS\tclondrv.sys
2011/05/12 18:46:24.0296 1832 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/12 18:46:24.0625 1832 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/12 18:46:24.0937 1832 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/12 18:46:25.0093 1832 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/12 18:46:25.0265 1832 tmcomm (11e6a2d8ebf7031d3b1c9602030bff6a) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/12 18:46:25.0406 1832 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/12 18:46:25.0562 1832 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/05/12 18:46:25.0703 1832 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/12 18:46:25.0828 1832 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/12 18:46:25.0984 1832 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/12 18:46:26.0171 1832 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/12 18:46:26.0328 1832 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/05/12 18:46:26.0468 1832 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/05/12 18:46:26.0593 1832 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/12 18:46:26.0750 1832 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/12 18:46:26.0890 1832 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/05/12 18:46:27.0015 1832 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/12 18:46:27.0187 1832 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/12 18:46:27.0328 1832 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/12 18:46:27.0468 1832 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/12 18:46:27.0609 1832 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/12 18:46:27.0750 1832 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/12 18:46:27.0890 1832 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/12 18:46:28.0015 1832 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/12 18:46:28.0234 1832 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/12 18:46:28.0531 1832 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/12 18:46:28.0703 1832 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/12 18:46:29.0015 1832 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/12 18:46:29.0140 1832 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/12 18:46:29.0437 1832 ================================================================================
2011/05/12 18:46:29.0437 1832 Scan finished
2011/05/12 18:46:29.0437 1832 ================================================================================



Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x833A8AB8]
3 CLASSPNP[0xF88B905B] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8339EB00]
kernel: MBR read successfully
user & kernel MBR OK

#10 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 13 May 2011 - 02:47 PM

Both logs you posted are clean. :) :thumbup2:

Our next step is for you to update your system to Windows XP SP3. We can do that once we get your Internet working again, so that's our next goal. :)


When you open up your browser(s) to try to connect to a webpage, are there any errors that show up? If so, what do they say? Is you computer connected to the Internet via a modem or a router?


Try the following steps, one at a time to see if your Internet connection comes back. If one of the steps restores your Internet Connection, then no need to do the others:

1. Try disabling then re-enabling your Internet Connection.

2. Go to Control Panel > Network Connections. Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".

3. In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".

Open up Firefox, go to Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. And once in "Connection Settings" box, choose Direct Connection to the Internet/No Proxy then click OK.


4. Flush DNS:

Click on Start
Select Run
Enter cmd and hit Enter

A black window will open.

Please enter the following text into that window and hit Enter:

ipconfig /flushdns


5. Download and run WinSockFix.

Double click on WinsockXPFix.exe to open.
On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
On the ERDNT Welcome screen, click "OK".
On the Backup to: screen, click "OK".
On the Folder does not exist question screen click "Yes".
You will see a status screen as your registry is being backed up.
On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
On the Winsock and TCP Repair Utility screen, click "Fix".
On the Apply the VB_Winsock fix? screen click "Yes".
The screen will display a status message "repair completed please reboot."
On the Repair Completed screen click "OK" to reboot your computer.
If your computer was not using DHCP, you will need to reconfigure TCP/IP.
You should have connectivity restored.


Let me know if any of those steps restore your Internet connection. Plus let me know about any browser error messages and if you're connected to the Net using a router or modem?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#11 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 13 May 2011 - 04:21 PM

Got the internet working! I am hooked up via wireless and uninstalled/reinstalled the belkin network card. I attempted to install SP3 but it failed 1/2 way through with multiple errors about one file it couldn't copy.....Beethovens 5th Symphony.wma! Since I don't listen to classical I have no idea.....it then went through a removal process and at the end said windows may not work right now since it failed. You ever heard that error before? It had me reboot and went to a blue screen like it was going to chkdsk but then booted up. Im googling this beethoven file error....

#12 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 13 May 2011 - 04:42 PM

Check that...its Beethovens 9th Symphony. After researching it, some have said they made the main documents folder sharable by all users and the install went fine. I tried to access the main document folder and it says access denied. I have 4 user accts all with admin privilages...but I can't get in the main document folder.

#13 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 13 May 2011 - 04:49 PM

Went into safe mode under administrator acct and still access denied on the documents folder. I also tried to create a new group to allow access and my mouse freezes up and I can't type anything and have to manually shut down the computer and boot back up. After researching this, I'm stuck and can't get access to that folder to change permissions. From what I've read, that is what is causing that Beethoven 9th error I described.

Will wait for your help. Also, FYI - downloaded installed Malware bytes and it didn't find anything :)
Thanks!

Edited by Bill175, 13 May 2011 - 06:19 PM.


#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 14 May 2011 - 01:02 AM

Nice job on getting the Internet working again on your computer. :thumbup2:

Did some looking into the problem you're having with installing SP3 and found these instructions:

When the "beethov9.wma error" comes up, open Windows Explorer and go to C:\Documents and Settings\All
Users\Documents, then right-click on Documents and bring up Properties, then
the Sharing tab. Check the box "Allow Network Users to Change My Files".
You don't have to be logged in as admin. Then retry installing SP3.

Try the above instruction and let me know if you were able to successfully install SP3 after following them.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#15 Bill175

Bill175
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 14 May 2011 - 06:00 AM

Hi,
Tried it and when I click Apply I get:

An error occurred while trying to share Documents. Access is denied. The shared resource was not created at this time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users