Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows xp recovery virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Herman Munster

Herman Munster

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 04 June 2011 - 08:50 AM

Hi guys,

I was following your guide on removal of the windows xp recovery malware but when I got to running malwarebytes, I was able to follow your guide and download it but when I ran the EXE, it kept getting blocked from actually running. I was following your Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and I made it to step # 8 when, while running the GMER scan, I got a blue screen warning that said I may have recently installed hardware or software that may need to be removed (possibly in safe mode) to protect my computer. What is my next step? I'm hesitant to run the gmer scan again and risk another blue screen of death.
Thanks!

BC AdBot (Login to Remove)

 


#2 Herman Munster

Herman Munster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 04 June 2011 - 08:54 AM

Here are the txt files that I got after running the DDS scan....

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2009 2:28:04 PM
System Uptime: 6/4/2011 6:36:02 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0T816J
Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz | U2E1 | 2172/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 192.231 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 3/7/2011 8:38:17 AM - System Checkpoint
RP260: 3/8/2011 3:55:43 PM - System Checkpoint
RP261: 3/9/2011 4:18:32 PM - System Checkpoint
RP262: 3/16/2011 10:50:28 AM - System Checkpoint
RP263: 3/16/2011 3:44:16 PM - Software Distribution Service 3.0
RP264: 3/17/2011 4:08:18 PM - System Checkpoint
RP265: 3/21/2011 12:15:10 PM - System Checkpoint
RP266: 3/25/2011 4:05:37 PM - System Checkpoint
RP267: 3/27/2011 1:04:02 PM - System Checkpoint
RP268: 3/28/2011 2:34:09 PM - System Checkpoint
RP269: 3/31/2011 12:03:28 PM - System Checkpoint
RP270: 4/4/2011 1:00:05 PM - System Checkpoint
RP271: 4/11/2011 8:58:11 AM - System Checkpoint
RP272: 4/15/2011 10:53:12 AM - System Checkpoint
RP273: 4/17/2011 9:32:19 AM - System Checkpoint
RP274: 4/18/2011 10:25:44 AM - System Checkpoint
RP275: 4/19/2011 2:22:44 PM - Installed e-Drive Setup
RP276: 4/19/2011 2:23:17 PM - Configured Multi-USB Driver Setup
RP277: 4/20/2011 3:44:35 PM - System Checkpoint
RP278: 4/22/2011 6:39:04 PM - System Checkpoint
RP279: 4/25/2011 9:46:20 AM - System Checkpoint
RP280: 4/27/2011 2:30:07 PM - Installed Engineered Software Installer
RP281: 4/27/2011 2:30:21 PM - Printer Driver PDF-XChange DE Installed
RP282: 4/27/2011 3:38:19 PM - Installed Engineered Software Installer
RP283: 4/27/2011 3:38:26 PM - Printer Driver PDF-XChange DE Installed
RP284: 4/27/2011 3:39:01 PM - Printer Driver PDF-XChange DE Installed
RP285: 4/28/2011 12:23:29 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP286: 5/2/2011 11:13:47 AM - System Checkpoint
RP287: 5/3/2011 8:59:38 AM - Installed Adobe Acrobat 7.0 Standard - English, Français, Deutsch
RP288: 5/5/2011 5:32:13 PM - System Checkpoint
RP289: 5/6/2011 7:00:36 PM - System Checkpoint
RP290: 5/8/2011 10:08:39 PM - System Checkpoint
RP291: 5/10/2011 7:33:55 AM - System Checkpoint
RP292: 5/11/2011 7:14:54 PM - System Checkpoint
RP293: 5/13/2011 6:21:10 PM - System Checkpoint
RP294: 5/15/2011 11:12:28 AM - System Checkpoint
RP295: 5/17/2011 1:15:05 PM - System Checkpoint
RP296: 5/18/2011 7:21:57 PM - System Checkpoint
RP297: 5/20/2011 11:37:21 PM - System Checkpoint
RP298: 5/21/2011 6:00:12 PM - Restore Operation
RP299: 5/22/2011 10:12:10 PM - System Checkpoint
RP300: 5/24/2011 9:23:09 AM - System Checkpoint
RP301: 5/26/2011 3:18:45 PM - System Checkpoint
RP302: 5/28/2011 6:34:02 AM - Restore Operation
RP303: 5/28/2011 6:38:59 AM - Restore Operation
RP304: 5/29/2011 10:07:11 AM - System Checkpoint
RP305: 5/30/2011 11:41:46 AM - System Checkpoint
RP306: 5/31/2011 2:38:41 PM - Software Distribution Service 3.0
RP307: 6/2/2011 7:12:33 PM - Restore Operation
RP308: 6/2/2011 7:15:00 PM - Restore Operation
RP309: 6/2/2011 7:16:22 PM - Restore Operation
RP310: 6/2/2011 7:18:05 PM - Restore Operation
RP311: 6/2/2011 7:19:09 PM - Restore Operation
RP312: 6/2/2011 7:19:21 PM - Restore Operation
RP313: 6/2/2011 7:20:29 PM - Restore Operation
RP314: 6/3/2011 12:50:46 AM - Restore Operation
RP315: 6/4/2011 6:38:14 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry® Media Sync
Bonjour
BufferChm
CCleaner (remove only)
Choice Guard
CLICK Programming Software Version 1.20
Color Network ScanGear Ver.2.21
Cscape 8.6
Cscape 9.10
Dell Backup and Recovery Manager
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
DesignPro 5.4 Limited Edition
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DicksonWare
DriveWindow Light 2.9
DWL_MergeModules
e-Drive Setup
ePrism
ESET Smart Security
eSupportQFolder
GE MDS Toolbox
Goulds Turbine Pump Selection
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet 3900 series
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet3900Series
HPProductAssistant
HSyCon System Configurator
Intel® Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java™ 6 Update 13
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2005 with USB GPS
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSLog
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Network ScanGear Ver.2.21
OGA Notifier 2.0.0048.0
PDF-XChange 3.0
PDFXSDKdrInst
PL-2303 USB-to-Serial
PowerDVD DX
PUMP-FLO
QuickTime
RadioShack USB to Serial Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Smart Label Printer 6.9
Snappy Fax Version 4
SolutionCenter
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Transnet Spectrum Analyzer (remove only)
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
WindLDR (Shared Components)
WindLDR Demo
WindLDR(Trial)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/3/2011 2:02:18 AM, error: PlugPlayManager [12] - The device 'HL-DT-ST DVD+-RW GT10N' (IDE\CdRomHL-DT-ST_DVD+-RW_GT10N__________________A107____\4&3342a73d&0&0.1.0) disappeared from the system without first being prepared for removal.
6/3/2011 12:11:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/2/2011 8:48:53 PM, error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/2/2011 8:48:53 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
6/2/2011 8:28:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/2/2011 8:27:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/2/2011 8:25:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX Tcpip
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:25:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2011 8:24:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/2/2011 7:20:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/2/2011 7:13:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm SRTSP SRTSPX
6/1/2011 11:35:39 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
5/31/2011 8:14:31 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/31/2011 7:42:34 PM, error: Service Control Manager [7038] - The RpcLocator service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/31/2011 7:42:34 PM, error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Locator service failed to start due to the following error: The service did not start due to a logon failure.
5/28/2011 6:33:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/28/2011 6:33:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/28/2011 6:24:15 AM, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The InstallShield Licensing Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2011 6:22:29 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2011 5:40:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
.
==== End Of File ===========================
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by WWSPB01 at 7:24:10 on 2011-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2319 [GMT -5:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Snappy Fax Version 4\sfpagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:33440
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Snappy Fax] c:\program files\snappy fax version 4\sf4.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [kqAIrvwyxLeS] c:\documents and settings\all users\application data\kqAIrvwyxLeS.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Snappy Fax Printer Agent] "c:\program files\snappy fax version 4\sfpagent.exe"
mRun: [Snappy Fax Printer virtual printer agent] "c:\program files\snappy fax version 4\sfpagent.exe"
mRun: [pdfSaver3]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251768364453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251823801562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab
DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 209.103.244.1 209.103.224.3
TCP: Interfaces\{7F7CE0B8-55DF-458A-8D6C-BE5562A98855} : DhcpNameServer = 209.103.244.1 209.103.224.3
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-24 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-8-24 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-8-24 41760]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\NAVEX15.SYS [?]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [2010-4-1 51200]
.
=============== Created Last 30 ================
.
2011-06-04 04:45:10 709456 ---ha-w- c:\windows\isRS-000.tmp
2011-06-04 03:27:20 410112 ---ha-w- c:\documents and settings\all users\application data\18997028.exe
2011-06-03 11:15:13 410112 ---ha-w- c:\documents and settings\all users\application data\20045604.exe
2011-06-03 06:30:30 -------- d--h--w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-06-02 23:51:58 410112 ---ha-w- c:\documents and settings\all users\application data\20242212.exe
2011-06-02 23:42:47 465408 ---ha-w- c:\documents and settings\all users\application data\kqAIrvwyxLeS.exe
2011-05-31 19:55:05 -------- d--h--w- c:\windows\ServicePackFiles
2011-05-28 11:43:44 58288 ---ha-w- c:\windows\system32\rpcnet.dll
2011-05-28 11:43:44 58288 ------w- c:\windows\system32\rpcnet.exe
2011-05-28 11:41:16 17408 ---ha-w- c:\windows\system32\rpcnetp.dll
2011-05-28 11:40:47 17408 ---ha-w- c:\windows\system32\rpcnetp.exe
2011-05-28 11:39:40 -------- d--h--w- c:\windows\system32\wbem\repository\FS
2011-05-28 11:39:40 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-05-28 11:38:25 -------- d--h--w- c:\documents and settings\all users\application data\kE06504AgCaO06504
2011-05-28 11:13:21 -------- d--h--w- c:\documents and settings\all users\application data\iD06511LoNdM06511
2011-05-21 21:31:35 -------- d--h--w- c:\documents and settings\all users\application data\nG06504DaIkA06504
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 7:24:28.45 ===============

#3 Herman Munster

Herman Munster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 04 June 2011 - 08:58 AM

Here is the log from the TDSS Killer scan.....

2011/06/04 08:57:34.0718 1604 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/04 08:57:35.0484 1604 ================================================================================
2011/06/04 08:57:35.0484 1604 SystemInfo:
2011/06/04 08:57:35.0484 1604
2011/06/04 08:57:35.0484 1604 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/04 08:57:35.0484 1604 Product type: Workstation
2011/06/04 08:57:35.0484 1604 ComputerName: WWSSG44
2011/06/04 08:57:35.0500 1604 UserName: WWSPB01
2011/06/04 08:57:35.0500 1604 Windows directory: C:\WINDOWS
2011/06/04 08:57:35.0500 1604 System windows directory: C:\WINDOWS
2011/06/04 08:57:35.0500 1604 Processor architecture: Intel x86
2011/06/04 08:57:35.0500 1604 Number of processors: 2
2011/06/04 08:57:35.0500 1604 Page size: 0x1000
2011/06/04 08:57:35.0500 1604 Boot type: Normal boot
2011/06/04 08:57:35.0500 1604 ================================================================================
2011/06/04 08:57:35.0984 1604 Initialize success
2011/06/04 08:57:40.0750 2476 ================================================================================
2011/06/04 08:57:40.0750 2476 Scan started
2011/06/04 08:57:40.0750 2476 Mode: Manual;
2011/06/04 08:57:40.0750 2476 ================================================================================
2011/06/04 08:57:41.0453 2476 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/04 08:57:41.0515 2476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/04 08:57:41.0578 2476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/04 08:57:41.0609 2476 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/04 08:57:41.0687 2476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/04 08:57:41.0734 2476 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/06/04 08:57:41.0796 2476 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/04 08:57:41.0812 2476 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/04 08:57:41.0828 2476 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/04 08:57:41.0859 2476 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/04 08:57:41.0890 2476 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/04 08:57:41.0906 2476 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/04 08:57:41.0953 2476 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/04 08:57:41.0968 2476 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/04 08:57:41.0984 2476 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/04 08:57:42.0015 2476 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/04 08:57:42.0062 2476 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/04 08:57:42.0187 2476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/04 08:57:42.0234 2476 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/04 08:57:42.0250 2476 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/04 08:57:42.0265 2476 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/04 08:57:42.0296 2476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/04 08:57:42.0312 2476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/04 08:57:42.0343 2476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/04 08:57:42.0375 2476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/04 08:57:42.0484 2476 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/04 08:57:42.0531 2476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/04 08:57:42.0546 2476 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/04 08:57:42.0562 2476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/04 08:57:42.0593 2476 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/04 08:57:42.0718 2476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/04 08:57:42.0750 2476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/04 08:57:42.0796 2476 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/04 08:57:42.0843 2476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/04 08:57:42.0875 2476 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/04 08:57:42.0890 2476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/04 08:57:42.0921 2476 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/04 08:57:42.0937 2476 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/04 08:57:42.0953 2476 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/04 08:57:42.0984 2476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/04 08:57:43.0015 2476 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/06/04 08:57:43.0031 2476 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/06/04 08:57:43.0046 2476 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/04 08:57:43.0062 2476 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/06/04 08:57:43.0078 2476 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/06/04 08:57:43.0093 2476 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/06/04 08:57:43.0109 2476 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/06/04 08:57:43.0125 2476 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/04 08:57:43.0171 2476 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/06/04 08:57:43.0187 2476 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/06/04 08:57:43.0234 2476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/04 08:57:43.0359 2476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/04 08:57:43.0390 2476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/04 08:57:43.0421 2476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/04 08:57:43.0437 2476 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/04 08:57:43.0453 2476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/04 08:57:43.0484 2476 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/04 08:57:43.0500 2476 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/04 08:57:43.0531 2476 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/06/04 08:57:43.0578 2476 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/06/04 08:57:43.0609 2476 epfw (c2c9a92b560a775c65b89e78dcb6951a) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/06/04 08:57:43.0625 2476 Epfwndis (73fc7c4a5952b5493c6be2708d1538c0) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/06/04 08:57:43.0640 2476 epfwtdi (cd6d97a7a88a78fa6f1732b75971ead0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/06/04 08:57:43.0703 2476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/04 08:57:43.0750 2476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/04 08:57:43.0765 2476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/04 08:57:43.0781 2476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/04 08:57:43.0812 2476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/04 08:57:43.0937 2476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/04 08:57:43.0968 2476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/04 08:57:44.0000 2476 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/04 08:57:44.0015 2476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/04 08:57:44.0046 2476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/04 08:57:44.0062 2476 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/04 08:57:44.0093 2476 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/04 08:57:44.0171 2476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/04 08:57:44.0187 2476 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/04 08:57:44.0203 2476 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/04 08:57:44.0265 2476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/04 08:57:44.0484 2476 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/04 08:57:44.0734 2476 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/04 08:57:44.0812 2476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/04 08:57:44.0875 2476 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/04 08:57:44.0921 2476 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/04 08:57:44.0921 2476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/04 08:57:44.0953 2476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/04 08:57:44.0968 2476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/04 08:57:44.0984 2476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/04 08:57:45.0015 2476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/04 08:57:45.0046 2476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/04 08:57:45.0078 2476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/04 08:57:45.0109 2476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/04 08:57:45.0125 2476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/04 08:57:45.0156 2476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/04 08:57:45.0218 2476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/04 08:57:45.0250 2476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/04 08:57:45.0328 2476 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\WINDOWS\system32\Machnm32.sys
2011/06/04 08:57:45.0453 2476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/04 08:57:45.0500 2476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/04 08:57:45.0515 2476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/04 08:57:45.0531 2476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/04 08:57:45.0562 2476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/04 08:57:45.0625 2476 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/04 08:57:45.0640 2476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/04 08:57:45.0703 2476 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/04 08:57:45.0734 2476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/04 08:57:45.0781 2476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/04 08:57:45.0906 2476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/04 08:57:45.0921 2476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/04 08:57:45.0953 2476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/04 08:57:46.0000 2476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/04 08:57:46.0109 2476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/04 08:57:46.0125 2476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/04 08:57:46.0140 2476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/04 08:57:46.0156 2476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/04 08:57:46.0203 2476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/04 08:57:46.0234 2476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/04 08:57:46.0265 2476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/04 08:57:46.0312 2476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/04 08:57:46.0328 2476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/04 08:57:46.0390 2476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/04 08:57:46.0546 2476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/04 08:57:46.0578 2476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/04 08:57:46.0609 2476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/04 08:57:46.0671 2476 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
2011/06/04 08:57:46.0687 2476 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
2011/06/04 08:57:46.0718 2476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/04 08:57:46.0781 2476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/04 08:57:46.0796 2476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/04 08:57:46.0828 2476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/04 08:57:46.0843 2476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/04 08:57:46.0890 2476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/04 08:57:46.0906 2476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/04 08:57:46.0984 2476 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/04 08:57:47.0000 2476 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/04 08:57:47.0046 2476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/04 08:57:47.0062 2476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/04 08:57:47.0078 2476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/04 08:57:47.0125 2476 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/04 08:57:47.0140 2476 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/04 08:57:47.0156 2476 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/04 08:57:47.0171 2476 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/04 08:57:47.0187 2476 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/04 08:57:47.0203 2476 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/04 08:57:47.0203 2476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/04 08:57:47.0359 2476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/04 08:57:47.0375 2476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/04 08:57:47.0390 2476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/04 08:57:47.0406 2476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/04 08:57:47.0453 2476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/04 08:57:47.0484 2476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/04 08:57:47.0515 2476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/04 08:57:47.0546 2476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/04 08:57:47.0593 2476 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/06/04 08:57:47.0625 2476 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/04 08:57:47.0640 2476 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/04 08:57:47.0750 2476 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/04 08:57:47.0781 2476 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/04 08:57:47.0796 2476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/04 08:57:47.0828 2476 Ser2pl (a1745baef7ea724866da26a231b75a85) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/06/04 08:57:47.0843 2476 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/04 08:57:47.0890 2476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/04 08:57:48.0000 2476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/04 08:57:48.0015 2476 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/04 08:57:48.0062 2476 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/04 08:57:48.0078 2476 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/04 08:57:48.0125 2476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/04 08:57:48.0156 2476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/04 08:57:48.0203 2476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/04 08:57:48.0296 2476 STHDA (5849f5d472a676ace7224fc2c656f4b2) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/04 08:57:48.0437 2476 Svk2pl (fc8ec94081fd4f0632552782ddd787fe) C:\WINDOWS\system32\DRIVERS\Svk2pl.sys
2011/06/04 08:57:48.0500 2476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/04 08:57:48.0500 2476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/04 08:57:48.0546 2476 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/04 08:57:48.0562 2476 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/04 08:57:48.0578 2476 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/04 08:57:48.0578 2476 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/04 08:57:48.0593 2476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/04 08:57:48.0640 2476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/04 08:57:48.0687 2476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/04 08:57:48.0718 2476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/04 08:57:48.0734 2476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/04 08:57:48.0765 2476 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/04 08:57:48.0781 2476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/04 08:57:48.0796 2476 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/04 08:57:48.0812 2476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/04 08:57:48.0859 2476 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/04 08:57:48.0890 2476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/04 08:57:48.0906 2476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/04 08:57:48.0937 2476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/04 08:57:48.0984 2476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/04 08:57:49.0125 2476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/04 08:57:49.0171 2476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/04 08:57:49.0218 2476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/04 08:57:49.0265 2476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/04 08:57:49.0296 2476 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/04 08:57:49.0328 2476 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/04 08:57:49.0359 2476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/04 08:57:49.0390 2476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/04 08:57:49.0453 2476 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/04 08:57:49.0562 2476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/04 08:57:49.0656 2476 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/04 08:57:49.0703 2476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/04 08:57:49.0703 2476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/04 08:57:49.0734 2476 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/06/04 08:57:49.0750 2476 ================================================================================
2011/06/04 08:57:49.0750 2476 Scan finished
2011/06/04 08:57:49.0750 2476 ================================================================================
2011/06/04 08:57:49.0765 1928 Detected object count: 0
2011/06/04 08:57:49.0765 1928 Actual detected object count: 0

#4 Herman Munster

Herman Munster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 04 June 2011 - 07:32 PM

Here is the gmer log.....

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-04 19:26:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FCDO
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 89344C90 ZwAssignProcessToJobObject
SSDT 89345200 ZwDebugActiveProcess
SSDT 893452F0 ZwDuplicateObject
SSDT 89344590 ZwOpenProcess
SSDT 89344800 ZwOpenThread
SSDT 89344FD0 ZwProtectVirtualMemory
SSDT 893450E0 ZwQueueApcThread
SSDT 89344EC0 ZwSetContextThread
SSDT 89344D90 ZwSetInformationThread
SSDT 89341DA0 ZwSetSecurityObject
SSDT 89344B90 ZwSuspendProcess
SSDT 89344A80 ZwSuspendThread
SSDT 893446E0 ZwTerminateProcess
SSDT 89344A50 ZwTerminateThread
SSDT 893456D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? pnthaly.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Snappy Fax Version 4\sf4.exe[304] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454231 C:\Program Files\Snappy Fax Version 4\sf4.exe (Snappy Fax Version 4.0 Executable/John Taylor & Associates)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1808] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP301\A0104828.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP302\A0104859.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP303\A0104911.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP306\A0107870.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP306\A0108876.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP306\A0109876.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0109882.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0109899.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0111920.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0112920.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0112926.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0112945.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0113945.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP313\A0113984.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP314\A0114012.exe:BAK 22528 bytes executable

---- EOF - GMER 1.0.15 ----

#5 Herman Munster

Herman Munster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 05 June 2011 - 09:25 AM

Guys,

By the time I posted the gmer log last night, I had already loaded mbam (malwarebytes) from a flash drive to my C drive and I had run a scan (that did find and allow me to remove several files). I then went back and followed all of the sequential steps in "remove windows xp recovery (uninstall guide).

After mbam found and eliminated several items, I went ahead and ran both mbam and spybot S&D (several times) and found no further problems. I then ran the unhide program and all of my files magically re-appeared!!

The only time I re-booted my computer yesterday was when I was instructed to (in the uninstall guide) after I ran mbam and mbam instructed me to re-boot.

Again, I stress that I followed the steps in sequence and my problem is apparently gone!! I left my laptop on overnite and this morning when I woke up, I re-booted for the first time and went on-line. So far (about an hour and a 1/2 later) I have not had the windows xp recovery window pop back up.

Thanks soooo much to bleepingcomputer.com !!!!!!!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 PM

Posted 05 June 2011 - 05:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users