Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Supposed ZeroAccess rootkit


  • This topic is locked This topic is locked
73 replies to this topic

#1 kriff

kriff

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 29 November 2011 - 04:59 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic429328.html ~ OB

Knew there was somekind of virus in background

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by snapper at 4:46:21 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1480 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1302813479\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.co.uk
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HostManager] c:\program files\common files\aol\1302813479\ee\AOLSoftware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\snapper\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187b wireless lan utility\RtWLan.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{377DA065-E698-4F9F-863A-134C13CC6FA1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8F3F91B2-CBFA-4FED-B655-2AAA951A87C2} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2011-4-23 203264]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-20 21520]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-4-14 335104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2a.tmp --> c:\windows\system32\2A.tmp [?]
S4 AMService;AMService; [x]
.
=============== Created Last 30 ================
.
2011-11-19 03:15:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-11-25 06:41:31 102400 ----a-w- c:\windows\RegBootClean.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 4:47:05.84 ===============

Attached Files


Edited by Orange Blossom, 29 November 2011 - 05:36 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 30 November 2011 - 01:39 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 30 November 2011 - 04:12 AM

Hi st
Loaded and ran combofix - stalled saying I had ZeroAccess malware - would not load aol internet


I thought your instruction said if stalled rerun combofix which I did and got following

ComboFix 11-11-30.01 - snapper 30/11/2011 8:49.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.866 [GMT 0:00]
Running from: c:\documents and settings\snapper\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\snapper\WINDOWS
c:\windows\system32\rnaph.dll
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-19 03:15 . 2011-11-19 03:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 06:41 . 2011-04-15 08:38 102400 ----a-w- c:\windows\RegBootClean.exe
2011-10-10 14:22 . 2011-04-14 19:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"HostManager"="c:\program files\Common Files\AOL\1302813479\ee\AOLSoftware.exe" [2010-03-08 41800]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\snapper\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-4-23 155648]
REALTEK RTL8187B Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe [2011-4-14 880640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Realtek\\RTL8187B Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1302813479\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [23/04/2011 08:08 203264]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [20/07/2011 05:38 21520]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [14/04/2011 20:18 335104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A.tmp --> c:\windows\system32\2A.tmp [?]
S4 AMService;AMService; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 15:16]
.
2011-11-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 15:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 09:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-30 09:02:22
ComboFix-quarantined-files.txt 2011-11-30 09:02
ComboFix2.txt 2011-04-26 14:37
.
Pre-Run: 231,878,070,272 bytes free
Post-Run: 232,490,913,792 bytes free
.
- - End Of File - - BA4204DB69070840852F077182E08B59

shouldd I restart again
regards

aol internet now reloads and runs

Edited by kriff, 30 November 2011 - 04:14 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 30 November 2011 - 04:18 AM

Hi!

Yes, please reboot your computer, and run a new scan with ComboFix.

Please post the log it produces, as well as run this scan:

OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 30 November 2011 - 11:15 PM

Hi st - really appreciate your help - I am an oap so please bear with me

below as requested combo and ots texts

ComboFix 11-11-30.03 - snapper 01/12/2011 3:51.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1592 [GMT 0:00]
Running from: c:\documents and settings\snapper\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-19 03:15 . 2011-11-19 03:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 06:41 . 2011-04-15 08:38 102400 ----a-w- c:\windows\RegBootClean.exe
2011-10-10 14:22 . 2011-04-14 19:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-30_09.00.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2011-11-30 08:13 71328 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-12-01 03:33 71328 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-12-01 03:33 441392 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-11-30 08:13 441392 c:\windows\system32\perfh009.dat
+ 2011-11-30 09:13 . 2011-11-30 09:13 223744 c:\windows\$NtUninstallKB38723$\840541530\kwrd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"HostManager"="c:\program files\Common Files\AOL\1302813479\ee\AOLSoftware.exe" [2010-03-08 41800]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\snapper\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-4-23 155648]
REALTEK RTL8187B Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe [2011-4-14 880640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Realtek\\RTL8187B Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1302813479\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [23/04/2011 08:08 203264]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [20/07/2011 05:38 21520]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [14/04/2011 20:18 335104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A.tmp --> c:\windows\system32\2A.tmp [?]
S4 AMService;AMService; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 15:16]
.
2011-11-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 15:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 03:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-01 03:57:48
ComboFix-quarantined-files.txt 2011-12-01 03:57
ComboFix2.txt 2011-04-26 14:37
.
Pre-Run: 232,443,129,856 bytes free
Post-Run: 232,429,318,144 bytes free
.
- - End Of File - - C0EAAA634A91ED0DA6CE4D9AAC553305



ots text
OTS logfile created on: 01/12/2011 04:03:24 - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\snapper\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.50 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 116.50 Gb Free Space | 78.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 1.79 Gb Free Space | 93.29% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: REDTEN
Current User Name: snapper
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\snapper\Desktop\OTS.exe -> [2011/12/01 03:45:08 | 000,646,144 | ---- | M] (OldTimer Tools)
rapportservice.exe -> C:\Program Files\Trusteer\Rapport\bin\RapportService.exe -> [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.)
rapportmgmtservice.exe -> C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.)
aolsoftware.exe -> C:\Program Files\Common Files\AOL\1302813479\ee\aolsoftware.exe -> [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.)
rtwlan.exe -> C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe -> [2008/07/16 16:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
wincinemamgr.exe -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe -> [2003/06/13 17:50:46 | 000,155,648 | ---- | M] ()
 
[Modules - No Company Name]
js32.dll -> C:\Program Files\Trusteer\Rapport\bin\js32.dll -> [2011/10/30 20:57:06 | 000,557,056 | ---- | M] ()
rapportms.dll -> C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll -> [2011/07/20 05:38:19 | 000,516,368 | ---- | M] ()
enumdevlib.dll -> C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\EnumDevLib.dll -> [2006/10/26 21:30:12 | 000,131,072 | ---- | M] ()
acauth.dll -> C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\acAuth.dll -> [2005/07/20 03:53:04 | 000,966,765 | ---- | M] ()
wincinemamgr.exe -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe -> [2003/06/13 17:50:46 | 000,155,648 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AMService) AMService [Disabled | Stopped] ->  -> File not found
(RapportMgmtService) Rapport Management Service [Auto | Running] -> C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.)
(AOL ACS) AOL Connectivity Service [On_Demand | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC)
(PCLEPCI) PCLEPCI [Auto | Stopped] -> C:\WINDOWS\system32\drivers\Pclepci.sys -> [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Running] ->  -> File not found
(RapportCerberus_32301) RapportCerberus_32301 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -> [2011/11/07 21:30:20 | 000,227,312 | ---- | M] ()
(RapportEI) RapportEI [Kernel | System | Running] -> C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -> [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.)
(RapportPG) RapportPG [Kernel | System | Running] -> C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -> [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.)
(RapportKELL) RapportKELL [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\RapportKELL.sys -> [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.)
(RapportIaso) RapportIaso [Kernel | On_Demand | Running] -> c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -> [2011/07/20 05:38:19 | 000,021,520 | ---- | M] (Trusteer Ltd.)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -> [2011/04/23 12:03:48 | 000,033,408 | ---- | M] (B.H.A Corporation)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(RTL8187B) Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8187B.sys -> [2008/06/25 22:26:36 | 000,335,104 | R--- | M] (Realtek Semiconductor Corporation                           )
(IPSec) IPSEC driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ipsec.sys -> [2008/04/13 19:19:42 | 000,075,264 | ---- | M] ()
(MarvinBus) Pinnacle Marvin Bus [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\MarvinBus.sys -> [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH)
(BENDER) Pinnacle DV/AV Capture [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bender.sys -> [2006/12/04 08:36:10 | 000,203,264 | ---- | M] (Pinnacle Systems)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/06/14 03:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2006/02/26 21:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation                           )
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ElbyCDFL.sys -> [2004/08/31 18:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\irsir.sys -> [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.co.uk -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/11/30 09:00:00 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 19:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HostManager" -> C:\Program Files\Common Files\AOL\1302813479\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1302813479\ee\AOLSoftware.exe] -> [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"LaunchList" -> C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe] -> [2007/03/21 14:41:38 | 000,145,496 | ---- | M] (Pinnacle Systems)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe -> [2003/06/13 17:50:46 | 000,155,648 | ---- | M] ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187B Wireless LAN Utility.lnk -> C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe -> [2008/07/16 16:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.)
< snapper Startup Folder > -> C:\Documents and Settings\snapper\Start Menu\Programs\Startup -> 
C:\Documents and Settings\snapper\Start Menu\Programs\Startup\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 18:16:50 | 000,113,664 | ---- | M] (Adobe Systems, Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7713 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7713 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{377DA065-E698-4F9F-863A-134C13CC6FA1}\\DhcpNameServer -> 192.168.1.254   (Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter) -> 
{8F3F91B2-CBFA-4FED-B655-2AAA951A87C2}\\DhcpNameServer -> 192.168.1.254   (Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/03 22:21:41 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\AOL\1302813479\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1302813479\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1302813479\ee\aolsoftware.exe:*:Enabled:AOL Shared Components] -> [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\acs\AOLacsd.exe [C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services] -> [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" -> C:\Program Files\Common Files\AOL\acs\AOLDial.exe [C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler] -> [2010/10/29 16:19:32 | 000,070,984 | R--- | M] (America Online)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> [2010/10/18 19:08:40 | 000,039,240 | ---- | M] (AOL Inc.)
"C:\Program Files\InterVideo\DVD5\WinDVD.exe" -> C:\Program Files\InterVideo\DVD5\WinDVD.exe [C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Disabled:WinDVD] -> [2003/06/13 17:53:00 | 000,122,880 | ---- | M] (InterVideo Inc.)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" -> C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe [C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile] -> [2006/11/21 04:05:58 | 000,024,576 | ---- | M] ( )
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" -> C:\Program Files\Pinnacle\Studio 11\programs\RM.exe [C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager] -> [2008/02/08 15:29:50 | 000,073,728 | ---- | M] (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" -> C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe [C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio] -> [2008/02/08 15:55:44 | 005,509,120 | ---- | M] (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" -> C:\Program Files\Pinnacle\Studio 11\programs\umi.exe [C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi] -> [2008/02/08 15:29:26 | 000,081,920 | ---- | M] (Pinnacle Systems)
"C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" -> C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe [C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan] -> [2008/07/16 16:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2011/04/23 08:01:19 | 000,000,095 | ---- | M] ()
F:\AUTO-TRADER [] -> F:\AUTO-TRADER [ FAT ] -> [2011/06/10 04:56:40 | 000,000,000 | ---D | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 temp -> C:\WINDOWS\temp -> [2011/12/01 03:57:51 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Documents and Settings\snapper\Desktop\ComboFix.exe -> [2011/12/01 03:49:13 | 004,323,419 | R--- | C] (Swearware)
 OTS.exe -> C:\Documents and Settings\snapper\Desktop\OTS.exe -> [2011/12/01 03:48:26 | 000,646,144 | ---- | C] (OldTimer Tools)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/11/30 08:28:14 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/11/30 08:28:14 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/11/30 08:28:14 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/11/30 08:28:14 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2011/11/30 08:27:14 | 000,000,000 | ---D | C]
 Administrative Tools -> C:\Documents and Settings\snapper\Start Menu\Programs\Administrative Tools -> [2011/11/29 04:35:01 | 000,000,000 | R--D | C]
 dds.scr -> C:\Documents and Settings\snapper\Desktop\dds.scr -> [2011/11/29 04:33:18 | 000,607,260 | R--- | C] (Swearware)
 mbam-setup-1.51.2.1300.exe -> C:\Documents and Settings\snapper\Desktop\mbam-setup-1.51.2.1300.exe -> [2011/11/26 04:27:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    )
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2011/11/23 04:55:02 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2011/11/23 04:55:00 | 000,000,000 | ---D | C]
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/11/19 03:15:33 | 000,414,368 | ---- | C] (Adobe Systems Incorporated)
 Opera -> C:\Documents and Settings\snapper\Application Data\Opera -> [2011/11/16 03:24:57 | 000,000,000 | ---D | C]
 RapportKELL.sys -> C:\WINDOWS\System32\drivers\RapportKELL.sys -> [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.)
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 ComboFix.exe -> C:\Documents and Settings\snapper\Desktop\ComboFix.exe -> [2011/12/01 03:46:14 | 004,323,419 | R--- | M] (Swearware)
 OTS.exe -> C:\Documents and Settings\snapper\Desktop\OTS.exe -> [2011/12/01 03:45:08 | 000,646,144 | ---- | M] (OldTimer Tools)
 QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2011/12/01 03:37:26 | 000,001,593 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/12/01 03:33:43 | 000,441,392 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/12/01 03:33:43 | 000,071,328 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/12/01 03:29:49 | 000,013,762 | ---- | M] ()
 RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2011/12/01 03:27:28 | 000,000,442 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/12/01 03:27:20 | 000,002,048 | --S- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/11/30 09:00:00 | 000,000,027 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/30 08:21:22 | 000,000,664 | ---- | M] ()
 sc4yfzfp.exe -> C:\Documents and Settings\snapper\Desktop\sc4yfzfp.exe -> [2011/11/29 04:53:23 | 000,302,592 | ---- | M] ()
 dds.scr -> C:\Documents and Settings\snapper\Desktop\dds.scr -> [2011/11/29 04:33:22 | 000,607,260 | R--- | M] (Swearware)
 defogger_reenable -> C:\Documents and Settings\snapper\defogger_reenable -> [2011/11/29 04:31:38 | 000,000,000 | ---- | M] ()
 Defogger.exe -> C:\Documents and Settings\snapper\Desktop\Defogger.exe -> [2011/11/29 04:30:30 | 000,050,477 | ---- | M] ()
 MiniToolBox.exe -> C:\Documents and Settings\snapper\Desktop\MiniToolBox.exe -> [2011/11/26 04:28:18 | 000,381,631 | ---- | M] ()
 mbam-setup-1.51.2.1300.exe -> C:\Documents and Settings\snapper\Desktop\mbam-setup-1.51.2.1300.exe -> [2011/11/26 04:27:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    )
 SecurityCheck.exe -> C:\Documents and Settings\snapper\Desktop\SecurityCheck.exe -> [2011/11/26 04:19:22 | 000,869,194 | ---- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\snapper\Desktop\HiJackThis.lnk -> [2011/11/26 04:13:10 | 000,002,451 | ---- | M] ()
 census.cache -> C:\Documents and Settings\snapper\Local Settings\Application Data\census.cache -> [2011/11/25 19:12:48 | 000,154,760 | ---- | M] ()
 ars.cache -> C:\Documents and Settings\snapper\Local Settings\Application Data\ars.cache -> [2011/11/25 19:12:47 | 000,000,000 | ---- | M] ()
 RegBootClean.exe -> C:\WINDOWS\RegBootClean.exe -> [2011/11/25 06:41:31 | 000,102,400 | ---- | M] ()
 RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2011/11/24 03:05:45 | 000,000,376 | ---- | M] ()
 1c8cWPJ8.dat -> C:\Documents and Settings\All Users\Application Data\1c8cWPJ8.dat -> [2011/11/24 02:59:38 | 000,000,112 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/11/19 03:15:33 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/11/09 05:39:28 | 000,001,374 | ---- | M] ()
 RapportKELL.sys -> C:\WINDOWS\System32\drivers\RapportKELL.sys -> [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.)
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/11/30 08:28:14 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/11/30 08:28:14 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2011/11/30 08:28:14 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2011/11/30 08:28:14 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2011/11/30 08:28:14 | 000,068,096 | ---- | C] ()
 sc4yfzfp.exe -> C:\Documents and Settings\snapper\Desktop\sc4yfzfp.exe -> [2011/11/29 04:53:23 | 000,302,592 | ---- | C] ()
 defogger_reenable -> C:\Documents and Settings\snapper\defogger_reenable -> [2011/11/29 04:31:38 | 000,000,000 | ---- | C] ()
 Defogger.exe -> C:\Documents and Settings\snapper\Desktop\Defogger.exe -> [2011/11/29 04:30:30 | 000,050,477 | ---- | C] ()
 MiniToolBox.exe -> C:\Documents and Settings\snapper\Desktop\MiniToolBox.exe -> [2011/11/26 04:28:16 | 000,381,631 | ---- | C] ()
 SecurityCheck.exe -> C:\Documents and Settings\snapper\Desktop\SecurityCheck.exe -> [2011/11/26 04:17:10 | 000,869,194 | ---- | C] ()
 1c8cWPJ8.dat -> C:\Documents and Settings\All Users\Application Data\1c8cWPJ8.dat -> [2011/11/24 02:58:03 | 000,000,112 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/23 04:55:55 | 000,000,664 | ---- | C] ()
 census.cache -> C:\Documents and Settings\snapper\Local Settings\Application Data\census.cache -> [2011/07/21 14:17:34 | 000,154,760 | ---- | C] ()
 ars.cache -> C:\Documents and Settings\snapper\Local Settings\Application Data\ars.cache -> [2011/07/21 14:17:31 | 000,000,000 | ---- | C] ()
 INTURS.DAT -> C:\WINDOWS\INTURS.DAT -> [2011/06/08 10:45:42 | 000,000,030 | ---- | C] ()
 INTUSB.DAT -> C:\WINDOWS\INTUSB.DAT -> [2011/06/08 10:44:56 | 000,000,022 | ---- | C] ()
 QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2011/06/08 10:42:04 | 000,001,593 | ---- | C] ()
 intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2011/06/08 10:42:04 | 000,000,052 | ---- | C] ()
 Q_ENCLIB.DLL -> C:\WINDOWS\System32\Q_ENCLIB.DLL -> [2011/06/08 10:42:01 | 000,073,728 | ---- | C] ()
 Q_ENCUTL.DLL -> C:\WINDOWS\System32\Q_ENCUTL.DLL -> [2011/06/08 10:42:01 | 000,040,960 | ---- | C] ()
 icoadb32.dat -> C:\WINDOWS\icoadb32.dat -> [2011/06/08 10:42:01 | 000,004,456 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\snapper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/04/29 09:12:44 | 000,033,280 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\snapper\Local Settings\Application Data\fusioncache.dat -> [2011/04/29 04:29:09 | 000,000,130 | ---- | C] ()
 DEBUGSM.INI -> C:\WINDOWS\DEBUGSM.INI -> [2011/04/25 05:03:03 | 000,000,029 | ---- | C] ()
 pythoncom21.dll -> C:\WINDOWS\System32\pythoncom21.dll -> [2011/04/25 04:52:00 | 000,290,919 | ---- | C] ()
 PyWinTypes21.dll -> C:\WINDOWS\System32\PyWinTypes21.dll -> [2011/04/25 04:52:00 | 000,057,344 | ---- | C] ()
 SlantAdj.dll -> C:\WINDOWS\SlantAdj.dll -> [2011/04/25 04:49:27 | 000,096,768 | ---- | C] ()
 Ade001.bin -> C:\WINDOWS\Ade001.bin -> [2011/04/25 04:49:27 | 000,003,136 | ---- | C] ()
 epDPE.ini -> C:\WINDOWS\System32\epDPE.ini -> [2011/04/25 04:49:27 | 000,000,072 | ---- | C] ()
 EsFw32.BIN -> C:\WINDOWS\System32\EsFw32.BIN -> [2011/04/25 04:48:26 | 000,065,793 | ---- | C] ()
 CDE P3170EIF.ini -> C:\WINDOWS\CDE P3170EIF.ini -> [2011/04/25 04:47:09 | 000,000,025 | ---- | C] ()
 Wininit.ini -> C:\WINDOWS\Wininit.ini -> [2011/04/25 04:32:01 | 000,000,706 | ---- | C] ()
 DVResampleru.dll -> C:\WINDOWS\System32\DVResampleru.dll -> [2011/04/23 08:23:06 | 000,086,016 | ---- | C] ()
 macd32.dll -> C:\WINDOWS\System32\macd32.dll -> [2011/04/23 08:01:19 | 000,196,096 | ---- | C] ()
 mase32.dll -> C:\WINDOWS\System32\mase32.dll -> [2011/04/23 08:01:19 | 000,138,752 | ---- | C] ()
 mamc32.dll -> C:\WINDOWS\System32\mamc32.dll -> [2011/04/23 08:01:19 | 000,136,192 | ---- | C] ()
 masd32.dll -> C:\WINDOWS\System32\masd32.dll -> [2011/04/23 08:01:19 | 000,057,856 | ---- | C] ()
 ma32.dll -> C:\WINDOWS\System32\ma32.dll -> [2011/04/23 08:01:19 | 000,027,648 | ---- | C] ()
 nero.INI -> C:\WINDOWS\nero.INI -> [2011/04/22 09:54:47 | 000,000,040 | ---- | C] ()
 RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2011/04/21 10:43:06 | 000,135,168 | R--- | C] ()
 ChCfg.exe -> C:\WINDOWS\System32\ChCfg.exe -> [2011/04/21 10:43:06 | 000,040,960 | R--- | C] ()
 RegBootClean.exe -> C:\WINDOWS\RegBootClean.exe -> [2011/04/15 08:38:24 | 000,102,400 | ---- | C] ()
 housecall.guid.cache -> C:\Documents and Settings\snapper\Local Settings\Application Data\housecall.guid.cache -> [2011/04/14 20:41:21 | 000,000,036 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/04/14 20:27:49 | 000,000,335 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2011/04/14 20:26:56 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/04/14 20:25:26 | 000,172,280 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/04/14 19:41:20 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2011/04/14 19:36:06 | 000,021,640 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/04 12:00:00 | 013,107,200 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/04 12:00:00 | 000,673,088 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/04 12:00:00 | 000,441,392 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/04 12:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/04 12:00:00 | 000,218,003 | ---- | C] ()
 ipsec.sys -> C:\WINDOWS\System32\drivers\ipsec.sys -> [2004/08/04 12:00:00 | 000,075,264 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/04 12:00:00 | 000,071,328 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/04 12:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/04 12:00:00 | 000,028,626 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/04 12:00:00 | 000,004,569 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/04 12:00:00 | 000,004,461 | ---- | C] ()
 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/04 12:00:00 | 000,001,804 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/04 12:00:00 | 000,000,741 | ---- | C] ()
< End of report >


regards

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 01 December 2011 - 02:00 AM

Hi!

When you ran ComboFix the second time, did it pop up with a message informing you that you were infected with Zero Access?

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (catchme) catchme [Kernel | On_Demand | Running] -> 
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7713 domain(s) found.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found.
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7713 domain(s) found.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found.
[Files/Folders - Modified Within 30 Days]
NY ->  1c8cWPJ8.dat -> C:\Documents and Settings\All Users\Application Data\1c8cWPJ8.dat
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 01 December 2011 - 11:36 PM

When you ran ComboFix the second time, did it pop up with a message informing you that you

were infected with Zero Access?

NO

I ran ots.exe and copied /pasted as you requested - ran runfix - it asked for reboot
I rebooted BUT OTS did not come back

So I ran tdskiller as requested
various files found - 9
reboot computer - waited 10 mins tdskiller did not show again - so I ran tdskiller again
found 9 threats with only quarantine or restore default actions
gave following options
skip : copy to quarantine : delete UNDER copy to quarantine OR restore default actions
no sure which too chooes so i have posted you this info as you said do not use delete
THREATS DETECTED - 9 - I used skip command
to reply to you
regards

#8 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 December 2011 - 12:26 AM

My apologies found 2 txt / log files for tdskiller

First


04:16:28.0218 2472 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
04:16:28.0234 2472 ============================================================
04:16:28.0234 2472 Current date / time: 2011/12/02 04:16:28.0234
04:16:28.0234 2472 SystemInfo:
04:16:28.0234 2472
04:16:28.0234 2472 OS Version: 5.1.2600 ServicePack: 3.0
04:16:28.0234 2472 Product type: Workstation
04:16:28.0234 2472 ComputerName: REDTEN
04:16:28.0234 2472 UserName: snapper
04:16:28.0234 2472 Windows directory: C:\WINDOWS
04:16:28.0234 2472 System windows directory: C:\WINDOWS
04:16:28.0234 2472 Processor architecture: Intel x86
04:16:28.0234 2472 Number of processors: 2
04:16:28.0234 2472 Page size: 0x1000
04:16:28.0234 2472 Boot type: Normal boot
04:16:28.0234 2472 ============================================================
04:16:28.0812 2472 Initialize success
04:17:24.0093 1552 ============================================================
04:17:24.0093 1552 Scan started
04:17:24.0093 1552 Mode: Manual; SigCheck; TDLFS;
04:17:24.0093 1552 ============================================================
04:17:24.0390 1552 Abiosdsk - ok
04:17:24.0421 1552 abp480n5 - ok
04:17:24.0484 1552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:17:26.0328 1552 ACPI - ok
04:17:26.0406 1552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:17:26.0578 1552 ACPIEC - ok
04:17:26.0625 1552 adpu160m - ok
04:17:26.0687 1552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:17:26.0828 1552 aec - ok
04:17:26.0906 1552 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
04:17:26.0921 1552 AegisP ( UnsignedFile.Multi.Generic ) - warning
04:17:26.0921 1552 AegisP - detected UnsignedFile.Multi.Generic (1)
04:17:27.0015 1552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:17:27.0078 1552 AFD - ok
04:17:27.0109 1552 Aha154x - ok
04:17:27.0140 1552 aic78u2 - ok
04:17:27.0156 1552 aic78xx - ok
04:17:27.0187 1552 AliIde - ok
04:17:27.0218 1552 amsint - ok
04:17:27.0281 1552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:17:27.0421 1552 Arp1394 - ok
04:17:27.0453 1552 asc - ok
04:17:27.0484 1552 asc3350p - ok
04:17:27.0500 1552 asc3550 - ok
04:17:27.0593 1552 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
04:17:27.0625 1552 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
04:17:27.0625 1552 Aspi32 - detected UnsignedFile.Multi.Generic (1)
04:17:27.0671 1552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:17:27.0812 1552 AsyncMac - ok
04:17:27.0859 1552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:17:28.0000 1552 atapi - ok
04:17:28.0046 1552 Atdisk - ok
04:17:28.0078 1552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:17:28.0218 1552 Atmarpc - ok
04:17:28.0296 1552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:17:28.0453 1552 audstub - ok
04:17:28.0531 1552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:17:28.0656 1552 Beep - ok
04:17:28.0734 1552 BENDER (fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32\drivers\bender.sys
04:17:28.0781 1552 BENDER - ok
04:17:28.0859 1552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:17:29.0000 1552 cbidf2k - ok
04:17:29.0046 1552 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:17:29.0187 1552 CCDECODE - ok
04:17:29.0234 1552 cd20xrnt - ok
04:17:29.0265 1552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:17:29.0421 1552 Cdaudio - ok
04:17:29.0500 1552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:17:29.0625 1552 Cdfs - ok
04:17:29.0703 1552 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
04:17:29.0718 1552 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
04:17:29.0718 1552 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
04:17:29.0765 1552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:17:29.0890 1552 Cdrom - ok
04:17:29.0906 1552 Changer - ok
04:17:29.0937 1552 CmdIde - ok
04:17:29.0984 1552 Cpqarray - ok
04:17:30.0000 1552 dac2w2k - ok
04:17:30.0015 1552 dac960nt - ok
04:17:30.0031 1552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:17:30.0187 1552 Disk - ok
04:17:30.0234 1552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:17:30.0421 1552 dmboot - ok
04:17:30.0437 1552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:17:30.0562 1552 dmio - ok
04:17:30.0578 1552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:17:30.0703 1552 dmload - ok
04:17:30.0750 1552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:17:30.0890 1552 DMusic - ok
04:17:30.0921 1552 dpti2o - ok
04:17:30.0921 1552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:17:31.0046 1552 drmkaud - ok
04:17:31.0093 1552 ElbyCDFL (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
04:17:31.0125 1552 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
04:17:31.0125 1552 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
04:17:31.0140 1552 ElbyCDIO (e4788e5b3e5f0a0bbb318a9c426c2812) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
04:17:31.0156 1552 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
04:17:31.0156 1552 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
04:17:31.0171 1552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:17:31.0312 1552 Fastfat - ok
04:17:31.0328 1552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:17:31.0484 1552 Fdc - ok
04:17:31.0515 1552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:17:31.0656 1552 Fips - ok
04:17:31.0687 1552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:17:31.0812 1552 Flpydisk - ok
04:17:31.0859 1552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:17:31.0984 1552 FltMgr - ok
04:17:32.0015 1552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:17:32.0140 1552 Fs_Rec - ok
04:17:32.0156 1552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:17:32.0296 1552 Ftdisk - ok
04:17:32.0312 1552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:17:32.0437 1552 Gpc - ok
04:17:32.0484 1552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:17:32.0625 1552 HDAudBus - ok
04:17:32.0656 1552 hpn - ok
04:17:32.0703 1552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:17:32.0781 1552 HTTP - ok
04:17:32.0796 1552 i2omgmt - ok
04:17:32.0812 1552 i2omp - ok
04:17:32.0828 1552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:17:32.0984 1552 i8042prt - ok
04:17:33.0046 1552 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:17:33.0156 1552 ialm - ok
04:17:33.0171 1552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:17:33.0312 1552 Imapi - ok
04:17:33.0328 1552 ini910u - ok
04:17:33.0484 1552 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:17:33.0671 1552 IntcAzAudAddService - ok
04:17:33.0687 1552 IntelIde - ok
04:17:33.0718 1552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:17:33.0843 1552 intelppm - ok
04:17:33.0875 1552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:17:34.0015 1552 Ip6Fw - ok
04:17:34.0031 1552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:17:34.0187 1552 IpFilterDriver - ok
04:17:34.0203 1552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:17:34.0328 1552 IpInIp - ok
04:17:34.0359 1552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:17:34.0500 1552 IpNat - ok
04:17:34.0531 1552 IPSec (6c76befd613cb4817879e1114930c228) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:17:34.0531 1552 IPSec ( Rootkit.Win32.ZAccess.k ) - infected
04:17:34.0531 1552 IPSec - detected Rootkit.Win32.ZAccess.k (0)
04:17:34.0546 1552 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
04:17:34.0687 1552 irda - ok
04:17:34.0718 1552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:17:34.0859 1552 IRENUM - ok
04:17:34.0890 1552 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
04:17:34.0953 1552 irsir - ok
04:17:34.0984 1552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:17:35.0125 1552 isapnp - ok
04:17:35.0140 1552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:17:35.0265 1552 Kbdclass - ok
04:17:35.0312 1552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:17:35.0453 1552 kmixer - ok
04:17:35.0484 1552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:17:35.0546 1552 KSecDD - ok
04:17:35.0562 1552 lbrtfdc - ok
04:17:35.0640 1552 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
04:17:35.0656 1552 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
04:17:35.0656 1552 MarvinBus - detected UnsignedFile.Multi.Generic (1)
04:17:35.0671 1552 MEMSWEEP2 - ok
04:17:35.0718 1552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:17:35.0875 1552 mnmdd - ok
04:17:35.0906 1552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:17:36.0031 1552 Modem - ok
04:17:36.0062 1552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:17:36.0187 1552 Mouclass - ok
04:17:36.0203 1552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:17:36.0343 1552 MountMgr - ok
04:17:36.0359 1552 mraid35x - ok
04:17:36.0375 1552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:17:36.0515 1552 MRxDAV - ok
04:17:36.0562 1552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:17:36.0640 1552 MRxSmb - ok
04:17:36.0687 1552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:17:36.0812 1552 Msfs - ok
04:17:36.0843 1552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:17:36.0984 1552 MSKSSRV - ok
04:17:37.0000 1552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:17:37.0140 1552 MSPCLOCK - ok
04:17:37.0156 1552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:17:37.0281 1552 MSPQM - ok
04:17:37.0296 1552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:17:37.0437 1552 mssmbios - ok
04:17:37.0468 1552 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:17:37.0609 1552 MSTEE - ok
04:17:37.0640 1552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:17:37.0671 1552 Mup - ok
04:17:37.0703 1552 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:17:37.0843 1552 NABTSFEC - ok
04:17:37.0875 1552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:17:38.0015 1552 NDIS - ok
04:17:38.0046 1552 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:17:38.0171 1552 NdisIP - ok
04:17:38.0203 1552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:17:38.0250 1552 NdisTapi - ok
04:17:38.0281 1552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:17:38.0390 1552 Ndisuio - ok
04:17:38.0406 1552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:17:38.0531 1552 NdisWan - ok
04:17:38.0578 1552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:17:38.0640 1552 NDProxy - ok
04:17:38.0656 1552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:17:38.0796 1552 NetBIOS - ok
04:17:38.0828 1552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:17:38.0968 1552 NetBT - ok
04:17:39.0015 1552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:17:39.0171 1552 NIC1394 - ok
04:17:39.0187 1552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:17:39.0312 1552 Npfs - ok
04:17:39.0359 1552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:17:39.0515 1552 Ntfs - ok
04:17:39.0562 1552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:17:39.0687 1552 Null - ok
04:17:39.0734 1552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:17:39.0890 1552 NwlnkFlt - ok
04:17:39.0906 1552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:17:40.0046 1552 NwlnkFwd - ok
04:17:40.0062 1552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:17:40.0187 1552 ohci1394 - ok
04:17:40.0203 1552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:17:40.0328 1552 Parport - ok
04:17:40.0343 1552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:17:40.0468 1552 PartMgr - ok
04:17:40.0500 1552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:17:40.0640 1552 ParVdm - ok
04:17:40.0656 1552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:17:40.0796 1552 PCI - ok
04:17:40.0796 1552 PCIDump - ok
04:17:40.0828 1552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:17:40.0984 1552 PCIIde - ok
04:17:41.0015 1552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:17:41.0140 1552 Pcmcia - ok
04:17:41.0140 1552 PDCOMP - ok
04:17:41.0156 1552 PDFRAME - ok
04:17:41.0171 1552 PDRELI - ok
04:17:41.0187 1552 PDRFRAME - ok
04:17:41.0203 1552 perc2 - ok
04:17:41.0218 1552 perc2hib - ok
04:17:41.0265 1552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:17:41.0421 1552 PptpMiniport - ok
04:17:41.0437 1552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:17:41.0562 1552 PSched - ok
04:17:41.0578 1552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:17:41.0734 1552 Ptilink - ok
04:17:41.0750 1552 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:17:41.0765 1552 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
04:17:41.0765 1552 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
04:17:41.0781 1552 ql1080 - ok
04:17:41.0796 1552 Ql10wnt - ok
04:17:41.0812 1552 ql12160 - ok
04:17:41.0828 1552 ql1240 - ok
04:17:41.0843 1552 ql1280 - ok
04:17:41.0968 1552 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
04:17:42.0000 1552 RapportCerberus_32301 - ok
04:17:42.0078 1552 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
04:17:42.0093 1552 RapportEI - ok
04:17:42.0140 1552 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
04:17:42.0156 1552 RapportIaso - ok
04:17:42.0218 1552 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
04:17:42.0234 1552 RapportKELL - ok
04:17:42.0265 1552 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
04:17:42.0281 1552 RapportPG - ok
04:17:42.0343 1552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:17:42.0484 1552 RasAcd - ok
04:17:42.0562 1552 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
04:17:42.0640 1552 Rasirda - ok
04:17:42.0703 1552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:17:42.0843 1552 Rasl2tp - ok
04:17:42.0890 1552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:17:43.0031 1552 RasPppoe - ok
04:17:43.0109 1552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:17:43.0265 1552 Raspti - ok
04:17:43.0312 1552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:17:43.0453 1552 Rdbss - ok
04:17:43.0500 1552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:17:43.0640 1552 RDPCDD - ok
04:17:43.0703 1552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:17:43.0812 1552 rdpdr - ok
04:17:43.0890 1552 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:17:43.0921 1552 RDPWD - ok
04:17:43.0953 1552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:17:44.0078 1552 redbook - ok
04:17:44.0156 1552 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
04:17:44.0218 1552 RTL8023xp - ok
04:17:44.0312 1552 RTL8187B (2e2e3a2d1ba5e540c32558f3f37d33e3) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
04:17:44.0375 1552 RTL8187B - ok
04:17:44.0484 1552 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:17:44.0500 1552 SASDIFSV - ok
04:17:44.0515 1552 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:17:44.0531 1552 SASKUTIL - ok
04:17:44.0625 1552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:17:44.0765 1552 Secdrv - ok
04:17:44.0828 1552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:17:44.0953 1552 serenum - ok
04:17:45.0000 1552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:17:45.0140 1552 Serial - ok
04:17:45.0203 1552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:17:45.0312 1552 Sfloppy - ok
04:17:45.0343 1552 Simbad - ok
04:17:45.0390 1552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:17:45.0515 1552 SLIP - ok
04:17:45.0562 1552 Sparrow - ok
04:17:45.0593 1552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:17:45.0703 1552 splitter - ok
04:17:45.0750 1552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:17:45.0890 1552 sr - ok
04:17:45.0984 1552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:17:46.0046 1552 Srv - ok
04:17:46.0109 1552 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:17:46.0234 1552 streamip - ok
04:17:46.0281 1552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:17:46.0421 1552 swenum - ok
04:17:46.0468 1552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:17:46.0609 1552 swmidi - ok
04:17:46.0656 1552 symc810 - ok
04:17:46.0687 1552 symc8xx - ok
04:17:46.0703 1552 sym_hi - ok
04:17:46.0734 1552 sym_u3 - ok
04:17:46.0765 1552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:17:46.0890 1552 sysaudio - ok
04:17:46.0937 1552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:17:47.0015 1552 Tcpip - ok
04:17:47.0078 1552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:17:47.0203 1552 TDPIPE - ok
04:17:47.0265 1552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:17:47.0390 1552 TDTCP - ok
04:17:47.0437 1552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:17:47.0562 1552 TermDD - ok
04:17:47.0625 1552 TosIde - ok
04:17:47.0671 1552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:17:47.0796 1552 Udfs - ok
04:17:47.0843 1552 ultra - ok
04:17:47.0921 1552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:17:48.0078 1552 Update - ok
04:17:48.0125 1552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:17:48.0265 1552 usbehci - ok
04:17:48.0312 1552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:17:48.0453 1552 usbhub - ok
04:17:48.0531 1552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:17:48.0671 1552 usbprint - ok
04:17:48.0734 1552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:17:48.0843 1552 usbscan - ok
04:17:48.0890 1552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:17:49.0031 1552 USBSTOR - ok
04:17:49.0078 1552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:17:49.0203 1552 usbuhci - ok
04:17:49.0234 1552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:17:49.0359 1552 VgaSave - ok
04:17:49.0375 1552 ViaIde - ok
04:17:49.0406 1552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:17:49.0531 1552 VolSnap - ok
04:17:49.0593 1552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:17:49.0734 1552 Wanarp - ok
04:17:49.0812 1552 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
04:17:49.0859 1552 wanatw - ok
04:17:49.0890 1552 WDICA - ok
04:17:49.0937 1552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:17:50.0078 1552 wdmaud - ok
04:17:50.0187 1552 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:17:50.0312 1552 WSTCODEC - ok
04:17:50.0390 1552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:17:50.0437 1552 WudfPf - ok
04:17:50.0484 1552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:17:50.0531 1552 WudfRd - ok
04:17:50.0562 1552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
04:17:50.0781 1552 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:17:50.0781 1552 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:17:50.0781 1552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:17:50.0796 1552 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
04:17:50.0796 1552 \Device\Harddisk1\DR1 - detected TDSS File System (1)
04:17:50.0812 1552 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
04:17:52.0109 1552 \Device\Harddisk2\DR4 - ok
04:17:52.0109 1552 Boot (0x1200) (555a6d4c7d00f2d72ad7160e654f0ad1) \Device\Harddisk0\DR0\Partition0
04:17:52.0109 1552 \Device\Harddisk0\DR0\Partition0 - ok
04:17:52.0109 1552 Boot (0x1200) (965b2f2bf569c3fdb332f4b7e12d3790) \Device\Harddisk1\DR1\Partition0
04:17:52.0109 1552 \Device\Harddisk1\DR1\Partition0 - ok
04:17:52.0125 1552 Boot (0x1200) (73f9cfafab928aa1b07e1c2e27d077b7) \Device\Harddisk2\DR4\Partition0
04:17:52.0125 1552 \Device\Harddisk2\DR4\Partition0 - ok
04:17:52.0125 1552 ============================================================
04:17:52.0125 1552 Scan finished
04:17:52.0125 1552 ============================================================
04:17:52.0234 1720 Detected object count: 10
04:17:52.0234 1720 Actual detected object count: 10
04:18:23.0156 1720 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:23.0156 1720 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:23.0156 1720 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:23.0156 1720 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:23.0156 1720 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:23.0156 1720 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:23.0156 1720 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:23.0156 1720 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:23.0156 1720 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:23.0156 1720 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:23.0250 1720 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
04:18:23.0687 1720 Backup copy found, using it..
04:18:23.0703 1720 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
04:18:25.0296 1720 IPSec ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
04:18:25.0296 1720 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:25.0296 1720 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:25.0296 1720 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:25.0296 1720 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:18:25.0296 1720 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:18:25.0296 1720 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:18:25.0296 1720 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
04:18:25.0296 1720 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
04:20:04.0343 2140 Deinitialize success


-----------------------------------------------------

second
04:25:18.0936 4004 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
04:25:19.0327 4004 ============================================================
04:25:19.0327 4004 Current date / time: 2011/12/02 04:25:19.0327
04:25:19.0327 4004 SystemInfo:
04:25:19.0327 4004
04:25:19.0327 4004 OS Version: 5.1.2600 ServicePack: 3.0
04:25:19.0327 4004 Product type: Workstation
04:25:19.0327 4004 ComputerName: REDTEN
04:25:19.0327 4004 UserName: snapper
04:25:19.0327 4004 Windows directory: C:\WINDOWS
04:25:19.0327 4004 System windows directory: C:\WINDOWS
04:25:19.0327 4004 Processor architecture: Intel x86
04:25:19.0327 4004 Number of processors: 2
04:25:19.0327 4004 Page size: 0x1000
04:25:19.0327 4004 Boot type: Normal boot
04:25:19.0327 4004 ============================================================
04:25:19.0842 4004 Initialize success
04:25:32.0092 2164 ============================================================
04:25:32.0092 2164 Scan started
04:25:32.0092 2164 Mode: Manual; SigCheck; TDLFS;
04:25:32.0092 2164 ============================================================
04:25:32.0327 2164 Abiosdsk - ok
04:25:32.0342 2164 abp480n5 - ok
04:25:32.0421 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:25:34.0249 2164 ACPI - ok
04:25:34.0327 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:25:34.0483 2164 ACPIEC - ok
04:25:34.0530 2164 adpu160m - ok
04:25:34.0561 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:25:34.0702 2164 aec - ok
04:25:34.0780 2164 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
04:25:34.0811 2164 AegisP ( UnsignedFile.Multi.Generic ) - warning
04:25:34.0811 2164 AegisP - detected UnsignedFile.Multi.Generic (1)
04:25:34.0889 2164 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:25:34.0921 2164 AFD - ok
04:25:34.0952 2164 Aha154x - ok
04:25:34.0983 2164 aic78u2 - ok
04:25:34.0999 2164 aic78xx - ok
04:25:35.0030 2164 AliIde - ok
04:25:35.0061 2164 amsint - ok
04:25:35.0124 2164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:25:35.0264 2164 Arp1394 - ok
04:25:35.0296 2164 asc - ok
04:25:35.0327 2164 asc3350p - ok
04:25:35.0342 2164 asc3550 - ok
04:25:35.0436 2164 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
04:25:35.0467 2164 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
04:25:35.0467 2164 Aspi32 - detected UnsignedFile.Multi.Generic (1)
04:25:35.0514 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:25:35.0655 2164 AsyncMac - ok
04:25:35.0702 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:25:35.0858 2164 atapi - ok
04:25:35.0905 2164 Atdisk - ok
04:25:35.0921 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:25:36.0061 2164 Atmarpc - ok
04:25:36.0139 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:25:36.0296 2164 audstub - ok
04:25:36.0374 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:25:36.0499 2164 Beep - ok
04:25:36.0577 2164 BENDER (fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32\drivers\bender.sys
04:25:36.0624 2164 BENDER - ok
04:25:36.0702 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:25:36.0858 2164 cbidf2k - ok
04:25:36.0905 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:25:37.0046 2164 CCDECODE - ok
04:25:37.0092 2164 cd20xrnt - ok
04:25:37.0124 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:25:37.0280 2164 Cdaudio - ok
04:25:37.0358 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:25:37.0499 2164 Cdfs - ok
04:25:37.0577 2164 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
04:25:37.0592 2164 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
04:25:37.0592 2164 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
04:25:37.0639 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:25:37.0764 2164 Cdrom - ok
04:25:37.0780 2164 Changer - ok
04:25:37.0827 2164 CmdIde - ok
04:25:37.0858 2164 Cpqarray - ok
04:25:37.0889 2164 dac2w2k - ok
04:25:37.0905 2164 dac960nt - ok
04:25:37.0921 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:25:38.0077 2164 Disk - ok
04:25:38.0124 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:25:38.0296 2164 dmboot - ok
04:25:38.0311 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:25:38.0436 2164 dmio - ok
04:25:38.0452 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:25:38.0592 2164 dmload - ok
04:25:38.0624 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:25:38.0780 2164 DMusic - ok
04:25:38.0796 2164 dpti2o - ok
04:25:38.0811 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:25:38.0936 2164 drmkaud - ok
04:25:38.0983 2164 ElbyCDFL (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
04:25:38.0999 2164 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
04:25:38.0999 2164 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
04:25:39.0030 2164 ElbyCDIO (e4788e5b3e5f0a0bbb318a9c426c2812) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
04:25:39.0030 2164 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
04:25:39.0030 2164 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
04:25:39.0061 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:25:39.0202 2164 Fastfat - ok
04:25:39.0217 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:25:39.0358 2164 Fdc - ok
04:25:39.0389 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:25:39.0514 2164 Fips - ok
04:25:39.0546 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:25:39.0686 2164 Flpydisk - ok
04:25:39.0717 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:25:39.0842 2164 FltMgr - ok
04:25:39.0874 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:25:40.0014 2164 Fs_Rec - ok
04:25:40.0030 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:25:40.0171 2164 Ftdisk - ok
04:25:40.0186 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:25:40.0311 2164 Gpc - ok
04:25:40.0327 2164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:25:40.0467 2164 HDAudBus - ok
04:25:40.0514 2164 hpn - ok
04:25:40.0561 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:25:40.0608 2164 HTTP - ok
04:25:40.0624 2164 i2omgmt - ok
04:25:40.0639 2164 i2omp - ok
04:25:40.0655 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:25:40.0796 2164 i8042prt - ok
04:25:40.0874 2164 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:25:40.0967 2164 ialm - ok
04:25:40.0983 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:25:41.0139 2164 Imapi - ok
04:25:41.0155 2164 ini910u - ok
04:25:41.0296 2164 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:25:41.0514 2164 IntcAzAudAddService - ok
04:25:41.0530 2164 IntelIde - ok
04:25:41.0561 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:25:41.0686 2164 intelppm - ok
04:25:41.0717 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:25:41.0858 2164 Ip6Fw - ok
04:25:41.0874 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:25:42.0014 2164 IpFilterDriver - ok
04:25:42.0030 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:25:42.0155 2164 IpInIp - ok
04:25:42.0202 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:25:42.0342 2164 IpNat - ok
04:25:42.0374 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:25:42.0514 2164 IPSec - ok
04:25:42.0546 2164 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
04:25:42.0686 2164 irda - ok
04:25:42.0702 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:25:42.0842 2164 IRENUM - ok
04:25:42.0889 2164 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
04:25:42.0967 2164 irsir - ok
04:25:42.0999 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:25:43.0155 2164 isapnp - ok
04:25:43.0155 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:25:43.0280 2164 Kbdclass - ok
04:25:43.0327 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:25:43.0467 2164 kmixer - ok
04:25:43.0483 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:25:43.0546 2164 KSecDD - ok
04:25:43.0561 2164 lbrtfdc - ok
04:25:43.0639 2164 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
04:25:43.0655 2164 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
04:25:43.0655 2164 MarvinBus - detected UnsignedFile.Multi.Generic (1)
04:25:43.0671 2164 MEMSWEEP2 - ok
04:25:43.0717 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:25:43.0858 2164 mnmdd - ok
04:25:43.0889 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:25:44.0030 2164 Modem - ok
04:25:44.0061 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:25:44.0186 2164 Mouclass - ok
04:25:44.0202 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:25:44.0358 2164 MountMgr - ok
04:25:44.0374 2164 mraid35x - ok
04:25:44.0389 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:25:44.0514 2164 MRxDAV - ok
04:25:44.0561 2164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:25:44.0639 2164 MRxSmb - ok
04:25:44.0655 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:25:44.0796 2164 Msfs - ok
04:25:44.0827 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:25:44.0983 2164 MSKSSRV - ok
04:25:44.0983 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:25:45.0124 2164 MSPCLOCK - ok
04:25:45.0139 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:25:45.0264 2164 MSPQM - ok
04:25:45.0327 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:25:45.0436 2164 mssmbios - ok
04:25:45.0467 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:25:45.0608 2164 MSTEE - ok
04:25:45.0655 2164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:25:45.0702 2164 Mup - ok
04:25:45.0749 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:25:45.0874 2164 NABTSFEC - ok
04:25:45.0921 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:25:46.0061 2164 NDIS - ok
04:25:46.0092 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:25:46.0233 2164 NdisIP - ok
04:25:46.0264 2164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:25:46.0311 2164 NdisTapi - ok
04:25:46.0327 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:25:46.0452 2164 Ndisuio - ok
04:25:46.0467 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:25:46.0592 2164 NdisWan - ok
04:25:46.0624 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:25:46.0686 2164 NDProxy - ok
04:25:46.0717 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:25:46.0858 2164 NetBIOS - ok
04:25:46.0889 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:25:47.0030 2164 NetBT - ok
04:25:47.0077 2164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:25:47.0217 2164 NIC1394 - ok
04:25:47.0233 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:25:47.0358 2164 Npfs - ok
04:25:47.0405 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:25:47.0561 2164 Ntfs - ok
04:25:47.0608 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:25:47.0733 2164 Null - ok
04:25:47.0780 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:25:47.0936 2164 NwlnkFlt - ok
04:25:47.0952 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:25:48.0092 2164 NwlnkFwd - ok
04:25:48.0108 2164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:25:48.0233 2164 ohci1394 - ok
04:25:48.0280 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:25:48.0421 2164 Parport - ok
04:25:48.0452 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:25:48.0592 2164 PartMgr - ok
04:25:48.0624 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:25:48.0749 2164 ParVdm - ok
04:25:48.0764 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:25:48.0905 2164 PCI - ok
04:25:48.0921 2164 PCIDump - ok
04:25:48.0952 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:25:49.0108 2164 PCIIde - ok
04:25:49.0124 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:25:49.0249 2164 Pcmcia - ok
04:25:49.0264 2164 PDCOMP - ok
04:25:49.0280 2164 PDFRAME - ok
04:25:49.0296 2164 PDRELI - ok
04:25:49.0311 2164 PDRFRAME - ok
04:25:49.0327 2164 perc2 - ok
04:25:49.0342 2164 perc2hib - ok
04:25:49.0389 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:25:49.0530 2164 PptpMiniport - ok
04:25:49.0561 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:25:49.0702 2164 PSched - ok
04:25:49.0717 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:25:49.0858 2164 Ptilink - ok
04:25:49.0874 2164 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:25:49.0889 2164 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
04:25:49.0889 2164 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
04:25:49.0905 2164 ql1080 - ok
04:25:49.0921 2164 Ql10wnt - ok
04:25:49.0936 2164 ql12160 - ok
04:25:49.0952 2164 ql1240 - ok
04:25:49.0967 2164 ql1280 - ok
04:25:50.0108 2164 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
04:25:50.0467 2164 RapportCerberus_32301 - ok
04:25:50.0546 2164 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
04:25:50.0561 2164 RapportEI - ok
04:25:50.0686 2164 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
04:25:50.0702 2164 RapportIaso - ok
04:25:50.0764 2164 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
04:25:50.0780 2164 RapportKELL - ok
04:25:50.0796 2164 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
04:25:50.0811 2164 RapportPG - ok
04:25:50.0858 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:25:51.0014 2164 RasAcd - ok
04:25:51.0092 2164 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
04:25:51.0171 2164 Rasirda - ok
04:25:51.0233 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:25:51.0358 2164 Rasl2tp - ok
04:25:51.0405 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:25:51.0546 2164 RasPppoe - ok
04:25:51.0577 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:25:51.0717 2164 Raspti - ok
04:25:51.0764 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:25:51.0905 2164 Rdbss - ok
04:25:51.0952 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:25:52.0092 2164 RDPCDD - ok
04:25:52.0139 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:25:52.0264 2164 rdpdr - ok
04:25:52.0327 2164 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:25:52.0374 2164 RDPWD - ok
04:25:52.0421 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:25:52.0530 2164 redbook - ok
04:25:52.0624 2164 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
04:25:52.0702 2164 RTL8023xp - ok
04:25:52.0780 2164 RTL8187B (2e2e3a2d1ba5e540c32558f3f37d33e3) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
04:25:52.0842 2164 RTL8187B - ok
04:25:52.0967 2164 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:25:52.0967 2164 SASDIFSV - ok
04:25:52.0999 2164 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:25:52.0999 2164 SASKUTIL - ok
04:25:53.0077 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:25:53.0217 2164 Secdrv - ok
04:25:53.0264 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:25:53.0405 2164 serenum - ok
04:25:53.0452 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:25:53.0592 2164 Serial - ok
04:25:53.0655 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:25:53.0796 2164 Sfloppy - ok
04:25:53.0842 2164 Simbad - ok
04:25:53.0889 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:25:54.0014 2164 SLIP - ok
04:25:54.0046 2164 Sparrow - ok
04:25:54.0092 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:25:54.0202 2164 splitter - ok
04:25:54.0249 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:25:54.0374 2164 sr - ok
04:25:54.0467 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:25:54.0546 2164 Srv - ok
04:25:54.0624 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:25:54.0749 2164 streamip - ok
04:25:54.0796 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:25:54.0936 2164 swenum - ok
04:25:54.0983 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:25:55.0124 2164 swmidi - ok
04:25:55.0171 2164 symc810 - ok
04:25:55.0202 2164 symc8xx - ok
04:25:55.0233 2164 sym_hi - ok
04:25:55.0249 2164 sym_u3 - ok
04:25:55.0280 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:25:55.0405 2164 sysaudio - ok
04:25:55.0452 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:25:55.0530 2164 Tcpip - ok
04:25:55.0592 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:25:55.0717 2164 TDPIPE - ok
04:25:55.0780 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:25:55.0905 2164 TDTCP - ok
04:25:55.0952 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:25:56.0077 2164 TermDD - ok
04:25:56.0108 2164 TosIde - ok
04:25:56.0155 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:25:56.0280 2164 Udfs - ok
04:25:56.0327 2164 ultra - ok
04:25:56.0389 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:25:56.0530 2164 Update - ok
04:25:56.0577 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:25:56.0702 2164 usbehci - ok
04:25:56.0733 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:25:56.0858 2164 usbhub - ok
04:25:56.0921 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:25:57.0061 2164 usbprint - ok
04:25:57.0092 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:25:57.0233 2164 usbscan - ok
04:25:57.0280 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:25:57.0389 2164 USBSTOR - ok
04:25:57.0421 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:25:57.0546 2164 usbuhci - ok
04:25:57.0577 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:25:57.0686 2164 VgaSave - ok
04:25:57.0702 2164 ViaIde - ok
04:25:57.0733 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:25:57.0874 2164 VolSnap - ok
04:25:57.0889 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:25:58.0014 2164 Wanarp - ok
04:25:58.0061 2164 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
04:25:58.0108 2164 wanatw - ok
04:25:58.0124 2164 WDICA - ok
04:25:58.0171 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:25:58.0311 2164 wdmaud - ok
04:25:58.0389 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:25:58.0514 2164 WSTCODEC - ok
04:25:58.0561 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:25:58.0592 2164 WudfPf - ok
04:25:58.0624 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:25:58.0655 2164 WudfRd - ok
04:25:58.0686 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
04:25:58.0842 2164 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:25:58.0842 2164 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:25:58.0858 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:25:58.0889 2164 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
04:25:58.0889 2164 \Device\Harddisk1\DR1 - detected TDSS File System (1)
04:25:58.0889 2164 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
04:25:59.0202 2164 \Device\Harddisk2\DR4 - ok
04:25:59.0202 2164 Boot (0x1200) (555a6d4c7d00f2d72ad7160e654f0ad1) \Device\Harddisk0\DR0\Partition0
04:25:59.0202 2164 \Device\Harddisk0\DR0\Partition0 - ok
04:25:59.0217 2164 Boot (0x1200) (965b2f2bf569c3fdb332f4b7e12d3790) \Device\Harddisk1\DR1\Partition0
04:25:59.0217 2164 \Device\Harddisk1\DR1\Partition0 - ok
04:25:59.0217 2164 Boot (0x1200) (73f9cfafab928aa1b07e1c2e27d077b7) \Device\Harddisk2\DR4\Partition0
04:25:59.0217 2164 \Device\Harddisk2\DR4\Partition0 - ok
04:25:59.0233 2164 ============================================================
04:25:59.0233 2164 Scan finished
04:25:59.0233 2164 ============================================================
04:25:59.0358 2260 Detected object count: 9
04:25:59.0358 2260 Actual detected object count: 9
04:31:54.0764 2260 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0764 2260 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0764 2260 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0764 2260 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0764 2260 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0764 2260 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0764 2260 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0764 2260 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0780 2260 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0780 2260 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0780 2260 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0780 2260 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0780 2260 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
04:31:54.0780 2260 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:31:54.0780 2260 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:31:54.0780 2260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:31:54.0780 2260 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
04:31:54.0780 2260 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
04:32:13.0405 3372 ============================================================
04:32:13.0405 3372 Scan started
04:32:13.0405 3372 Mode: Manual; SigCheck; TDLFS;
04:32:13.0405 3372 ============================================================
04:32:13.0686 3372 Abiosdsk - ok
04:32:13.0717 3372 abp480n5 - ok
04:32:13.0780 3372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:32:14.0342 3372 ACPI - ok
04:32:14.0421 3372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:32:14.0546 3372 ACPIEC - ok
04:32:14.0577 3372 adpu160m - ok
04:32:14.0639 3372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:32:14.0780 3372 aec - ok
04:32:14.0858 3372 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
04:32:14.0889 3372 AegisP ( UnsignedFile.Multi.Generic ) - warning
04:32:14.0889 3372 AegisP - detected UnsignedFile.Multi.Generic (1)
04:32:14.0952 3372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:32:14.0983 3372 AFD - ok
04:32:15.0030 3372 Aha154x - ok
04:32:15.0061 3372 aic78u2 - ok
04:32:15.0077 3372 aic78xx - ok
04:32:15.0108 3372 AliIde - ok
04:32:15.0124 3372 amsint - ok
04:32:15.0139 3372 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:32:15.0280 3372 Arp1394 - ok
04:32:15.0296 3372 asc - ok
04:32:15.0311 3372 asc3350p - ok
04:32:15.0327 3372 asc3550 - ok
04:32:15.0374 3372 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
04:32:15.0405 3372 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
04:32:15.0405 3372 Aspi32 - detected UnsignedFile.Multi.Generic (1)
04:32:15.0436 3372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:32:15.0577 3372 AsyncMac - ok
04:32:15.0592 3372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:32:15.0733 3372 atapi - ok
04:32:15.0749 3372 Atdisk - ok
04:32:15.0764 3372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:32:15.0874 3372 Atmarpc - ok
04:32:15.0921 3372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:32:16.0077 3372 audstub - ok
04:32:16.0124 3372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:32:16.0249 3372 Beep - ok
04:32:16.0296 3372 BENDER (fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32\drivers\bender.sys
04:32:16.0327 3372 BENDER - ok
04:32:16.0358 3372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:32:16.0483 3372 cbidf2k - ok
04:32:16.0514 3372 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:32:16.0655 3372 CCDECODE - ok
04:32:16.0671 3372 cd20xrnt - ok
04:32:16.0702 3372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:32:16.0842 3372 Cdaudio - ok
04:32:16.0889 3372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:32:17.0014 3372 Cdfs - ok
04:32:17.0061 3372 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
04:32:17.0077 3372 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
04:32:17.0077 3372 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
04:32:17.0092 3372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:32:17.0217 3372 Cdrom - ok
04:32:17.0233 3372 Changer - ok
04:32:17.0249 3372 CmdIde - ok
04:32:17.0280 3372 Cpqarray - ok
04:32:17.0296 3372 dac2w2k - ok
04:32:17.0311 3372 dac960nt - ok
04:32:17.0327 3372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:32:17.0452 3372 Disk - ok
04:32:17.0514 3372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:32:17.0671 3372 dmboot - ok
04:32:17.0686 3372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:32:17.0811 3372 dmio - ok
04:32:17.0811 3372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:32:17.0952 3372 dmload - ok
04:32:17.0983 3372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:32:18.0124 3372 DMusic - ok
04:32:18.0139 3372 dpti2o - ok
04:32:18.0155 3372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:32:18.0280 3372 drmkaud - ok
04:32:18.0311 3372 ElbyCDFL (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
04:32:18.0342 3372 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
04:32:18.0342 3372 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
04:32:18.0374 3372 ElbyCDIO (e4788e5b3e5f0a0bbb318a9c426c2812) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
04:32:18.0389 3372 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
04:32:18.0389 3372 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
04:32:18.0436 3372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:32:18.0546 3372 Fastfat - ok
04:32:18.0592 3372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:32:18.0717 3372 Fdc - ok
04:32:18.0749 3372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:32:18.0874 3372 Fips - ok
04:32:18.0905 3372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:32:19.0030 3372 Flpydisk - ok
04:32:19.0061 3372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:32:19.0202 3372 FltMgr - ok
04:32:19.0217 3372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:32:19.0342 3372 Fs_Rec - ok
04:32:19.0358 3372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:32:19.0483 3372 Ftdisk - ok
04:32:19.0530 3372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:32:19.0639 3372 Gpc - ok
04:32:19.0702 3372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:32:19.0842 3372 HDAudBus - ok
04:32:19.0858 3372 hpn - ok
04:32:19.0905 3372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:32:19.0936 3372 HTTP - ok
04:32:19.0952 3372 i2omgmt - ok
04:32:19.0967 3372 i2omp - ok
04:32:19.0999 3372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:32:20.0139 3372 i8042prt - ok
04:32:20.0217 3372 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:32:20.0280 3372 ialm - ok
04:32:20.0296 3372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:32:20.0421 3372 Imapi - ok
04:32:20.0436 3372 ini910u - ok
04:32:20.0592 3372 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:32:20.0780 3372 IntcAzAudAddService - ok
04:32:20.0796 3372 IntelIde - ok
04:32:20.0827 3372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:32:20.0936 3372 intelppm - ok
04:32:20.0983 3372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:32:21.0108 3372 Ip6Fw - ok
04:32:21.0139 3372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:32:21.0264 3372 IpFilterDriver - ok
04:32:21.0280 3372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:32:21.0405 3372 IpInIp - ok
04:32:21.0436 3372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:32:21.0577 3372 IpNat - ok
04:32:21.0608 3372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:32:21.0733 3372 IPSec - ok
04:32:21.0749 3372 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
04:32:21.0889 3372 irda - ok
04:32:21.0921 3372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:32:22.0046 3372 IRENUM - ok
04:32:22.0092 3372 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
04:32:22.0171 3372 irsir - ok
04:32:22.0202 3372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:32:22.0342 3372 isapnp - ok
04:32:22.0358 3372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:32:22.0467 3372 Kbdclass - ok
04:32:22.0514 3372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:32:22.0655 3372 kmixer - ok
04:32:22.0671 3372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:32:22.0702 3372 KSecDD - ok
04:32:22.0717 3372 lbrtfdc - ok
04:32:22.0780 3372 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
04:32:22.0811 3372 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
04:32:22.0811 3372 MarvinBus - detected UnsignedFile.Multi.Generic (1)
04:32:22.0811 3372 MEMSWEEP2 - ok
04:32:22.0874 3372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:32:22.0999 3372 mnmdd - ok
04:32:23.0046 3372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:32:23.0171 3372 Modem - ok
04:32:23.0202 3372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:32:23.0327 3372 Mouclass - ok
04:32:23.0342 3372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:32:23.0483 3372 MountMgr - ok
04:32:23.0483 3372 mraid35x - ok
04:32:23.0514 3372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:32:23.0639 3372 MRxDAV - ok
04:32:23.0702 3372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:32:23.0733 3372 MRxSmb - ok
04:32:23.0764 3372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:32:23.0921 3372 Msfs - ok
04:32:23.0952 3372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:32:24.0077 3372 MSKSSRV - ok
04:32:24.0092 3372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:32:24.0217 3372 MSPCLOCK - ok
04:32:24.0233 3372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:32:24.0358 3372 MSPQM - ok
04:32:24.0405 3372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:32:24.0514 3372 mssmbios - ok
04:32:24.0546 3372 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:32:24.0671 3372 MSTEE - ok
04:32:24.0702 3372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:32:24.0733 3372 Mup - ok
04:32:24.0764 3372 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:32:24.0874 3372 NABTSFEC - ok
04:32:24.0921 3372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:32:25.0046 3372 NDIS - ok
04:32:25.0061 3372 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:32:25.0186 3372 NdisIP - ok
04:32:25.0217 3372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:32:25.0249 3372 NdisTapi - ok
04:32:25.0280 3372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:32:25.0389 3372 Ndisuio - ok
04:32:25.0405 3372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:32:25.0546 3372 NdisWan - ok
04:32:25.0608 3372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:32:25.0639 3372 NDProxy - ok
04:32:25.0671 3372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:32:25.0796 3372 NetBIOS - ok
04:32:25.0827 3372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:32:25.0967 3372 NetBT - ok
04:32:26.0014 3372 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:32:26.0155 3372 NIC1394 - ok
04:32:26.0186 3372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:32:26.0296 3372 Npfs - ok
04:32:26.0342 3372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:32:26.0467 3372 Ntfs - ok
04:32:26.0514 3372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:32:26.0639 3372 Null - ok
04:32:26.0686 3372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:32:26.0811 3372 NwlnkFlt - ok
04:32:26.0827 3372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:32:26.0952 3372 NwlnkFwd - ok
04:32:26.0967 3372 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:32:27.0092 3372 ohci1394 - ok
04:32:27.0124 3372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:32:27.0264 3372 Parport - ok
04:32:27.0280 3372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:32:27.0405 3372 PartMgr - ok
04:32:27.0436 3372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:32:27.0546 3372 ParVdm - ok
04:32:27.0561 3372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:32:27.0702 3372 PCI - ok
04:32:27.0702 3372 PCIDump - ok
04:32:27.0733 3372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:32:27.0874 3372 PCIIde - ok
04:32:27.0889 3372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:32:28.0014 3372 Pcmcia - ok
04:32:28.0030 3372 PDCOMP - ok
04:32:28.0046 3372 PDFRAME - ok
04:32:28.0061 3372 PDRELI - ok
04:32:28.0077 3372 PDRFRAME - ok
04:32:28.0092 3372 perc2 - ok
04:32:28.0108 3372 perc2hib - ok
04:32:28.0155 3372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:32:28.0296 3372 PptpMiniport - ok
04:32:28.0311 3372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:32:28.0436 3372 PSched - ok
04:32:28.0452 3372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:32:28.0577 3372 Ptilink - ok
04:32:28.0592 3372 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:32:28.0608 3372 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
04:32:28.0608 3372 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
04:32:28.0624 3372 ql1080 - ok
04:32:28.0639 3372 Ql10wnt - ok
04:32:28.0655 3372 ql12160 - ok
04:32:28.0671 3372 ql1240 - ok
04:32:28.0686 3372 ql1280 - ok
04:32:28.0811 3372 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
04:32:28.0827 3372 RapportCerberus_32301 - ok
04:32:28.0905 3372 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
04:32:28.0921 3372 RapportEI - ok
04:32:28.0967 3372 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
04:32:28.0983 3372 RapportIaso - ok
04:32:29.0030 3372 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
04:32:29.0030 3372 RapportKELL - ok
04:32:29.0061 3372 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
04:32:29.0077 3372 RapportPG - ok
04:32:29.0108 3372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:32:29.0249 3372 RasAcd - ok
04:32:29.0327 3372 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
04:32:29.0389 3372 Rasirda - ok
04:32:29.0452 3372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:32:29.0592 3372 Rasl2tp - ok
04:32:29.0624 3372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:32:29.0764 3372 RasPppoe - ok
04:32:29.0811 3372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:32:29.0952 3372 Raspti - ok
04:32:29.0999 3372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:32:30.0139 3372 Rdbss - ok
04:32:30.0186 3372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:32:30.0327 3372 RDPCDD - ok
04:32:30.0374 3372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:32:30.0499 3372 rdpdr - ok
04:32:30.0577 3372 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:32:30.0592 3372 RDPWD - ok
04:32:30.0639 3372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:32:30.0764 3372 redbook - ok
04:32:30.0842 3372 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
04:32:30.0905 3372 RTL8023xp - ok
04:32:30.0983 3372 RTL8187B (2e2e3a2d1ba5e540c32558f3f37d33e3) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
04:32:31.0030 3372 RTL8187B - ok
04:32:31.0139 3372 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:32:31.0139 3372 SASDIFSV - ok
04:32:31.0155 3372 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:32:31.0171 3372 SASKUTIL - ok
04:32:31.0264 3372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:32:31.0405 3372 Secdrv - ok
04:32:31.0452 3372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:32:31.0577 3372 serenum - ok
04:32:31.0608 3372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:32:31.0749 3372 Serial - ok
04:32:31.0811 3372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:32:31.0952 3372 Sfloppy - ok
04:32:31.0999 3372 Simbad - ok
04:32:32.0046 3372 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:32:32.0171 3372 SLIP - ok
04:32:32.0202 3372 Sparrow - ok
04:32:32.0233 3372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:32:32.0358 3372 splitter - ok
04:32:32.0389 3372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:32:32.0530 3372 sr - ok
04:32:32.0608 3372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:32:32.0655 3372 Srv - ok
04:32:32.0717 3372 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:32:32.0858 3372 streamip - ok
04:32:32.0905 3372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:32:33.0030 3372 swenum - ok
04:32:33.0046 3372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:32:33.0186 3372 swmidi - ok
04:32:33.0233 3372 symc810 - ok
04:32:33.0264 3372 symc8xx - ok
04:32:33.0280 3372 sym_hi - ok
04:32:33.0311 3372 sym_u3 - ok
04:32:33.0342 3372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:32:33.0483 3372 sysaudio - ok
04:32:33.0530 3372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:32:33.0561 3372 Tcpip - ok
04:32:33.0639 3372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:32:33.0780 3372 TDPIPE - ok
04:32:33.0842 3372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:32:33.0952 3372 TDTCP - ok
04:32:33.0999 3372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:32:34.0124 3372 TermDD - ok
04:32:34.0155 3372 TosIde - ok
04:32:34.0202 3372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:32:34.0311 3372 Udfs - ok
04:32:34.0342 3372 ultra - ok
04:32:34.0405 3372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:32:34.0530 3372 Update - ok
04:32:34.0592 3372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:32:34.0733 3372 usbehci - ok
04:32:34.0780 3372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:32:34.0921 3372 usbhub - ok
04:32:34.0999 3372 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:32:35.0139 3372 usbprint - ok
04:32:35.0202 3372 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:32:35.0311 3372 usbscan - ok
04:32:35.0358 3372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:32:35.0483 3372 USBSTOR - ok
04:32:35.0530 3372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:32:35.0655 3372 usbuhci - ok
04:32:35.0686 3372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:32:35.0796 3372 VgaSave - ok
04:32:35.0827 3372 ViaIde - ok
04:32:35.0858 3372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:32:35.0983 3372 VolSnap - ok
04:32:36.0030 3372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:32:36.0171 3372 Wanarp - ok
04:32:36.0249 3372 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
04:32:36.0280 3372 wanatw - ok
04:32:36.0311 3372 WDICA - ok
04:32:36.0358 3372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:32:36.0483 3372 wdmaud - ok
04:32:36.0592 3372 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:32:36.0717 3372 WSTCODEC - ok
04:32:36.0796 3372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:32:36.0811 3372 WudfPf - ok
04:32:36.0874 3372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:32:36.0889 3372 WudfRd - ok
04:32:36.0936 3372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
04:32:37.0092 3372 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:32:37.0092 3372 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:32:37.0092 3372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:32:37.0108 3372 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
04:32:37.0108 3372 \Device\Harddisk1\DR1 - detected TDSS File System (1)
04:32:37.0108 3372 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
04:32:37.0421 3372 \Device\Harddisk2\DR4 - ok
04:32:37.0421 3372 Boot (0x1200) (555a6d4c7d00f2d72ad7160e654f0ad1) \Device\Harddisk0\DR0\Partition0
04:32:37.0421 3372 \Device\Harddisk0\DR0\Partition0 - ok
04:32:37.0421 3372 Boot (0x1200) (965b2f2bf569c3fdb332f4b7e12d3790) \Device\Harddisk1\DR1\Partition0
04:32:37.0421 3372 \Device\Harddisk1\DR1\Partition0 - ok
04:32:37.0436 3372 Boot (0x1200) (73f9cfafab928aa1b07e1c2e27d077b7) \Device\Harddisk2\DR4\Partition0
04:32:37.0436 3372 \Device\Harddisk2\DR4\Partition0 - ok
04:32:37.0436 3372 ============================================================
04:32:37.0436 3372 Scan finished
04:32:37.0436 3372 ============================================================
04:32:37.0452 0740 Detected object count: 9
04:32:37.0452 0740 Actual detected object count: 9
04:37:16.0546 0740 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0546 0740 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0546 0740 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0546 0740 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0546 0740 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0546 0740 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0546 0740 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0546 0740 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0561 0740 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0561 0740 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0561 0740 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0561 0740 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0561 0740 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
04:37:16.0561 0740 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:37:16.0561 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:37:16.0561 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:37:16.0561 0740 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
04:37:16.0561 0740 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
04:37:21.0092 3588 Deinitialize success


regards

Attached Files



#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 02 December 2011 - 02:31 AM

Hello.

Thanks for those log files.

If you run TDSSKiller again, can you select cure for these items?

04:18:25.0296 1720 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:18:25.0296 1720 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:18:25.0296 1720 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
04:18:25.0296 1720 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 03 December 2011 - 12:38 AM

Hi st

No comes up 9 files detected - 7 unsigned and 2 TDSS file systems

TDSS File system
Physical drive:\Device|Harddisk0\DR0
TDSS File system
Physical drive:\Device|Harddisk1\DR1

The 2 TDSS file systems offer - skip : copy to quarantine : delete

as do the 7 unsigned files
c:\WINDOWS\system32\drivers\AegisP.sys
c:\WINDOWS\system32\drivers\Aspi32.sys
c:\WINDOWS\system32\drivers\cdrbsdrv.sys
c:\WINDOWS\system32\drivers\ElbyCDFL.sys
c:\WINDOWS\system32\drivers\ElbyCDIO.sys
c:\WINDOWS\system32\drivers\Marvinbus.sys
c:\WINDOWS\system32\drivers\PxHelp20.sys

I left all as default = skip as suggested and clicked continue

regards

Edited by kriff, 03 December 2011 - 12:58 AM.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 03 December 2011 - 04:02 AM

Do you have the ability to burn a tool to a disc or USB device? I think we may have better luck if we try and go at this in an external environment.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 03 December 2011 - 10:14 PM

Hi ST
I think I may be able to
Does it have to be 'burnt' on the infected computer OR can it be made on another - as I have a laptop
regards

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 PM

Posted 04 December 2011 - 02:27 AM

It doesn't need to be burnt on the infected computer. It can be created and burnt on another computer.

You don't have a USB device that we could use instead would you? It might be much easier for us, if we used that instead of burning a disc.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 04 December 2011 - 05:52 PM

Hi ST

I have usb 'memory' sticks 2 gb size
hat I use to teake my photo jpgs to the store for printing
Are they ok

regards

#15 kriff

kriff
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 05 December 2011 - 04:07 PM

Hi ST please note that

dds.scr registers as TROJ_GEN_ RC1CrLS

Edit: Please be aware that we are no on page 2 of this thread.--SweetTech

Edited by SweetTech, 06 December 2011 - 05:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users