Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lost symantec protection


  • Please log in to reply
16 replies to this topic

#1 rob.roy61

rob.roy61

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 01 December 2011 - 09:12 PM

Have Vista home basic on laptop connects to intent thru wireless.
Downloaded several programs last few days and, somehow,
Symantec Endpoint Protection got turned off.
Windows Defender was also turned off.
Must have picked up malware.
How do I find and get rid of it?
Thanks
Rob

BC AdBot (Login to Remove)

 


#2 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 01 December 2011 - 09:26 PM

Forgot to add; System Restore wont work. It shows 5 restore points all
on the same day, 5 days ago.
Am currently running Emsisoft which seems to be stuck at 66% even though the
"Scanned objects" count is still increasing (440,000 and counting).
Weather and Moon phase widgets wont connect to internet to update, but the
weather widget on stardock is showing the correct temp.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 01 December 2011 - 11:26 PM

Hello and welcome.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 03 December 2011 - 01:17 PM

I printed and followed instructions exactly.
MiniToolBox wont download.
inetepl.cpl not found.
Run Rkill, Superantispyware and
MalwareBytes logs below;

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/03/2011 at 9:02:12.
Operating System: Windows Vista ™ Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on 12/03/2011 at 9:02:24.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2011 at 09:27 AM

Application Version : 5.0.1136

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type : Quick Scan
Total Scan Time : 00:11:05

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 351
Memory threats detected : 0
Registry items scanned : 31200
Registry threats detected : 0
File items scanned : 15462
File threats detected : 13

Adware.Tracking Cookie
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[2].txt [ /atdmt ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@counters.gigya[1].txt [ /counters.gigya ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txt [ /doubleclick ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@googleads.g.doubleclick[1].txt [ /googleads.g.doubleclick ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@invitemedia[2].txt [ /invitemedia ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@questionmarket[2].txt [ /questionmarket ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@zgstats[1].txt [ /zgstats ]
.zgstats.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TPNOZTN5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\USER\Cookies\user@counters.gigya[1].txt [ Cookie:user@counters.gigya.com/ ]
C:\USERS\USER\Cookies\user@atdmt[2].txt [ Cookie:user@atdmt.com/ ]
C:\USERS\USER\Cookies\user@zgstats[1].txt [ Cookie:user@zgstats.com/ ]

PUP.StartNow Toolbar
C:\Program Files\StartNow Toolbar\ToolbarBroker.exe
C:\Program Files\StartNow Toolbar

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8298

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/3/2011 10:03:02 AM
mbam-log-2011-12-03 (10-03-02).txt

Scan type: Quick scan
Objects scanned: 162365
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sine I rebooted all the widgets are working again.
I have not (yet) tried system restore again but am
waiting to see if you have other suggestions.
Thank you

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 03 December 2011 - 09:31 PM

Let's just do an Online scan and the try running Mini again after.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 December 2011 - 12:48 PM

took about 15 hours to run but here's the report;

C:\$RECYCLE.BIN\S-1-5-21-2300564124-921761224-2583670105-1002\$RIUBJ19\PHONERECORDERS\DigitalAudioRecorderSetup[DONOTUSE].exe multiple threats deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-2300564124-921761224-2583670105-1002\$RIUBJ19\TOOLS\FLVPLAYERS\!aTube_Catcher_Installer.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-2300564124-921761224-2583670105-1002\$RIUBJ19\TOOLS\SECURITY\vidalia-bundle-0.2.0.31-0.1.9.exe probably a variant of Win32/TrojanDownloader.Agent.BXGACSC trojan deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-2300564124-921761224-2583670105-1002\$RIUBJ19\TOOLS\VIDEO\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-2300564124-921761224-2583670105-1002\$RIUBJ19\zonealarm\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch134.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\User\AppData\Local\Temp\861655.Uninstall\Total-Uninstall-Setup-5_10_1.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\User\AppData\Local\Temp\895336.Uninstall\Total-Uninstall-Setup-5_10_1.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\User\AppData\Local\Temp\ICReinstall\NCalsetup072c.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\User\AppData\Local\Temp\ICReinstall\utool2[UNINSTALLTOOL].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\User\Desktop\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Astrology\Vedic\Astrooccult.net\QuickNumerologist\cnet_qN_setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\CLOCKS\SoftonicDownloader_for_atomic-clock-sync.exe.part Win32/SoftonicDownloader application cleaned by deleting - quarantined
C:\Program Files\Diagnostics\cnet2_diagnose_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GADGETS\Astrology_1_1_gadget.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GADGETS\Horoscope_gadget.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GADGETS\lunar_calendars_and_eclipse_finder.exe Win32/SWInformer.B application cleaned by deleting - quarantined
C:\Program Files\GADGETS\WeatherDesktopSetup.exe Win32/InstallCore application deleted - quarantined
C:\Program Files\GADGETS\DesktopWeather\DesktopWeather.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\GADGETS\DesktopWeather\Uninstall\Uninstall.exe Win32/InstallCore application deleted - quarantined
C:\Program Files\GoogleGadgets\activexclock.gadget a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\animated-weather.setup a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\eBay-Auction-Watch.gadget a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\Encyclopedia.gadget a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\iPod Shuffle 2G[virtual].zip a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\Language_Translator.gadget a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\GoogleGadgets\taskmanager\alive_task_manager.exe a variant of Win32/SWInformer.B application cleaned by deleting - quarantined
C:\Program Files\SETUPS\screenhunterfree.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\Total-Uninstall-Setup-5_10_1.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\utool2[UNINSTALLTOOL].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\vlc-media-player.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Program Files\SETUPS\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\SETUPS\Astronomy\AWB2010[astronomySCANBEFOREUSE].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\Astronomy\celestia-win32-1_6_0_.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\Astronomy\stellarium-0_11_0-win32.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\DIAGNOSTICS\cnet_wufinstall_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\DIAGNOSTICS\wufinstall[WinUtilitiesFree].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\NightCal\NCalsetup072c.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\Undelete\pci_us_smartrecovery.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\Undelete\pdr6free[minitoolpowerdatarecovery].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SETUPS\UNLOCKER\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Program Files\SETUPS\UNLOCKER\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined
C:\Program Files\SETUPS\UNLOCKER\Unlocker1.9.1[32bit].exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Program Files\SETUPS\ZIPS\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\SETUPS\ZoneAlarm\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined


I have not checked either; uninstall application on close and delete quarantined files
nor have I clicked the finish button yet.

#7 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 December 2011 - 01:01 PM

oops, that should read "or" close and delete quarantined files.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 05 December 2011 - 03:22 PM

close and delete quarantined files.

These are info stealers,install blockers and bad gut instalers.. quarantine or delete them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 December 2011 - 04:56 PM

deleted quarantined files
system restore now viewable back to the 23rd so
tried to restore to that date but got message that said
system restore not complete, so did not bother to start
symantec.
am currently running in safe mode because just a few
moments ago I tried to reply and everything froze. Even
task manager would not work so hit the power button off
and then on again to restart in safe mode with networking
to be sure this message comes through.
I assume I'm still infected.
What can we try next?
Thanks

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 05 December 2011 - 05:08 PM

OK, fro normal mode (if needed use safe)

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.



Please post the logs for my review.


Looks like you downloade a Bogus ComboFix...did you run it too?? Could be the whole problem.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 December 2011 - 07:20 PM

Downloaded and ran in safe mode.
Detected nothing.
Did not ask to reboot so still in safe mode.
See log below.
(Very fast scan, took no more than a minute).


16:14:39.0782 1600 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:14:40.0162 1600 ============================================================
16:14:40.0162 1600 Current date / time: 2011/12/05 16:14:40.0162
16:14:40.0162 1600 SystemInfo:
16:14:40.0162 1600
16:14:40.0162 1600 OS Version: 6.0.6002 ServicePack: 2.0
16:14:40.0162 1600 Product type: Workstation
16:14:40.0162 1600 ComputerName: USER
16:14:40.0162 1600 UserName: User
16:14:40.0162 1600 Windows directory: C:\Windows
16:14:40.0162 1600 System windows directory: C:\Windows
16:14:40.0162 1600 Processor architecture: Intel x86
16:14:40.0162 1600 Number of processors: 1
16:14:40.0162 1600 Page size: 0x1000
16:14:40.0163 1600 Boot type: Safe boot with network
16:14:40.0163 1600 ============================================================
16:14:41.0313 1600 Initialize success
16:14:46.0860 0752 ============================================================
16:14:46.0860 0752 Scan started
16:14:46.0860 0752 Mode: Manual;
16:14:46.0860 0752 ============================================================
16:14:48.0014 0752 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:14:48.0016 0752 a2acc - ok
16:14:48.0094 0752 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
16:14:48.0095 0752 A2DDA - ok
16:14:48.0350 0752 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:14:48.0355 0752 ACPI - ok
16:14:48.0565 0752 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:14:48.0573 0752 adp94xx - ok
16:14:48.0784 0752 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:14:48.0790 0752 adpahci - ok
16:14:48.0896 0752 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:14:48.0899 0752 adpu160m - ok
16:14:49.0047 0752 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:14:49.0077 0752 adpu320 - ok
16:14:49.0286 0752 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
16:14:49.0292 0752 AFD - ok
16:14:49.0473 0752 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:14:49.0475 0752 agp440 - ok
16:14:49.0667 0752 ahcix86s (6f1565ad2c46a5bc20107a4626e9a340) C:\Windows\system32\DRIVERS\ahcix86s.sys
16:14:49.0669 0752 ahcix86s - ok
16:14:49.0877 0752 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:14:49.0879 0752 aic78xx - ok
16:14:50.0093 0752 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:14:50.0095 0752 aliide - ok
16:14:50.0343 0752 ALSysIO - ok
16:14:50.0534 0752 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:14:50.0536 0752 amdagp - ok
16:14:50.0740 0752 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:14:50.0741 0752 amdide - ok
16:14:50.0954 0752 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:14:50.0956 0752 AmdK7 - ok
16:14:51.0114 0752 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:14:51.0116 0752 AmdK8 - ok
16:14:51.0200 0752 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:14:51.0202 0752 arc - ok
16:14:51.0285 0752 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:14:51.0287 0752 arcsas - ok
16:14:51.0486 0752 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:51.0488 0752 AsyncMac - ok
16:14:51.0726 0752 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:14:51.0728 0752 atapi - ok
16:14:51.0950 0752 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
16:14:51.0993 0752 athr - ok
16:14:52.0287 0752 atikmdag (bf670d99230403104ec608a20a6706b5) C:\Windows\system32\DRIVERS\atikmdag.sys
16:14:52.0422 0752 atikmdag - ok
16:14:52.0630 0752 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:14:52.0632 0752 AtiPcie - ok
16:14:52.0801 0752 ATMFBUS - ok
16:14:52.0979 0752 ATMFCVsp - ok
16:14:53.0163 0752 ATMFFLT - ok
16:14:53.0207 0752 ATMFMdm - ok
16:14:53.0224 0752 ATMFNET - ok
16:14:53.0241 0752 ATMFNVsp - ok
16:14:53.0313 0752 ATMFVsp - ok
16:14:53.0419 0752 BCM43XX (c38077d14adf896ee1e1dbbcbcf77e14) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:14:53.0441 0752 BCM43XX - ok
16:14:53.0637 0752 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:14:53.0638 0752 Beep - ok
16:14:53.0883 0752 BHDrvx86 (d9dd63ee9dd7f2e988bc184b98bdba52) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\BASHDefs\20110929.021\BHDrvx86.sys
16:14:53.0988 0752 BHDrvx86 - ok
16:14:54.0155 0752 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:14:54.0156 0752 blbdrive - ok
16:14:54.0238 0752 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
16:14:54.0240 0752 bowser - ok
16:14:54.0313 0752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:14:54.0314 0752 BrFiltLo - ok
16:14:54.0516 0752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:14:54.0518 0752 BrFiltUp - ok
16:14:54.0725 0752 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:14:54.0728 0752 Brserid - ok
16:14:54.0928 0752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:14:54.0957 0752 BrSerWdm - ok
16:14:55.0089 0752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:14:55.0090 0752 BrUsbMdm - ok
16:14:55.0171 0752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:14:55.0173 0752 BrUsbSer - ok
16:14:55.0275 0752 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:14:55.0276 0752 BTHMODEM - ok
16:14:55.0415 0752 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
16:14:55.0440 0752 CamDrL - ok
16:14:55.0675 0752 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:55.0708 0752 cdfs - ok
16:14:55.0882 0752 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:55.0884 0752 cdrom - ok
16:14:56.0125 0752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:14:56.0127 0752 circlass - ok
16:14:56.0297 0752 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:14:56.0329 0752 CLFS - ok
16:14:56.0473 0752 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:56.0475 0752 CmBatt - ok
16:14:56.0647 0752 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:14:56.0649 0752 cmdide - ok
16:14:56.0834 0752 COH_Mon - ok
16:14:57.0028 0752 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:57.0034 0752 Compbatt - ok
16:14:57.0147 0752 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:14:57.0149 0752 crcdisk - ok
16:14:57.0212 0752 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:14:57.0213 0752 Crusoe - ok
16:14:57.0330 0752 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
16:14:57.0332 0752 DfsC - ok
16:14:57.0415 0752 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:14:57.0417 0752 disk - ok
16:14:57.0528 0752 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
16:14:57.0529 0752 DKbFltr - ok
16:14:57.0751 0752 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:14:57.0781 0752 Dot4 - ok
16:14:58.0003 0752 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:14:58.0005 0752 Dot4Print - ok
16:14:58.0184 0752 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:14:58.0185 0752 dot4usb - ok
16:14:58.0306 0752 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
16:14:58.0308 0752 DritekPortIO - ok
16:14:58.0512 0752 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:14:58.0513 0752 drmkaud - ok
16:14:58.0730 0752 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:58.0742 0752 DXGKrnl - ok
16:14:58.0949 0752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:14:58.0952 0752 E1G60 - ok
16:14:59.0118 0752 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:14:59.0122 0752 Ecache - ok
16:14:59.0279 0752 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:14:59.0314 0752 eeCtrl - ok
16:14:59.0551 0752 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:14:59.0557 0752 elxstor - ok
16:14:59.0764 0752 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:14:59.0776 0752 EraserUtilRebootDrv - ok
16:14:59.0994 0752 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:14:59.0995 0752 ErrDev - ok
16:15:00.0152 0752 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:15:00.0182 0752 exfat - ok
16:15:00.0246 0752 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:15:00.0249 0752 fastfat - ok
16:15:00.0455 0752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:15:00.0456 0752 fdc - ok
16:15:00.0732 0752 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:15:00.0734 0752 FileInfo - ok
16:15:00.0917 0752 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:15:00.0919 0752 Filetrace - ok
16:15:01.0146 0752 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:15:01.0147 0752 flpydisk - ok
16:15:01.0384 0752 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:15:01.0388 0752 FltMgr - ok
16:15:01.0586 0752 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:15:01.0587 0752 Fs_Rec - ok
16:15:01.0767 0752 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:15:01.0769 0752 gagp30kx - ok
16:15:01.0997 0752 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:15:02.0003 0752 HdAudAddService - ok
16:15:02.0165 0752 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:02.0173 0752 HDAudBus - ok
16:15:02.0366 0752 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:15:02.0368 0752 HidBth - ok
16:15:02.0569 0752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:15:02.0570 0752 HidIr - ok
16:15:02.0771 0752 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:15:02.0773 0752 HidUsb - ok
16:15:03.0015 0752 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:15:03.0017 0752 HpCISSs - ok
16:15:03.0164 0752 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys
16:15:03.0199 0752 HTTP - ok
16:15:03.0419 0752 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:15:03.0421 0752 i2omp - ok
16:15:03.0646 0752 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:15:03.0647 0752 i8042prt - ok
16:15:03.0851 0752 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:15:03.0856 0752 iaStorV - ok
16:15:04.0128 0752 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\IPSDefs\20111112.030\IDSvix86.sys
16:15:04.0144 0752 IDSVix86 - ok
16:15:04.0364 0752 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:15:04.0366 0752 iirsp - ok
16:15:04.0559 0752 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
16:15:04.0560 0752 int15 - ok
16:15:04.0862 0752 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
16:15:04.0935 0752 IntcAzAudAddService - ok
16:15:05.0139 0752 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:15:05.0141 0752 intelide - ok
16:15:05.0348 0752 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:15:05.0350 0752 intelppm - ok
16:15:05.0557 0752 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:05.0558 0752 IpFilterDriver - ok
16:15:05.0734 0752 IpInIp - ok
16:15:05.0952 0752 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:15:05.0954 0752 IPMIDRV - ok
16:15:06.0189 0752 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:15:06.0192 0752 IPNAT - ok
16:15:06.0433 0752 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:15:06.0436 0752 irda - ok
16:15:06.0625 0752 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:15:06.0626 0752 IRENUM - ok
16:15:06.0834 0752 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
16:15:06.0836 0752 irsir - ok
16:15:07.0038 0752 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:15:07.0039 0752 isapnp - ok
16:15:07.0174 0752 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:15:07.0203 0752 iScsiPrt - ok
16:15:07.0389 0752 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:15:07.0391 0752 iteatapi - ok
16:15:07.0577 0752 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:15:07.0579 0752 iteraid - ok
16:15:07.0812 0752 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:07.0813 0752 kbdclass - ok
16:15:07.0992 0752 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:07.0994 0752 kbdhid - ok
16:15:08.0188 0752 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:15:08.0197 0752 KSecDD - ok
16:15:08.0433 0752 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:15:08.0435 0752 lltdio - ok
16:15:08.0649 0752 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:15:08.0652 0752 LSI_FC - ok
16:15:08.0860 0752 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:15:08.0863 0752 LSI_SAS - ok
16:15:09.0106 0752 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:15:09.0124 0752 LSI_SCSI - ok
16:15:09.0301 0752 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:15:09.0304 0752 luafv - ok
16:15:09.0345 0752 LVUSBSta - ok
16:15:09.0412 0752 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
16:15:09.0413 0752 MBAMProtector - ok
16:15:09.0482 0752 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:15:09.0484 0752 megasas - ok
16:15:09.0681 0752 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:15:09.0716 0752 MegaSR - ok
16:15:09.0928 0752 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:15:09.0930 0752 Modem - ok
16:15:10.0120 0752 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:15:10.0155 0752 monitor - ok
16:15:10.0290 0752 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:15:10.0291 0752 mouclass - ok
16:15:10.0392 0752 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:15:10.0393 0752 mouhid - ok
16:15:10.0490 0752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:15:10.0492 0752 MountMgr - ok
16:15:10.0688 0752 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:15:10.0691 0752 mpio - ok
16:15:10.0863 0752 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:15:10.0865 0752 mpsdrv - ok
16:15:11.0068 0752 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:15:11.0069 0752 Mraid35x - ok
16:15:11.0183 0752 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:15:11.0186 0752 MRxDAV - ok
16:15:11.0250 0752 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:11.0252 0752 mrxsmb - ok
16:15:11.0445 0752 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:11.0450 0752 mrxsmb10 - ok
16:15:11.0635 0752 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:11.0637 0752 mrxsmb20 - ok
16:15:11.0866 0752 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\DRIVERS\msahci.sys
16:15:11.0868 0752 msahci - ok
16:15:12.0060 0752 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:15:12.0062 0752 msdsm - ok
16:15:12.0197 0752 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:15:12.0198 0752 Msfs - ok
16:15:12.0229 0752 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:15:12.0230 0752 msisadrv - ok
16:15:12.0331 0752 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:15:12.0332 0752 MSKSSRV - ok
16:15:12.0431 0752 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:12.0433 0752 MSPCLOCK - ok
16:15:12.0613 0752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:15:12.0614 0752 MSPQM - ok
16:15:12.0848 0752 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:15:12.0852 0752 MsRPC - ok
16:15:13.0047 0752 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:13.0048 0752 mssmbios - ok
16:15:13.0170 0752 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:15:13.0171 0752 MSTEE - ok
16:15:13.0301 0752 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:15:13.0303 0752 Mup - ok
16:15:13.0537 0752 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:15:13.0540 0752 NativeWifiP - ok
16:15:13.0754 0752 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\VirusDefs\20111114.007\NAVENG.SYS
16:15:13.0758 0752 NAVENG - ok
16:15:14.0063 0752 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\VirusDefs\20111114.007\NAVEX15.SYS
16:15:14.0122 0752 NAVEX15 - ok
16:15:14.0299 0752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:15:14.0307 0752 NDIS - ok
16:15:14.0413 0752 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:14.0414 0752 NdisTapi - ok
16:15:14.0562 0752 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:14.0563 0752 Ndisuio - ok
16:15:14.0765 0752 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:14.0768 0752 NdisWan - ok
16:15:14.0941 0752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:15:14.0943 0752 NDProxy - ok
16:15:15.0148 0752 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:15:15.0150 0752 NetBIOS - ok
16:15:15.0354 0752 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:15:15.0358 0752 netbt - ok
16:15:15.0638 0752 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:15:15.0640 0752 nfrd960 - ok
16:15:15.0871 0752 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:15:15.0873 0752 Npfs - ok
16:15:16.0066 0752 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:15:16.0067 0752 nsiproxy - ok
16:15:16.0261 0752 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:15:16.0282 0752 Ntfs - ok
16:15:16.0377 0752 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:15:16.0378 0752 NTIDrvr - ok
16:15:16.0435 0752 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:15:16.0437 0752 ntrigdigi - ok
16:15:16.0515 0752 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:15:16.0516 0752 NuidFltr - ok
16:15:16.0643 0752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:15:16.0644 0752 Null - ok
16:15:16.0875 0752 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:15:16.0878 0752 nvraid - ok
16:15:17.0087 0752 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:15:17.0089 0752 nvstor - ok
16:15:17.0236 0752 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:15:17.0239 0752 nv_agp - ok
16:15:17.0293 0752 NwlnkFlt - ok
16:15:17.0337 0752 NwlnkFwd - ok
16:15:17.0406 0752 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:15:17.0408 0752 ohci1394 - ok
16:15:17.0518 0752 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:15:17.0520 0752 Parport - ok
16:15:17.0572 0752 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:15:17.0575 0752 partmgr - ok
16:15:17.0776 0752 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:15:17.0777 0752 Parvdm - ok
16:15:18.0022 0752 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:15:18.0053 0752 pci - ok
16:15:18.0213 0752 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:15:18.0214 0752 pciide - ok
16:15:18.0325 0752 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:15:18.0329 0752 pcmcia - ok
16:15:18.0458 0752 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:15:18.0512 0752 PEAUTH - ok
16:15:18.0716 0752 pfc - ok
16:15:19.0013 0752 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:15:19.0041 0752 PptpMiniport - ok
16:15:19.0243 0752 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:15:19.0245 0752 Processor - ok
16:15:19.0432 0752 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:15:19.0434 0752 PSched - ok
16:15:19.0658 0752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:15:19.0678 0752 ql2300 - ok
16:15:19.0888 0752 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:15:19.0891 0752 ql40xx - ok
16:15:20.0082 0752 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:15:20.0083 0752 QWAVEdrv - ok
16:15:20.0200 0752 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:15:20.0202 0752 RasAcd - ok
16:15:20.0356 0752 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:20.0358 0752 Rasl2tp - ok
16:15:20.0589 0752 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:20.0591 0752 RasPppoe - ok
16:15:20.0791 0752 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:15:20.0793 0752 RasSstp - ok
16:15:20.0988 0752 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:15:20.0993 0752 rdbss - ok
16:15:21.0226 0752 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:21.0227 0752 RDPCDD - ok
16:15:21.0474 0752 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:15:21.0480 0752 rdpdr - ok
16:15:21.0644 0752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:15:21.0645 0752 RDPENCDD - ok
16:15:21.0840 0752 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:15:21.0844 0752 RDPWD - ok
16:15:22.0109 0752 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:15:22.0111 0752 rspndr - ok
16:15:22.0291 0752 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:15:22.0293 0752 RTL8169 - ok
16:15:22.0428 0752 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:15:22.0429 0752 SASDIFSV - ok
16:15:22.0510 0752 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:15:22.0512 0752 SASKUTIL - ok
16:15:22.0697 0752 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:15:22.0699 0752 sbp2port - ok
16:15:22.0950 0752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:15:22.0951 0752 secdrv - ok
16:15:23.0158 0752 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:15:23.0160 0752 Serenum - ok
16:15:23.0393 0752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:15:23.0396 0752 Serial - ok
16:15:23.0588 0752 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:15:23.0590 0752 sermouse - ok
16:15:23.0838 0752 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:15:23.0839 0752 sffdisk - ok
16:15:24.0066 0752 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:15:24.0068 0752 sffp_mmc - ok
16:15:24.0220 0752 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:15:24.0221 0752 sffp_sd - ok
16:15:24.0298 0752 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:15:24.0299 0752 sfloppy - ok
16:15:24.0470 0752 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:15:24.0472 0752 sisagp - ok
16:15:24.0598 0752 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:15:24.0600 0752 SiSRaid2 - ok
16:15:24.0775 0752 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:15:24.0778 0752 SiSRaid4 - ok
16:15:25.0026 0752 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:15:25.0028 0752 Smb - ok
16:15:25.0250 0752 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:15:25.0284 0752 spldr - ok
16:15:25.0453 0752 SRTSP (41453d5c343405b58ee3385a3d14a46f) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SRTSP.SYS
16:15:25.0464 0752 SRTSP - ok
16:15:25.0729 0752 SRTSPX (cd824ec0d7eb2d8c8dda8c497bed59ff) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SRTSPX.SYS
16:15:25.0731 0752 SRTSPX - ok
16:15:25.0940 0752 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
16:15:25.0946 0752 srv - ok
16:15:26.0155 0752 srv2 (d69b44e3b000c2ff583f10c65489b4fb) C:\Windows\system32\DRIVERS\srv2.sys
16:15:26.0160 0752 srv2 - ok
16:15:26.0375 0752 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
16:15:26.0378 0752 srvnet - ok
16:15:26.0555 0752 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:15:26.0556 0752 swenum - ok
16:15:26.0709 0752 SyDvCtrl (f9584676e224e1c4319793acb5698514) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin\SyDvCtrl32.sys
16:15:26.0713 0752 SyDvCtrl - ok
16:15:26.0905 0752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:15:26.0907 0752 Symc8xx - ok
16:15:27.0124 0752 SymDS (4f6ddb644f2f254ea7da5c7db2dc958a) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMDS.SYS
16:15:27.0131 0752 SymDS - ok
16:15:27.0332 0752 SymEFA (23496d1ce9aa1ed45d1e6beb08c70561) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMEFA.SYS
16:15:27.0352 0752 SymEFA - ok
16:15:27.0540 0752 SymEvent (8aa4379c0762b357a47d6ed52991be56) C:\Windows\system32\Drivers\SYMEVENT.SYS
16:15:27.0543 0752 SymEvent - ok
16:15:27.0783 0752 SymIRON (9bb5854455d2cda60703377acc3c2135) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\Ironx86.SYS
16:15:27.0787 0752 SymIRON - ok
16:15:27.0946 0752 SYMTDI - ok
16:15:28.0186 0752 SYMTDIV (d42a7229e333af725f1445f785e4658d) C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMTDIV.SYS
16:15:28.0189 0752 SYMTDIV - ok
16:15:28.0368 0752 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:15:28.0375 0752 Sym_hi - ok
16:15:28.0572 0752 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:15:28.0573 0752 Sym_u3 - ok
16:15:28.0820 0752 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
16:15:28.0823 0752 SynTP - ok
16:15:29.0085 0752 SysPlant (809f24cde467899d52d767616394cc06) C:\Windows\system32\Drivers\SysPlant.sys
16:15:29.0088 0752 SysPlant - ok
16:15:29.0305 0752 Tcpip (cc9993701ac57f995554c696dda49c12) C:\Windows\system32\drivers\tcpip.sys
16:15:29.0313 0752 Tcpip - ok
16:15:29.0561 0752 Tcpip6 (cc9993701ac57f995554c696dda49c12) C:\Windows\system32\DRIVERS\tcpip.sys
16:15:29.0569 0752 Tcpip6 - ok
16:15:29.0821 0752 tcpipreg (d554dd10f655c9246b2d52f8aebe29b1) C:\Windows\system32\drivers\tcpipreg.sys
16:15:29.0823 0752 tcpipreg - ok
16:15:30.0008 0752 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:15:30.0010 0752 TDPIPE - ok
16:15:30.0227 0752 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:15:30.0229 0752 TDTCP - ok
16:15:30.0419 0752 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:15:30.0422 0752 tdx - ok
16:15:30.0625 0752 Teefer2 (ced83aecf48fd228e5b6c90cf495b24b) C:\Windows\system32\DRIVERS\Teefer.sys
16:15:30.0626 0752 Teefer2 - ok
16:15:30.0819 0752 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:15:30.0820 0752 TermDD - ok
16:15:31.0086 0752 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
16:15:31.0091 0752 truecrypt - ok
16:15:31.0275 0752 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:31.0277 0752 tssecsrv - ok
16:15:31.0335 0752 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:15:31.0337 0752 tunmp - ok
16:15:31.0383 0752 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
16:15:31.0384 0752 tunnel - ok
16:15:31.0440 0752 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:15:31.0442 0752 uagp35 - ok
16:15:31.0469 0752 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
16:15:31.0471 0752 UBHelper - ok
16:15:31.0685 0752 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:15:31.0690 0752 udfs - ok
16:15:31.0915 0752 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:15:31.0917 0752 uliagpkx - ok
16:15:32.0100 0752 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:15:32.0105 0752 uliahci - ok
16:15:32.0238 0752 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:15:32.0241 0752 UlSata - ok
16:15:32.0354 0752 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:15:32.0357 0752 ulsata2 - ok
16:15:32.0595 0752 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:15:32.0597 0752 umbus - ok
16:15:32.0686 0752 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:15:32.0687 0752 UnlockerDriver5 - ok
16:15:32.0940 0752 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:15:32.0942 0752 usbaudio - ok
16:15:33.0135 0752 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:33.0138 0752 usbccgp - ok
16:15:33.0276 0752 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:15:33.0279 0752 usbcir - ok
16:15:33.0365 0752 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:15:33.0394 0752 usbehci - ok
16:15:33.0444 0752 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:15:33.0448 0752 usbhub - ok
16:15:33.0608 0752 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
16:15:33.0609 0752 usbohci - ok
16:15:33.0794 0752 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:15:33.0795 0752 usbprint - ok
16:15:34.0017 0752 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:15:34.0019 0752 usbscan - ok
16:15:34.0234 0752 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:34.0236 0752 USBSTOR - ok
16:15:34.0390 0752 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:15:34.0391 0752 usbuhci - ok
16:15:34.0454 0752 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:15:34.0458 0752 usbvideo - ok
16:15:34.0727 0752 VBoxDrv (49a4673b3e1e167fe5c18f6571d00af5) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:15:34.0731 0752 VBoxDrv - ok
16:15:34.0967 0752 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:15:34.0969 0752 VBoxNetAdp - ok
16:15:35.0168 0752 VBoxNetFlt (af33dc300f15505321efb49c58016258) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:15:35.0170 0752 VBoxNetFlt - ok
16:15:35.0344 0752 VBoxUSBMon (3cdc46bc988ce3921c4e9480a56afd8e) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:15:35.0347 0752 VBoxUSBMon - ok
16:15:35.0426 0752 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:35.0428 0752 vga - ok
16:15:35.0487 0752 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:15:35.0488 0752 VgaSave - ok
16:15:35.0704 0752 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:15:35.0733 0752 viaagp - ok
16:15:35.0931 0752 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:15:35.0933 0752 ViaC7 - ok
16:15:36.0129 0752 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:15:36.0130 0752 viaide - ok
16:15:36.0325 0752 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:15:36.0327 0752 volmgr - ok
16:15:36.0520 0752 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:15:36.0527 0752 volmgrx - ok
16:15:36.0709 0752 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:15:36.0714 0752 volsnap - ok
16:15:36.0725 0752 vsdatant - ok
16:15:36.0917 0752 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:15:36.0921 0752 vsmraid - ok
16:15:37.0196 0752 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:15:37.0224 0752 WacomPen - ok
16:15:37.0440 0752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:37.0442 0752 Wanarp - ok
16:15:37.0454 0752 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:37.0456 0752 Wanarpv6 - ok
16:15:37.0695 0752 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:15:37.0696 0752 Wd - ok
16:15:37.0947 0752 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:15:37.0957 0752 Wdf01000 - ok
16:15:38.0256 0752 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:15:38.0257 0752 WmiAcpi - ok
16:15:38.0401 0752 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:15:38.0403 0752 ws2ifsl - ok
16:15:38.0556 0752 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:15:38.0558 0752 WUDFRd - ok
16:15:38.0642 0752 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
16:15:39.0873 0752 \Device\Harddisk0\DR0 - ok
16:15:39.0899 0752 Boot (0x1200) (63f327a36223d433b39752a6beed9c0c) \Device\Harddisk0\DR0\Partition0
16:15:39.0900 0752 \Device\Harddisk0\DR0\Partition0 - ok
16:15:39.0947 0752 Boot (0x1200) (9826a506e17536b4bebaa1ce14ba84a6) \Device\Harddisk0\DR0\Partition1
16:15:39.0948 0752 \Device\Harddisk0\DR0\Partition1 - ok
16:15:39.0953 0752 ============================================================
16:15:39.0953 0752 Scan finished
16:15:39.0953 0752 ============================================================
16:15:39.0972 1008 Detected object count: 0
16:15:39.0972 1008 Actual detected object count: 0
16:17:00.0251 1312 Deinitialize success

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 05 December 2011 - 07:34 PM

I am starting to wonder if it is something else.. Lets check for different Rootkits.
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 December 2011 - 09:09 PM

Downloaded in safe mode but had to reboot to normal mode
to run program.
Thanks

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8D60B000 C:\Windows\system32\DRIVERS\atikmdag.sys 5898240 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82252000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82252000 PnpManager 3903488 bytes
0x82252000 RAW 3903488 bytes
0x82252000 WMIxWDM 3903488 bytes
0x90002000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9E8E0000 Win32k 2105344 bytes
0x9E8E0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90A01000 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\VirusDefs\20111114.007\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x8A00A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89E02000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9620D000 C:\Windows\System32\drivers\tcpip.sys 966656 bytes (Microsoft Corporation, TCP/IP Driver)
0x8DEBA000 C:\Windows\system32\DRIVERS\athr.sys 946176 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8046A000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA9C71000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9740A000 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\BASHDefs\20110929.021\BHDrvx86.sys 831488 bytes (Symantec Corporation, BASH Driver)
0x89C0E000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMEFA.SYS 782336 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xA9493000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8DE0F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DC07000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90261000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0x80553000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89CCD000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA940B000 C:\Windows\system32\drivers\HTTP.sys 438272 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x94B59000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x94AFB000 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\IPSDefs\20111112.030\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver)
0x9632A000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x80782000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0xA9C05000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x806A9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90373000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80600000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x89F73000 C:\Windows\system32\DRIVERS\ahcix86s.sys 274432 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)
0x974EF000 C:\Windows\System32\Drivers\dump_ahcix86s.sys 274432 bytes
0x80429000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x89FB6000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8DBAB000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x94AB1000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89F38000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA95B1000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A11A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x94A36000 C:\Windows\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x89DBB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8221F000 ACPI_HAL 208896 bytes
0x8221F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80750000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9639F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DCFC000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8DCBC000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x9020F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89F0D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x94A0B000 C:\Windows\system32\DRIVERS\VBoxDrv.sys 176128 bytes (Oracle Corporation, VirtualBox Support Driver)
0x89D91000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x97594000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8A16A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80657000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89D3E000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x90315000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x9023C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x902E7000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\Ironx86.SYS 143360 bytes (Symantec Corporation, Iron Driver)
0x8DD58000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8DFA1000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x94A89000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8A1A2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA9571000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x903BB000 C:\Windows\system32\DRIVERS\Teefer.sys 135168 bytes (Symantec Corporation, Symantec CMC Firewall Teefer3)
0x9033B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA9592000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8DDE0000 C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 126976 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)
0x80728000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x94BB7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x97566000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA9476000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8DDB3000 C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 118784 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)
0x94A6D000 C:\Windows\system32\Drivers\SysPlant.sys 114688 bytes (Symantec Corporation, Symantec CMC Firewall SysPlant)
0x962F9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9754B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x805DC000 C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 106496 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)
0xA9543000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DFC3000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x975DB000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x94BD5000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DD36000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA9D6D000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x963D1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96314000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA955C000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DD9E000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90B81000 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Data\Definitions\VirusDefs\20111114.007\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8DD8A000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x96383000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DC94000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x975C8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x903DC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A191000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8DBE9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80410000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89D81000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807D9000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90B9E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x97584000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80708000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8DDD0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x9753C000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A15B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8067E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8DD7B000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8DFE5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9EB20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x963E7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9035C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FA000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x974D8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DE00000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805CF000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA9D59000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90BD5000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8DEAE000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DCB1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DCED000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x90BF1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DD4D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9030A000 C:\Windows\system32\Drivers\SEP\0C010259\125B.105\x86\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x8DD2B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A1EB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80690000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8DCA7000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x974E5000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x97532000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x80746000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8DFF4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x975BE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x94AF1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA9D4F000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8DFDB000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8054A000 C:\Windows\System32\Drivers\BlackBox.sys 36864 bytes (RKU Driver)
0x8A1CB000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90BBE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90B95000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x90BB5000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9036A000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9EB00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A1F6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A000000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80646000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xA9D65000 C:\Users\User\AppData\Local\Temp\ALSysIO.sys 32768 bytes
0x80720000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8A1C3000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x80421000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xA9C69000 C:\Windows\system32\drivers\int15.sys 32768 bytes (Acer, Inc., int15)
0x96397000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8064F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90BE1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90BE9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A153000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x80718000 C:\Windows\System32\Drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0x90BCE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90BAE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90BC7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F3000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x94AAB000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8DCF8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x94AED000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0xA9D83000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x974D5000 C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 12288 bytes (Emsi Software GmbH, Emsisoft Direct Disk Access Support Driver)
0x8068D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DC00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DCEB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 05 December 2011 - 11:22 PM

Will they turn and stay on now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 rob.roy61

rob.roy61
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 06 December 2011 - 12:43 AM

Symantec opens and says "Your computer is protected" which it always says
but the 4 boxes that should appear below are still not there and there is no
way to change settings.
System restore says; System restore did not complete successfully. Your
computer files and settings were not changed. An unspecified error occured
during system restore.

Time to take a chance on combo fix?
thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users