Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Report System Fix Bug


  • This topic is locked This topic is locked
6 replies to this topic

#1 alaverkin

alaverkin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 December 2011 - 05:23 PM

ComboFix 11-12-21.02 - Admin 12/21/2011 15:16:49.9.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.269 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~c0Z19ciF3RYtxk
c:\documents and settings\All Users\Application Data\~c0Z19ciF3RYtxkr
c:\documents and settings\All Users\Application Data\c0Z19ciF3RYtxk
c:\documents and settings\All Users\Application Data\c0Z19ciF3RYtxk.exe
c:\documents and settings\All Users\Application Data\hFITnUFOxHN.exe
c:\documents and settings\Sam\Start Menu\Programs\System Fix
c:\documents and settings\Sam\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Sam\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-14 23:21 . 2011-12-14 23:25 -------- d--h--w- c:\windows\SxsCaPendDel
2011-12-14 23:07 . 2011-12-14 23:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-02 17:16 . 2011-12-02 17:16 2106216 ---ha-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-02 17:16 . 2011-12-02 17:16 134104 ---ha-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-02 17:16 . 2011-12-02 17:16 1998168 ---ha-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-02 17:16 . 2011-12-02 17:16 89048 ---ha-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-02 17:16 . 2011-12-02 17:16 478168 ---ha-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-02 17:16 . 2011-12-02 17:16 801752 ---ha-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-12-02 17:16 . 2011-12-02 17:16 1989592 ---ha-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-02 17:16 . 2011-12-02 17:16 15832 ---ha-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-22 02:22 . 2011-12-14 22:44 -------- d--h--w- c:\program files\3B216
2011-11-22 02:21 . 2011-11-22 02:21 -------- d--h--w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-11 15:59 . 2011-06-01 17:53 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-10 17:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 17:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ---ha-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ---ha-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-10 17:51 2192768 ---ha-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2069376 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-10 17:51 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-10 18:02 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 17:51 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 17:51 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-12-02 17:16 . 2011-12-02 17:16 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-14_20.37.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 22:07 . 2011-12-21 22:07 63544 c:\windows\system32\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-10-20 3514368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ---ha-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ---ha-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 -c-ha-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 -c-ha-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c-ha-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c-ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 -c-ha-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 15:26 26112 -c-ha-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 -c-ha-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 -c-ha-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [4/4/2011 12:40 PM 20600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{96D2ABE6-2B49-4827-B103-F939DDF14CDB}: NameServer = 192.168.2.3
FF - ProfilePath -
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hFITnUFOxHN.exe - c:\documents and settings\All Users\Application Data\hFITnUFOxHN.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 15:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-21 15:26:48
ComboFix-quarantined-files.txt 2011-12-21 22:26
ComboFix2.txt 2011-12-14 23:40
ComboFix3.txt 2011-12-14 20:41
ComboFix4.txt 2010-09-12 21:39
ComboFix5.txt 2011-12-21 22:14
.
.
Post-Run: 45,433,466,880 bytes free
.
- - End Of File - - 83B5410D35DB70CEA1A7BC7CF6F881AA

BC AdBot (Login to Remove)

 


#2 alaverkin

alaverkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 December 2011 - 05:37 PM

Thanks for your patience here is more. Note this is after running combofix.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Admin at 15:36:43 on 2011-12-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.326 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1007\TmIEPlg.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PC Meter Connect] c:\program files\pitney bowes\pc meter connect\mailstationAssistant.exe minimize
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{96D2ABE6-2B49-4827-B103-F939DDF14CDB} : NameServer = 192.168.2.3
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2011-4-4 20600]
.
=============== Created Last 30 ================
.
2011-12-14 23:21:01 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-14 23:07:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-02 17:16:56 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-02 17:16:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-02 17:16:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-02 17:16:55 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-02 17:16:54 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-02 17:16:54 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-02 17:16:54 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-12-02 17:16:54 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-22 02:22:41 -------- d-----w- c:\program files\3B216
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 15:59:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 15:36:55.75 ===============

#3 alaverkin

alaverkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 December 2011 - 06:35 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-21 16:38:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: pg1892e4.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxldypob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7EF2F80]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat EE83CD20

---- EOF - GMER 1.0.15 ----

#4 alaverkin

alaverkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 December 2011 - 06:40 PM

16:38:54.0531 1964 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:38:55.0125 1964 ============================================================
16:38:55.0125 1964 Current date / time: 2011/12/21 16:38:55.0125
16:38:55.0125 1964 SystemInfo:
16:38:55.0125 1964
16:38:55.0125 1964 OS Version: 5.1.2600 ServicePack: 3.0
16:38:55.0125 1964 Product type: Workstation
16:38:55.0125 1964 ComputerName: SQLWS06
16:38:55.0125 1964 UserName: Admin
16:38:55.0125 1964 Windows directory: C:\WINDOWS
16:38:55.0125 1964 System windows directory: C:\WINDOWS
16:38:55.0125 1964 Processor architecture: Intel x86
16:38:55.0125 1964 Number of processors: 1
16:38:55.0125 1964 Page size: 0x1000
16:38:55.0125 1964 Boot type: Normal boot
16:38:55.0125 1964 ============================================================
16:38:56.0437 1964 Initialize success
16:39:06.0125 0168 ============================================================
16:39:06.0125 0168 Scan started
16:39:06.0125 0168 Mode: Manual;
16:39:06.0125 0168 ============================================================
16:39:06.0796 0168 Abiosdsk - ok
16:39:07.0046 0168 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:39:07.0062 0168 abp480n5 - ok
16:39:07.0421 0168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:39:07.0421 0168 ACPI - ok
16:39:07.0718 0168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:39:07.0718 0168 ACPIEC - ok
16:39:08.0046 0168 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:39:08.0078 0168 adpu160m - ok
16:39:08.0421 0168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:39:08.0468 0168 aec - ok
16:39:08.0796 0168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:39:08.0796 0168 AFD - ok
16:39:09.0125 0168 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:39:09.0140 0168 agp440 - ok
16:39:09.0437 0168 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:39:09.0453 0168 agpCPQ - ok
16:39:09.0750 0168 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:39:09.0750 0168 Aha154x - ok
16:39:10.0062 0168 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:39:10.0078 0168 aic78u2 - ok
16:39:10.0359 0168 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:39:10.0375 0168 aic78xx - ok
16:39:10.0656 0168 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:39:10.0671 0168 AliIde - ok
16:39:10.0953 0168 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:39:10.0968 0168 alim1541 - ok
16:39:11.0281 0168 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:39:11.0296 0168 amdagp - ok
16:39:11.0593 0168 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:39:11.0593 0168 amsint - ok
16:39:11.0921 0168 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:39:11.0937 0168 asc - ok
16:39:12.0203 0168 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:39:12.0203 0168 asc3350p - ok
16:39:12.0500 0168 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:39:12.0500 0168 asc3550 - ok
16:39:12.0796 0168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:39:12.0796 0168 AsyncMac - ok
16:39:13.0125 0168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:39:13.0125 0168 atapi - ok
16:39:13.0406 0168 Atdisk - ok
16:39:13.0687 0168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:39:13.0703 0168 Atmarpc - ok
16:39:14.0015 0168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:39:14.0015 0168 audstub - ok
16:39:14.0312 0168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:39:14.0312 0168 Beep - ok
16:39:14.0437 0168 catchme - ok
16:39:14.0718 0168 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:39:14.0718 0168 cbidf - ok
16:39:15.0015 0168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:39:15.0015 0168 cbidf2k - ok
16:39:15.0296 0168 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:39:15.0296 0168 cd20xrnt - ok
16:39:15.0609 0168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:39:15.0609 0168 Cdaudio - ok
16:39:15.0921 0168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:39:15.0921 0168 Cdfs - ok
16:39:16.0250 0168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:39:16.0250 0168 Cdrom - ok
16:39:16.0515 0168 Changer - ok
16:39:16.0781 0168 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:39:16.0781 0168 CmdIde - ok
16:39:17.0093 0168 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:39:17.0109 0168 Cpqarray - ok
16:39:17.0437 0168 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:39:17.0500 0168 dac2w2k - ok
16:39:17.0765 0168 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:39:17.0781 0168 dac960nt - ok
16:39:18.0078 0168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:39:18.0078 0168 Disk - ok
16:39:18.0406 0168 DM150Drv (c1e8f827343c65957f76487677711dfa) C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
16:39:18.0421 0168 DM150Drv - ok
16:39:18.0984 0168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:39:19.0234 0168 dmboot - ok
16:39:19.0578 0168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:39:19.0640 0168 dmio - ok
16:39:19.0937 0168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:39:19.0937 0168 dmload - ok
16:39:20.0234 0168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:39:20.0250 0168 DMusic - ok
16:39:20.0562 0168 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:39:20.0578 0168 dpti2o - ok
16:39:20.0859 0168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:39:20.0859 0168 drmkaud - ok
16:39:21.0187 0168 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:39:21.0250 0168 E100B - ok
16:39:21.0593 0168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:39:21.0625 0168 Fastfat - ok
16:39:21.0937 0168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:39:21.0953 0168 Fdc - ok
16:39:22.0250 0168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:39:22.0250 0168 Fips - ok
16:39:22.0546 0168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:39:22.0546 0168 Flpydisk - ok
16:39:22.0875 0168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:39:22.0875 0168 FltMgr - ok
16:39:23.0140 0168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:39:23.0140 0168 Fs_Rec - ok
16:39:23.0468 0168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:39:23.0468 0168 Ftdisk - ok
16:39:23.0750 0168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:39:23.0750 0168 Gpc - ok
16:39:24.0046 0168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:39:24.0046 0168 HidUsb - ok
16:39:24.0375 0168 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:39:24.0390 0168 hpn - ok
16:39:24.0765 0168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:39:24.0765 0168 HTTP - ok
16:39:25.0046 0168 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:39:25.0046 0168 i2omgmt - ok
16:39:25.0328 0168 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:39:25.0328 0168 i2omp - ok
16:39:25.0625 0168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:39:25.0656 0168 i8042prt - ok
16:39:26.0171 0168 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:39:26.0187 0168 ialm - ok
16:39:26.0484 0168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:39:26.0500 0168 Imapi - ok
16:39:26.0765 0168 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:39:26.0781 0168 ini910u - ok
16:39:27.0062 0168 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:39:27.0062 0168 IntelIde - ok
16:39:27.0343 0168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:39:27.0343 0168 intelppm - ok
16:39:27.0640 0168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:39:27.0656 0168 Ip6Fw - ok
16:39:28.0000 0168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:39:28.0015 0168 IpFilterDriver - ok
16:39:28.0312 0168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:39:28.0312 0168 IpInIp - ok
16:39:28.0656 0168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:39:28.0656 0168 IpNat - ok
16:39:29.0000 0168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:39:29.0000 0168 IPSec - ok
16:39:29.0296 0168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:39:29.0296 0168 IRENUM - ok
16:39:29.0593 0168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:39:29.0593 0168 isapnp - ok
16:39:29.0875 0168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:39:29.0875 0168 Kbdclass - ok
16:39:30.0156 0168 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:39:30.0156 0168 kbdhid - ok
16:39:30.0484 0168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:39:30.0500 0168 kmixer - ok
16:39:30.0796 0168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:39:30.0796 0168 KSecDD - ok
16:39:31.0046 0168 lbrtfdc - ok
16:39:31.0343 0168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:39:31.0343 0168 mnmdd - ok
16:39:31.0625 0168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:39:31.0640 0168 Modem - ok
16:39:31.0937 0168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:39:31.0937 0168 Mouclass - ok
16:39:32.0218 0168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:39:32.0218 0168 mouhid - ok
16:39:32.0500 0168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:39:32.0500 0168 MountMgr - ok
16:39:32.0781 0168 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:39:32.0781 0168 mraid35x - ok
16:39:33.0125 0168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:39:33.0125 0168 MRxDAV - ok
16:39:33.0546 0168 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:39:33.0546 0168 MRxSmb - ok
16:39:33.0843 0168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:39:33.0843 0168 Msfs - ok
16:39:34.0109 0168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:39:34.0109 0168 MSKSSRV - ok
16:39:34.0390 0168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:39:34.0390 0168 MSPCLOCK - ok
16:39:34.0703 0168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:39:34.0703 0168 MSPQM - ok
16:39:35.0000 0168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:39:35.0000 0168 mssmbios - ok
16:39:35.0296 0168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:39:35.0296 0168 Mup - ok
16:39:35.0671 0168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:39:35.0671 0168 NDIS - ok
16:39:35.0984 0168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:39:35.0984 0168 NdisTapi - ok
16:39:36.0281 0168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:39:36.0281 0168 Ndisuio - ok
16:39:36.0593 0168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:39:36.0593 0168 NdisWan - ok
16:39:36.0875 0168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:39:36.0875 0168 NDProxy - ok
16:39:37.0171 0168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:39:37.0171 0168 NetBIOS - ok
16:39:37.0500 0168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:39:37.0500 0168 NetBT - ok
16:39:37.0812 0168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:39:37.0812 0168 Npfs - ok
16:39:38.0265 0168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:39:38.0265 0168 Ntfs - ok
16:39:38.0546 0168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:39:38.0546 0168 Null - ok
16:39:39.0406 0168 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:39:40.0031 0168 nv - ok
16:39:40.0328 0168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:39:40.0343 0168 NwlnkFlt - ok
16:39:40.0609 0168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:39:40.0625 0168 NwlnkFwd - ok
16:39:40.0921 0168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:39:40.0921 0168 Parport - ok
16:39:41.0234 0168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:39:41.0234 0168 PartMgr - ok
16:39:41.0500 0168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:39:41.0500 0168 ParVdm - ok
16:39:41.0828 0168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:39:41.0828 0168 PCI - ok
16:39:42.0062 0168 PCIDump - ok
16:39:42.0328 0168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:39:42.0328 0168 PCIIde - ok
16:39:42.0656 0168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:39:42.0703 0168 Pcmcia - ok
16:39:42.0953 0168 PDCOMP - ok
16:39:43.0171 0168 PDFRAME - ok
16:39:43.0390 0168 PDRELI - ok
16:39:43.0640 0168 PDRFRAME - ok
16:39:43.0921 0168 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:39:43.0937 0168 perc2 - ok
16:39:44.0218 0168 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:39:44.0218 0168 perc2hib - ok
16:39:44.0562 0168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:39:44.0562 0168 PptpMiniport - ok
16:39:44.0890 0168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:39:44.0890 0168 PSched - ok
16:39:45.0203 0168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:39:45.0203 0168 Ptilink - ok
16:39:45.0484 0168 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:39:45.0500 0168 ql1080 - ok
16:39:45.0812 0168 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:39:45.0828 0168 Ql10wnt - ok
16:39:46.0109 0168 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:39:46.0109 0168 ql12160 - ok
16:39:46.0390 0168 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:39:46.0406 0168 ql1240 - ok
16:39:46.0750 0168 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:39:46.0765 0168 ql1280 - ok
16:39:47.0046 0168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:39:47.0046 0168 RasAcd - ok
16:39:47.0343 0168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:39:47.0359 0168 Rasl2tp - ok
16:39:47.0671 0168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:39:47.0671 0168 RasPppoe - ok
16:39:47.0968 0168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:39:47.0968 0168 Raspti - ok
16:39:48.0312 0168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:39:48.0312 0168 Rdbss - ok
16:39:48.0625 0168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:39:48.0625 0168 RDPCDD - ok
16:39:48.0968 0168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:39:49.0031 0168 rdpdr - ok
16:39:49.0390 0168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:39:49.0437 0168 RDPWD - ok
16:39:49.0765 0168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:39:49.0765 0168 redbook - ok
16:39:50.0109 0168 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
16:39:50.0109 0168 RTL8023 - ok
16:39:50.0421 0168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:39:50.0437 0168 Secdrv - ok
16:39:50.0953 0168 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:39:50.0953 0168 senfilt - ok
16:39:51.0234 0168 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:39:51.0234 0168 serenum - ok
16:39:51.0515 0168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:39:51.0515 0168 Serial - ok
16:39:51.0812 0168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:39:51.0828 0168 Sfloppy - ok
16:39:52.0062 0168 Simbad - ok
16:39:52.0343 0168 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:39:52.0359 0168 sisagp - ok
16:39:52.0765 0168 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
16:39:52.0765 0168 smwdm - ok
16:39:53.0062 0168 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:39:53.0078 0168 Sparrow - ok
16:39:53.0375 0168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:39:53.0375 0168 splitter - ok
16:39:53.0703 0168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:39:53.0703 0168 sr - ok
16:39:54.0093 0168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:39:54.0093 0168 Srv - ok
16:39:54.0390 0168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:39:54.0406 0168 swenum - ok
16:39:54.0687 0168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:39:54.0703 0168 swmidi - ok
16:39:55.0000 0168 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:39:55.0000 0168 symc810 - ok
16:39:55.0296 0168 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:39:55.0296 0168 symc8xx - ok
16:39:55.0578 0168 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:39:55.0593 0168 sym_hi - ok
16:39:55.0875 0168 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:39:55.0875 0168 sym_u3 - ok
16:39:56.0203 0168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:39:56.0203 0168 sysaudio - ok
16:39:56.0625 0168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:39:56.0625 0168 Tcpip - ok
16:39:56.0921 0168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:39:56.0937 0168 TDPIPE - ok
16:39:57.0234 0168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:39:57.0234 0168 TDTCP - ok
16:39:57.0546 0168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:39:57.0546 0168 TermDD - ok
16:39:57.0843 0168 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:39:57.0843 0168 TosIde - ok
16:39:58.0140 0168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:39:58.0171 0168 Udfs - ok
16:39:58.0453 0168 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:39:58.0453 0168 ultra - ok
16:39:58.0890 0168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:39:58.0906 0168 Update - ok
16:39:59.0203 0168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:39:59.0203 0168 usbccgp - ok
16:39:59.0484 0168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:39:59.0484 0168 usbehci - ok
16:39:59.0781 0168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:39:59.0781 0168 usbhub - ok
16:40:00.0062 0168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:40:00.0062 0168 usbscan - ok
16:40:00.0343 0168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:40:00.0359 0168 USBSTOR - ok
16:40:00.0640 0168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:40:00.0640 0168 usbuhci - ok
16:40:00.0937 0168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:40:00.0937 0168 VgaSave - ok
16:40:01.0218 0168 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:40:01.0218 0168 viaagp - ok
16:40:01.0500 0168 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:40:01.0500 0168 ViaIde - ok
16:40:01.0812 0168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:40:01.0812 0168 VolSnap - ok
16:40:02.0109 0168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:40:02.0109 0168 Wanarp - ok
16:40:02.0343 0168 wanatw - ok
16:40:02.0578 0168 WDICA - ok
16:40:02.0875 0168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:40:02.0875 0168 wdmaud - ok
16:40:02.0984 0168 MBR (0x1B8) (19dc516810624d7fb0f8fcc80ae79627) \Device\Harddisk0\DR0
16:40:02.0984 0168 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
16:40:02.0984 0168 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
16:40:03.0000 0168 Boot (0x1200) (bd7664c1bb65597e7f5b646dfd24f051) \Device\Harddisk0\DR0\Partition0
16:40:03.0000 0168 \Device\Harddisk0\DR0\Partition0 - ok
16:40:03.0031 0168 Boot (0x1200) (4ba3ea940177066d9b0ac0b68de53c41) \Device\Harddisk0\DR0\Partition1
16:40:03.0031 0168 \Device\Harddisk0\DR0\Partition1 - ok
16:40:03.0031 0168 ============================================================
16:40:03.0031 0168 Scan finished
16:40:03.0031 0168 ============================================================
16:40:03.0046 2528 Detected object count: 1
16:40:03.0046 2528 Actual detected object count: 1
16:40:12.0078 2528 \Device\Harddisk0\DR0 - processing error
16:40:20.0781 2528 \Device\Harddisk0\DR0 - will be restored on reboot
16:40:20.0781 2528 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
16:40:26.0500 2960 Deinitialize success

#5 alaverkin

alaverkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 December 2011 - 07:06 PM

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-21 16:47:24
-----------------------------
16:47:24.187 OS Version: Windows 5.1.2600 Service Pack 3
16:47:24.187 Number of processors: 1 586 0x401
16:47:24.187 ComputerName: SQLWS06 UserName: Admin
16:47:25.031 Initialize success
16:49:16.515 AVAST engine defs: 11122102
16:55:35.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:55:35.203 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
16:55:35.218 Disk 0 MBR read successfully
16:55:35.218 Disk 0 MBR scan
16:55:35.359 Disk 0 Windows XP default MBR code
16:55:35.375 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
16:55:35.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53976 MB offset 64260
16:55:35.406 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
16:55:35.421 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
16:55:35.468 Disk 0 scanning sectors +156232125
16:55:35.562 Disk 0 scanning C:\WINDOWS\system32\drivers
16:55:59.703 Service scanning
16:56:02.718 Modules scanning
16:56:22.343 Disk 0 trace - called modules:
16:56:22.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
16:56:22.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f9aab8]
16:56:22.375 3 CLASSPNP.SYS[f86f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe1b00]
16:56:23.218 AVAST engine scan C:\WINDOWS
16:56:35.140 AVAST engine scan C:\WINDOWS\system32
17:00:53.343 AVAST engine scan C:\WINDOWS\system32\drivers
17:01:17.828 AVAST engine scan C:\Documents and Settings\Admin
17:01:36.953 AVAST engine scan C:\Documents and Settings\All Users
17:02:29.484 Scan finished successfully

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 PM

Posted 28 December 2011 - 10:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433811 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 PM

Posted 28 December 2011 - 05:41 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users