Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDLSF or Trojan DOS/Alureon.E


  • This topic is locked This topic is locked
32 replies to this topic

#1 Lampliter

Lampliter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 21 January 2012 - 11:58 PM

New Topic

System: Acer Aspire One Notebook A0751h w/ Windows XP Home
Malware: TDLSF or Trojan DOS/Alureon.E
Location: boot:\\.\PHYSICALDRIVE0\Partition2 (Type 17)

I noticed that Google searches on my granddaughter’s computer were being redirected. I couldn’t update Microsoft Security Essentials or run any of the best malware removers. I tried many programs. I reinstalled the system using the built-in recovery program. The malware survived the reinstall, but at least now Microsoft Security Essentials could be updated and found Trojan DOS/Alureon.E. I followed the procedure in your removal guide for Alureon and ran Kaspersky TDSSKiller. The Kaspersky log says, “TDLFS – deleted” but Microsoft Security Essentials continues to claim the infection still exists. It keeps saying it needs to restart to remove the infection but each time it restarts it still says it need to restart to remove the infection. It reports error code 0x80501001.

MBAM found: Heuristics.Reserved.Word.Exploit but the problem continued.
Combfix freezes

I also have another identical Aspire One with a clean system and Combofix runs perfectly on the clean system. I downloaded Windows XP Setup disks on the desktops of both notebooks and dropped the files onto Combofix. It said the recovery console was installed but when I try to start the recovery console on either computer I get a disk error message and have to restart.

Comparing the two disk systems with XP’s Disk Management shows that the infected computer has had an additional partition appended to the end of disk. Disk Management says the size is 8 mb and that the space is empty (100% free). Please see Manage.doc attached for a print screen of the disk management. Attached File  Manage.doc   88KB   0 downloads

I would greatly appreciate your advice on how to proceed. I assume the Volume Boot Record has been damaged. I have listed below the results of diagnostics I have run comparing the infected (dirty) computer with the one without any problems (clean).

Thank you for your assistance,
Lampliter


When I read the TDSSKiller logs from the two computers the MBR data is identical but boot records are different:
Dirty: Boot (0x1200) (eb84a5b96571eac9a39ce168f129d0ce) \Device\Harddisk0\DR0\Partition0
Clean: Boot (0x1200) (308031d1dd014d64b1fee2c8cae61c89) \Device\Harddisk0\DR0\Partition0


aswMBR log Dirty:
20:22:51.953 Disk 0 Windows VISTA default MBR code
20:22:51.968 Disk 0 Partition 1 00 12 Compaq diag NTFS 8192 MB offset 2048
20:22:52.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 144433 MB offset 16779264
20:22:52.390 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 312578048
20:22:52.406 Disk 0 scanning sectors +312581792

aswMBR log Clean:
21:08:48.296 Disk 0 Windows VISTA default MBR code
21:08:48.312 Disk 0 Partition 1 00 12 Compaq diag NTFS 8192 MB offset 2048
21:08:48.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 144433 MB offset 16779264
21:08:48.421 Disk 0 scanning sectors +312578048

The two logs from MBR Check are given below, the infected computer first:
Dirty Notebook:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00100004

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF748E000 ACPI.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747D000 pci.sys
0xF75BD000 isapnp.sys
0xF745D000 fltMgr.sys
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AC1000 aliide.sys
0xF7AC3000 cmdide.sys
0xF7AC5000 toside.sys
0xF7AC7000 viaide.sys
0xF7AC9000 intelide.sys
0xF75CD000 MountMgr.sys
0xF743E000 ftdisk.sys
0xF79D9000 ACPIEC.sys
0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7845000 PartMgr.sys
0xF75DD000 VolSnap.sys
0xF79DD000 cpqarray.sys
0xF7426000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF740E000 atapi.sys
0xF79E1000 aha154x.sys
0xF784D000 sparrow.sys
0xF79E5000 symc810.sys
0xF75ED000 aic78xx.sys
0xF79E9000 dac960nt.sys
0xF75FD000 ql10wnt.sys
0xF79ED000 amsint.sys
0xF7855000 asc.sys
0xF79F1000 asc3550.sys
0xF785D000 mraid35x.sys
0xF7865000 i2omp.sys
0xF79F5000 ini910u.sys
0xF760D000 ql1240.sys
0xF761D000 aic78u2.sys
0xF786D000 symc8xx.sys
0xF7875000 sym_hi.sys
0xF787D000 sym_u3.sys
0xF7885000 ABP480N5.SYS
0xF788D000 asc3350p.sys
0xF7ACB000 cd20xrnt.sys
0xF762D000 ultra.sys
0xF73F5000 adpu160m.sys
0xF7895000 dpti2o.sys
0xF763D000 ql1080.sys
0xF764D000 ql1280.sys
0xF765D000 ql12160.sys
0xF789D000 perc2.sys
0xF7ACD000 perc2hib.sys
0xF78A5000 hpn.sys
0xF79F9000 cbidf2k.sys
0xF73C9000 dac2w2k.sys
0xF766D000 disk.sys
0xF767D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B7000 sr.sys
0xF737A000 PCTCore.sys
0xF7323000 pctDS.sys
0xF730C000 KSecDD.sys
0xF727F000 Ntfs.sys
0xF7252000 NDIS.sys
0xF768D000 sisagp.sys
0xF769D000 viaagp.sys
0xF7238000 Mup.sys
0xF76AD000 alim1541.sys
0xF76BD000 amdagp.sys
0xF76CD000 agp440.sys
0xF76DD000 agpCPQ.sys
0xF7208000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7204000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF780D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6B3C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6B28000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6ADF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6996000 \SystemRoot\system32\DRIVERS\athw.sys
0xF794D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6972000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7955000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF781D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF795D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7965000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6941000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AEB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF782D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF68C5000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF796D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7CDE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF70A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF68AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7099000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7089000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7975000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF689D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7079000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF797D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7985000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7069000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF687A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF681C000 \SystemRoot\system32\DRIVERS\update.sys
0xF71F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7049000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF61F9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF61D5000 \SystemRoot\system32\drivers\portcls.sys
0xF7039000 \SystemRoot\system32\drivers\drmk.sys
0xF7019000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AAD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF60E6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7B01000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CD1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B03000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A5000 \SystemRoot\System32\drivers\vga.sys
0xF7B05000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B07000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79AD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF720C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF608B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6032000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF600A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5FE4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF680C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5FC2000 \SystemRoot\System32\drivers\afd.sys
0xF770D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF771D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5F97000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5F27000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF79C5000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBDB9A74-FC7A-410C-805F-110E5705D04C}\MpKsl096b187c.sys
0xF774D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78B5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF5E91000 \SystemRoot\System32\Drivers\usbvideo.sys
0xF5E79000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B09000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF61C5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78D5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D01000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01E000 \SystemRoot\System32\igxpdd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF1D1000 \SystemRoot\System32\ATMFD.DLL
0xEC910000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC67B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEC533000 \SystemRoot\system32\DRIVERS\srv.sys
0xEC42E000 \SystemRoot\system32\drivers\wdmaud.sys
0xEC860000 \SystemRoot\system32\drivers\sysaudio.sys
0xEBE1F000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7AE7000 \SystemRoot\system32\DRIVERS\serscan.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
712 csrss.exe
740 C:\WINDOWS\system32\winlogon.exe
784 C:\WINDOWS\system32\services.exe
796 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1084 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1144 C:\WINDOWS\system32\svchost.exe
1324 svchost.exe
1380 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1676 svchost.exe
1712 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1776 C:\WINDOWS\system32\svchost.exe
1812 C:\WINDOWS\system32\svchost.exe
1876 C:\WINDOWS\system32\svchost.exe
1956 C:\Program Files\Acer\Acer VCM\RS_Service.exe
128 C:\WINDOWS\system32\svchost.exe
916 C:\WINDOWS\explorer.exe
1580 C:\WINDOWS\system32\wscntfy.exe
2312 C:\WINDOWS\RTHDCPL.EXE
2400 C:\WINDOWS\system32\igfxtray.exe
2408 C:\WINDOWS\system32\hkcmd.exe
2420 C:\WINDOWS\system32\PersistenceThread.exe
2432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2464 C:\Program Files\Launch Manager\LManager.exe
2536 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
2608 C:\Program Files\Microsoft Security Client\msseces.exe
2624 C:\WINDOWS\system32\ctfmon.exe
2656 C:\Program Files\Messenger\msmsgs.exe
2716 alg.exe
2752 C:\WINDOWS\system32\igfxsrvc.exe
2772 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3328 C:\WINDOWS\system32\igfxext.exe
3768 C:\WINDOWS\system32\svchost.exe
2060 C:\Documents and Settings\GraceAnne\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`00100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1655GSX, Rev: FG011J

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Clean Computer:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0010000c

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF748E000 ACPI.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747D000 pci.sys
0xF75BD000 isapnp.sys
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75CD000 MountMgr.sys
0xF745E000 ftdisk.sys
0xF79D9000 ACPIEC.sys
0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7845000 PartMgr.sys
0xF75DD000 VolSnap.sys
0xF7446000 atapi.sys
0xF75ED000 disk.sys
0xF75FD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7426000 fltMgr.sys
0xF7414000 sr.sys
0xF73FD000 KSecDD.sys
0xF7370000 Ntfs.sys
0xF7343000 NDIS.sys
0xF7329000 Mup.sys
0xF7A9D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7AA1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF77AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6BC7000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6BB3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B8B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6B68000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6A1F000 \SystemRoot\system32\DRIVERS\athw.sys
0xF78ED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF69FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78FD000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7905000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF69CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AD5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77CD000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF694E000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF790D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7C70000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6937000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77FD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7915000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6926000 \SystemRoot\system32\DRIVERS\psched.sys
0xF780D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF791D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7925000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF781D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6909000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF68F1000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7AD7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF68CE000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6870000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF782D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF761D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF762D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF628A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF6266000 \SystemRoot\system32\drivers\portcls.sys
0xF763D000 \SystemRoot\system32\drivers\drmk.sys
0xF766D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A85000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF61EF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7B29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BD1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF797D000 \SystemRoot\System32\drivers\vga.sys
0xF7B2D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B2F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7985000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF798D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6256000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF611C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF60C3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF609B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6075000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF623E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF769D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6053000 \SystemRoot\System32\drivers\afd.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6028000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5FB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7995000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF76CD000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5F9A000 \SystemRoot\System32\Drivers\usbvideo.sys
0xF771D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5F5A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B31000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A95000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79AD000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C13000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01E000 \SystemRoot\System32\igxpdd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF1D1000 \SystemRoot\System32\ATMFD.DLL
0xECAF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC864000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEC744000 \SystemRoot\system32\DRIVERS\srv.sys
0xEC347000 \SystemRoot\system32\drivers\wdmaud.sys
0xECA59000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC120000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B5B000 \SystemRoot\system32\DRIVERS\serscan.sys
0xEB805000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
708 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1044 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1080 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1312 svchost.exe
1516 C:\WINDOWS\system32\spoolsv.exe
1592 svchost.exe
1632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1672 C:\WINDOWS\system32\svchost.exe
1692 C:\WINDOWS\system32\svchost.exe
1724 C:\WINDOWS\system32\svchost.exe
1744 C:\Program Files\Acer\Acer VCM\RS_Service.exe
1776 C:\WINDOWS\system32\svchost.exe
584 alg.exe
220 C:\WINDOWS\explorer.exe
1156 C:\WINDOWS\RTHDCPL.EXE
1404 C:\WINDOWS\system32\PersistenceThread.exe
916 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1444 C:\Program Files\Launch Manager\LManager.exe
1456 C:\Program Files\Microsoft Security Client\msseces.exe
1560 C:\Program Files\Skype\Phone\Skype.exe
1252 C:\WINDOWS\system32\igfxsrvc.exe
2184 C:\Program Files\MagicDisc\MagicDisc.exe
2280 C:\WINDOWS\system32\igfxext.exe
2324 C:\WINDOWS\system32\svchost.exe
396 C:\Documents and Settings\JuliaHope\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`00100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1655GSX, Rev: FG011J

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 26 January 2012 - 07:25 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 January 2012 - 07:36 PM

Hello Gringo,

Thank you, for taking time to help me.

I ran Defogger. It finished and did not ask for a reboot.

Here is the log from DDS:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 27/01/2012 (user name)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
I closed the Defogger screen and then I ran the dds.com version.
It got as far as placing hash tags “#####” about ¾ of the way across the screen.
Then it seemed to stop. Shortly after that the mouse wouldn’t move.
I couldn’t bring up the Task Manager using the keyboard.
I waited a little longer, then held down the power button and rebooted the machine.
I couldn’t find any DDS logs on the desktop or in the root directory.

Edited by Lampliter, 27 January 2012 - 08:03 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 27 January 2012 - 10:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 January 2012 - 05:06 PM

Hello again and thank you for your continued assistance.


I disabled MS Security Essentials, exited Super Anti Spyware Free Version, and turned off Windows Firewall.

I downloaded Combofix version 12.1.28.1 from Bleeping Computer. I placed it on a drive connected to my router.

I had tried to install Recovery Console using Combofix at an earlier date. It is now a start up option, but it does not work. This seems to be a problem with the Acer and not related to the infection.

I moved the old version off the desktop and renamed the old Qoobox folder. I did not run the uninstall command.

I copied the latest version of Combofix from the network drive to the desktop and launched it at 9:04 am.

It said preparing to run and then saved about 11 files.

It said attempting system restore point.

At 9:05 am is said scan begun

The hard disk activity light blinked rapidly for about a minute or less. Then I didn’t see it light again.

I was watching the disk activity light but I noticed at 9:09 am that the cursor had stopped blinking.

Later, I noticed that the time on the clock was still at 9:09 am and apparently the screen was no longer updating.

I waited over 40 minutes and nothing happened. I turned the computer off at 9:51.

When I turned the computer back on it booted normally. I could not find a log file for Combofix.

A new Qoobox folder had been created at 9:04, and also a folder called ComboFix at 9:06.

When reactivated, the MS security program still wanted to try to clean up the infection.

Best regards,
Lampliter

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 28 January 2012 - 08:08 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 January 2012 - 08:02 AM

Great! That worked. Here is the log:

ComboFix 12-01-29.01 - GraceAnne 01/29/2012 7:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.488 [GMT -5:00]
Running from: c:\documents and settings\GraceAnne\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 12:33 . 2012-01-29 12:33 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C8C5E1-DAD8-483E-B449-F92AA980EC8A}\offreg.dll
2012-01-28 14:54 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C8C5E1-DAD8-483E-B449-F92AA980EC8A}\mpengine.dll
2012-01-20 23:25 . 2012-01-20 23:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-20 23:25 . 2012-01-20 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-19 21:03 . 2012-01-19 21:05 -------- d-----w- C:\Old_Qoobox
2012-01-08 04:52 . 2012-01-08 04:52 -------- d-----w- c:\program files\CCleaner
2012-01-08 03:55 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-08 03:55 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-08 03:55 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-08 03:55 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-08 03:55 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-08 03:54 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-08 03:54 . 2012-01-08 04:27 -------- d-----w- c:\program files\PC Tools Security
2012-01-08 03:54 . 2012-01-08 04:00 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-08 03:51 . 2012-01-08 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-07 18:13 . 2012-01-07 18:13 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-07 18:12 . 2012-01-07 18:12 -------- d-----w- c:\program files\MSBuild
2012-01-07 18:12 . 2012-01-07 18:12 -------- d-----w- c:\program files\Reference Assemblies
2012-01-07 18:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-07 18:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-07 18:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-07 18:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-07 18:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-07 18:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-07 18:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-07 18:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-07 18:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-07 18:11 . 2012-01-07 18:12 -------- d-----w- C:\3fa1e62d7978f7aa4daffb927d792c18
2012-01-07 04:34 . 2012-01-07 04:34 -------- d-----w- C:\4cfb9ddaab828618316b61c9d4
2012-01-07 04:34 . 2012-01-07 11:14 -------- d-----w- C:\c18f49259ccc86f0d9e2
2012-01-07 01:39 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 01:39 . 2012-01-20 22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 01:14 . 2012-01-07 01:14 -------- d-----w- C:\38bbca295b292862af
2012-01-07 01:14 . 2012-01-07 01:15 -------- d-----w- C:\4564d919672df3672b31bed13bf8
2012-01-07 01:12 . 2012-01-07 01:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-07 01:00 . 2012-01-07 01:00 -------- d-----w- c:\windows\ServicePackFiles
2012-01-07 00:58 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-07 00:57 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-07 00:57 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-07 00:57 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-07 00:55 . 2012-01-07 00:57 -------- dc-h--w- c:\windows\ie8
2012-01-06 17:21 . 2012-01-21 01:15 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-06 17:21 . 2012-01-06 17:21 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-05 04:15 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-05 02:12 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-05 02:12 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-05 02:09 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 20:31 . 2012-01-02 20:31 -------- d-----w- c:\windows\system32\LogFiles
2012-01-02 18:47 . 2012-01-02 18:47 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-02 18:46 . 2012-01-02 18:46 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-01-02 18:43 . 2012-01-02 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2012-01-02 18:42 . 2007-03-15 20:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2012-01-02 18:42 . 2007-03-15 20:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2012-01-02 18:42 . 2006-10-31 18:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
2012-01-02 18:42 . 2006-10-31 18:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
2012-01-02 18:42 . 2007-02-06 22:00 39424 ----a-w- c:\windows\system32\HPBPRO.DLL
2012-01-02 18:42 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBPROPS.DLL
2012-01-02 18:42 . 2007-02-06 22:00 25600 ----a-w- c:\windows\system32\HPBOID.DLL
2012-01-02 18:42 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBOIDPS.DLL
2012-01-02 18:42 . 2006-10-31 18:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL
2012-01-02 18:42 . 2007-02-06 22:00 24576 ----a-w- c:\windows\system32\HPBMIAPI.DLL
2012-01-02 18:42 . 2006-10-31 18:48 241721 ----a-w- c:\windows\system32\HPBMINI.DLL
2012-01-02 18:42 . 2012-01-02 18:42 -------- d-----w- c:\program files\ACER PATCH LTV2016
2012-01-02 18:41 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-02 18:41 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-01-02 18:41 . 2008-12-13 01:20 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe
2012-01-02 18:41 . 2008-12-12 16:41 626688 ----a-w- c:\windows\Image.dll
2012-01-02 18:41 . 2008-02-25 16:13 4838 ----a-w- c:\windows\Suyin.reg
2012-01-02 18:39 . 2007-05-03 00:03 267864 ----a-w- c:\windows\system32\hpzids01.dll
2012-01-02 18:39 . 2007-05-03 00:03 267864 ----a-w- C:\hpzids01.dll
2012-01-02 18:39 . 2007-05-02 23:01 675840 ----a-w- c:\windows\system32\hpowiax5.dll
2012-01-02 18:39 . 2007-05-02 23:00 303104 ----a-w- c:\windows\system32\hpovst12.dll
2012-01-02 18:39 . 2007-05-02 22:56 954368 ----a-w- c:\windows\system32\hpotiop5.dll
2012-01-02 18:39 . 2007-03-08 19:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2012-01-02 18:39 . 2012-01-02 18:39 -------- d-----w- c:\program files\HP
2012-01-02 18:39 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-01-02 18:39 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-01-02 18:38 . 2012-01-02 18:38 -------- d-----w- c:\program files\Common Files\CyberLink
2012-01-02 18:37 . 2012-01-02 18:38 -------- d-----w- c:\program files\CyberLink
2012-01-02 18:33 . 2012-01-04 09:26 236576 ------w- c:\windows\system32\MpSigStub.exe
2012-01-02 18:32 . 2007-03-12 10:16 56080 ----a-w- c:\windows\system32\QtBtLib.dll
2012-01-02 18:32 . 2004-12-09 04:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2012-01-02 18:32 . 2004-12-08 06:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2012-01-02 18:32 . 2012-01-02 18:32 -------- d-----w- c:\program files\Launch Manager
2012-01-02 18:32 . 2007-12-03 07:11 207368 ----a-w- c:\windows\UNINST32.EXE
2012-01-02 18:31 . 2012-01-02 17:16 -------- d---a-w- c:\windows\BTW
2012-01-02 18:29 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-02 18:29 . 2012-01-02 18:29 -------- d-----w- c:\program files\Synaptics
2012-01-02 18:28 . 2012-01-02 18:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-02 18:28 . 2009-02-27 08:21 205360 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-01-02 18:28 . 2009-02-27 08:21 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-01-02 18:28 . 2009-02-27 08:20 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2012-01-02 18:28 . 2009-02-27 08:20 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-01-02 18:28 . 2009-02-27 08:20 169256 ----a-w- c:\windows\system32\SynCOM.dll
2012-01-02 18:28 . 2008-07-08 02:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-02 18:23 . 2012-01-02 17:16 -------- d---a-w- c:\windows\Dev1
2012-01-02 18:22 . 2012-01-28 00:44 -------- d-----w- c:\documents and settings\GraceAnne
2012-01-02 18:22 . 2009-04-15 14:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Acer
2012-01-02 18:22 . 2009-04-15 14:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Acer GameZone Console
2012-01-02 18:22 . 2009-04-15 13:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2012-01-02 17:27 . 2012-01-02 17:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2012-01-02 17:16 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-01-02 17:16 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-02 17:16 . 2008-04-14 12:00 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 18:36 . 2009-04-15 14:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-01-02 18:36 . 2009-04-15 14:06 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-02 18:36 . 2009-04-15 14:06 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-02 18:31 . 2008-09-09 10:51 627 ----a-w- c:\windows\CLEANUP.CMD
2011-11-25 21:57 . 2009-04-15 13:23 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2009-04-15 13:23 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2009-04-15 13:23 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2009-04-15 13:23 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2009-04-15 13:23 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2009-04-15 13:23 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2009-04-15 13:23 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-04-15 13:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-04-15 13:23 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2009-04-15 13:23 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2009-04-15 13:23 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2009-04-15 13:23 1288704 ----a-w- c:\windows\system32\ole32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-15 565248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-15 14:04 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/7/2012 10:55 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/7/2012 10:55 PM 338880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [4/15/2009 9:59 AM 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [4/15/2009 8:48 AM 5096544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/15/2009 8:52 AM 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2009 9:04 AM 24064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2012 8:39 PM 20464]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/15/2009 8:53 AM 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [1/7/2012 10:54 PM 366840]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2012 8:39 PM 652872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0112&m=ao751h
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 07:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2012-01-29 07:37:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 12:37
.
Pre-Run: 133,639,487,488 bytes free
Post-Run: 134,044,225,536 bytes free
.
- - End Of File - - 319158F24FFCDB2572C16E7E6489525E

Thanks again,
Lampliter

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 29 January 2012 - 12:43 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 30 January 2012 - 12:01 PM

Gringo,

When Security Essentials first warned I had an Alureon infection, I ran TDSSKiller on Jan 4.
On Jan 30, I also downloaded and ran the latest TDSSKiller version and copied the report.
Both reports are given below, Jan 4 is first and Jan 30 is second:

21:11:52.0984 3408 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:11:53.0296 3408 ============================================================
21:11:53.0296 3408 Current date / time: 2012/01/04 21:11:53.0296
21:11:53.0296 3408 SystemInfo:
21:11:53.0296 3408
21:11:53.0296 3408 OS Version: 5.1.2600 ServicePack: 3.0
21:11:53.0296 3408 Product type: Workstation
21:11:53.0296 3408 ComputerName: G-NET
21:11:53.0296 3408 UserName: GraceAnne
21:11:53.0296 3408 Windows directory: C:\WINDOWS
21:11:53.0296 3408 System windows directory: C:\WINDOWS
21:11:53.0296 3408 Processor architecture: Intel x86
21:11:53.0296 3408 Number of processors: 2
21:11:53.0296 3408 Page size: 0x1000
21:11:53.0296 3408 Boot type: Normal boot
21:11:53.0296 3408 ============================================================
21:11:56.0296 3408 Initialize success
21:11:59.0093 3716 ============================================================
21:11:59.0093 3716 Scan started
21:11:59.0093 3716 Mode: Manual;
21:11:59.0093 3716 ============================================================
21:12:01.0062 3716 Abiosdsk - ok
21:12:01.0578 3716 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:12:01.0593 3716 abp480n5 - ok
21:12:01.0656 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:12:01.0671 3716 ACPI - ok
21:12:01.0687 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:12:01.0703 3716 ACPIEC - ok
21:12:01.0796 3716 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:12:01.0796 3716 adpu160m - ok
21:12:02.0093 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:12:02.0109 3716 aec - ok
21:12:02.0140 3716 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
21:12:02.0156 3716 AFD - ok
21:12:02.0187 3716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:12:02.0187 3716 agp440 - ok
21:12:02.0203 3716 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:12:02.0203 3716 agpCPQ - ok
21:12:02.0218 3716 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:12:02.0234 3716 Aha154x - ok
21:12:02.0250 3716 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:12:02.0250 3716 aic78u2 - ok
21:12:02.0281 3716 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:12:02.0281 3716 aic78xx - ok
21:12:02.0312 3716 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:12:02.0312 3716 AliIde - ok
21:12:02.0593 3716 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:12:02.0609 3716 alim1541 - ok
21:12:02.0968 3716 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:12:03.0062 3716 Ambfilt - ok
21:12:03.0187 3716 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:12:03.0187 3716 amdagp - ok
21:12:03.0234 3716 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:12:03.0250 3716 amsint - ok
21:12:03.0343 3716 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys
21:12:03.0390 3716 AR5416 - ok
21:12:03.0515 3716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:12:03.0531 3716 asc - ok
21:12:03.0562 3716 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:12:03.0578 3716 asc3350p - ok
21:12:03.0906 3716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:12:03.0921 3716 asc3550 - ok
21:12:03.0984 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:12:03.0984 3716 AsyncMac - ok
21:12:04.0015 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:12:04.0015 3716 atapi - ok
21:12:04.0031 3716 Atdisk - ok
21:12:04.0078 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:12:04.0093 3716 Atmarpc - ok
21:12:04.0140 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:12:04.0156 3716 audstub - ok
21:12:04.0234 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:12:04.0234 3716 Beep - ok
21:12:04.0328 3716 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:12:04.0343 3716 cbidf - ok
21:12:04.0406 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:12:04.0406 3716 cbidf2k - ok
21:12:04.0468 3716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:12:04.0484 3716 CCDECODE - ok
21:12:04.0500 3716 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:12:04.0500 3716 cd20xrnt - ok
21:12:04.0531 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:12:04.0546 3716 Cdaudio - ok
21:12:04.0656 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:12:04.0656 3716 Cdfs - ok
21:12:04.0750 3716 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:12:04.0750 3716 Cdrom - ok
21:12:04.0765 3716 Changer - ok
21:12:04.0843 3716 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:12:04.0859 3716 CmBatt - ok
21:12:04.0921 3716 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:12:04.0921 3716 CmdIde - ok
21:12:05.0031 3716 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:12:05.0031 3716 Compbatt - ok
21:12:05.0109 3716 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:12:05.0125 3716 Cpqarray - ok
21:12:05.0171 3716 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:12:05.0218 3716 dac2w2k - ok
21:12:05.0265 3716 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:12:05.0265 3716 dac960nt - ok
21:12:05.0625 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:12:05.0625 3716 Disk - ok
21:12:05.0718 3716 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
21:12:05.0718 3716 DKbFltr - ok
21:12:05.0812 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:12:05.0859 3716 dmboot - ok
21:12:05.0937 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:12:05.0937 3716 dmio - ok
21:12:06.0015 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:12:06.0015 3716 dmload - ok
21:12:06.0062 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:12:06.0062 3716 DMusic - ok
21:12:06.0140 3716 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:12:06.0156 3716 dpti2o - ok
21:12:06.0453 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:12:06.0453 3716 drmkaud - ok
21:12:06.0781 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:12:06.0781 3716 Fastfat - ok
21:12:06.0843 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:12:06.0843 3716 Fdc - ok
21:12:06.0921 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:12:06.0921 3716 Fips - ok
21:12:06.0937 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:12:06.0953 3716 Flpydisk - ok
21:12:07.0000 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:12:07.0000 3716 FltMgr - ok
21:12:07.0062 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:12:07.0093 3716 Fs_Rec - ok
21:12:07.0156 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:12:07.0171 3716 Ftdisk - ok
21:12:07.0265 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:12:07.0265 3716 Gpc - ok
21:12:07.0375 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:12:07.0375 3716 HDAudBus - ok
21:12:07.0468 3716 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:12:07.0468 3716 hpn - ok
21:12:07.0937 3716 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:12:07.0937 3716 HTTP - ok
21:12:08.0000 3716 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:12:08.0000 3716 i2omgmt - ok
21:12:08.0046 3716 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:12:08.0046 3716 i2omp - ok
21:12:08.0093 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:12:08.0093 3716 i8042prt - ok
21:12:08.0578 3716 igd (8b15d86eb89a7234522acf38de0ef1e7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:12:08.0781 3716 igd - ok
21:12:08.0953 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:12:09.0218 3716 Imapi - ok
21:12:09.0281 3716 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:12:09.0296 3716 ini910u - ok
21:12:09.0640 3716 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:12:09.0734 3716 IntcAzAudAddService - ok
21:12:10.0171 3716 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:12:10.0171 3716 IntelIde - ok
21:12:10.0718 3716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:12:10.0718 3716 intelppm - ok
21:12:11.0203 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:12:11.0203 3716 Ip6Fw - ok
21:12:11.0250 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:12:11.0250 3716 IpFilterDriver - ok
21:12:11.0750 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:12:11.0750 3716 IpInIp - ok
21:12:12.0140 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:12:12.0375 3716 IpNat - ok
21:12:12.0656 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:12:12.0671 3716 IPSec - ok
21:12:12.0953 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:12:12.0953 3716 IRENUM - ok
21:12:13.0515 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:12:13.0515 3716 isapnp - ok
21:12:13.0781 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:12:13.0796 3716 Kbdclass - ok
21:12:14.0156 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:12:14.0390 3716 kmixer - ok
21:12:14.0453 3716 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
21:12:14.0453 3716 KSecDD - ok
21:12:14.0531 3716 lbrtfdc - ok
21:12:14.0906 3716 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:12:14.0953 3716 MBAMSwissArmy - ok
21:12:15.0421 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:12:15.0437 3716 mnmdd - ok
21:12:15.0734 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:12:15.0750 3716 Modem - ok
21:12:16.0375 3716 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:12:16.0625 3716 Monfilt - ok
21:12:17.0203 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:12:17.0203 3716 Mouclass - ok
21:12:17.0531 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:12:17.0531 3716 MountMgr - ok
21:12:17.0796 3716 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:12:17.0796 3716 MpFilter - ok
21:12:18.0359 3716 MpKslb95244cc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2762999-2D01-456D-868E-5129997DADA7}\MpKslb95244cc.sys
21:12:18.0359 3716 MpKslb95244cc - ok
21:12:18.0703 3716 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:12:18.0703 3716 mraid35x - ok
21:12:19.0015 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:12:19.0031 3716 MRxDAV - ok
21:12:19.0562 3716 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:12:19.0796 3716 MRxSmb - ok
21:12:20.0109 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:12:20.0109 3716 Msfs - ok
21:12:20.0390 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:12:20.0390 3716 MSKSSRV - ok
21:12:20.0671 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:12:20.0671 3716 MSPCLOCK - ok
21:12:20.0937 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:12:20.0937 3716 MSPQM - ok
21:12:21.0375 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:12:21.0375 3716 mssmbios - ok
21:12:21.0453 3716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:12:21.0468 3716 MSTEE - ok
21:12:21.0531 3716 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:12:21.0546 3716 Mup - ok
21:12:21.0937 3716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:12:21.0953 3716 NABTSFEC - ok
21:12:22.0359 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:12:22.0609 3716 NDIS - ok
21:12:23.0078 3716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:12:23.0078 3716 NdisIP - ok
21:12:23.0437 3716 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:12:23.0437 3716 NdisTapi - ok
21:12:23.0828 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:12:23.0843 3716 Ndisuio - ok
21:12:24.0140 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:12:24.0171 3716 NdisWan - ok
21:12:24.0531 3716 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:12:24.0531 3716 NDProxy - ok
21:12:24.0812 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:12:24.0828 3716 NetBIOS - ok
21:12:24.0984 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:12:25.0000 3716 NetBT - ok
21:12:25.0140 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:12:25.0156 3716 Npfs - ok
21:12:25.0390 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:12:25.0531 3716 Ntfs - ok
21:12:25.0734 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:12:25.0750 3716 Null - ok
21:12:26.0031 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:12:26.0062 3716 NwlnkFlt - ok
21:12:26.0109 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:12:26.0125 3716 NwlnkFwd - ok
21:12:26.0203 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:12:26.0218 3716 Parport - ok
21:12:26.0453 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:12:26.0453 3716 PartMgr - ok
21:12:26.0546 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:12:26.0546 3716 ParVdm - ok
21:12:26.0734 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:12:26.0734 3716 PCI - ok
21:12:26.0765 3716 PCIDump - ok
21:12:26.0781 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:12:26.0796 3716 PCIIde - ok
21:12:26.0843 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:12:26.0859 3716 Pcmcia - ok
21:12:26.0875 3716 PDCOMP - ok
21:12:26.0953 3716 PDFRAME - ok
21:12:27.0171 3716 PDRELI - ok
21:12:27.0234 3716 PDRFRAME - ok
21:12:27.0656 3716 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:12:27.0671 3716 perc2 - ok
21:12:27.0703 3716 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:12:27.0718 3716 perc2hib - ok
21:12:27.0843 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:12:27.0859 3716 PptpMiniport - ok
21:12:28.0000 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:12:28.0015 3716 PSched - ok
21:12:28.0046 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:12:28.0046 3716 Ptilink - ok
21:12:28.0109 3716 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:12:28.0140 3716 ql1080 - ok
21:12:28.0312 3716 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:12:28.0328 3716 Ql10wnt - ok
21:12:28.0359 3716 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:12:28.0375 3716 ql12160 - ok
21:12:28.0406 3716 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:12:28.0406 3716 ql1240 - ok
21:12:28.0656 3716 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:12:28.0656 3716 ql1280 - ok
21:12:28.0750 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:12:28.0750 3716 RasAcd - ok
21:12:28.0890 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:12:28.0890 3716 Rasl2tp - ok
21:12:29.0250 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:12:29.0468 3716 RasPppoe - ok
21:12:29.0515 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:12:29.0515 3716 Raspti - ok
21:12:30.0156 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:12:30.0171 3716 Rdbss - ok
21:12:30.0656 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:12:30.0671 3716 RDPCDD - ok
21:12:30.0734 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:12:30.0750 3716 rdpdr - ok
21:12:31.0375 3716 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:12:31.0375 3716 RDPWD - ok
21:12:31.0671 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:12:31.0671 3716 redbook - ok
21:12:31.0921 3716 RSUSBSTOR - ok
21:12:32.0421 3716 RTLE8023xp (f42679371a71a94a451785e714ef2710) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:12:32.0437 3716 RTLE8023xp - ok
21:12:32.0796 3716 RtsUIR - ok
21:12:33.0109 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:12:33.0109 3716 Secdrv - ok
21:12:33.0406 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:12:33.0625 3716 Serial - ok
21:12:33.0671 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:12:33.0687 3716 Sfloppy - ok
21:12:34.0437 3716 Simbad - ok
21:12:34.0531 3716 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:12:34.0531 3716 sisagp - ok
21:12:34.0671 3716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:12:34.0671 3716 SLIP - ok
21:12:34.0703 3716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:12:34.0718 3716 Sparrow - ok
21:12:34.0750 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:12:34.0750 3716 splitter - ok
21:12:34.0828 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:12:34.0828 3716 sr - ok
21:12:35.0000 3716 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
21:12:35.0015 3716 Srv - ok
21:12:35.0062 3716 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:12:35.0062 3716 StillCam - ok
21:12:35.0109 3716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:12:35.0109 3716 streamip - ok
21:12:35.0265 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:12:35.0281 3716 swenum - ok
21:12:35.0343 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:12:35.0343 3716 swmidi - ok
21:12:35.0515 3716 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:12:35.0515 3716 symc810 - ok
21:12:35.0546 3716 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:12:35.0562 3716 symc8xx - ok
21:12:35.0578 3716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:12:35.0593 3716 sym_hi - ok
21:12:35.0609 3716 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:12:35.0625 3716 sym_u3 - ok
21:12:35.0703 3716 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:12:35.0703 3716 SynTP - ok
21:12:35.0765 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:12:35.0781 3716 sysaudio - ok
21:12:36.0062 3716 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:12:36.0078 3716 Tcpip - ok
21:12:36.0218 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:12:36.0234 3716 TDPIPE - ok
21:12:36.0437 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:12:36.0453 3716 TDTCP - ok
21:12:36.0781 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:12:36.0781 3716 TermDD - ok
21:12:37.0109 3716 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:12:37.0125 3716 TosIde - ok
21:12:37.0265 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:12:37.0265 3716 Udfs - ok
21:12:37.0343 3716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:12:37.0390 3716 ultra - ok
21:12:37.0718 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:12:37.0734 3716 Update - ok
21:12:37.0937 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:12:37.0953 3716 usbccgp - ok
21:12:37.0984 3716 USBCCID - ok
21:12:38.0281 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:12:38.0343 3716 usbehci - ok
21:12:38.0671 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:12:38.0687 3716 usbhub - ok
21:12:38.0734 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:12:38.0765 3716 usbprint - ok
21:12:38.0937 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:12:38.0937 3716 USBSTOR - ok
21:12:39.0000 3716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:12:39.0015 3716 usbuhci - ok
21:12:39.0093 3716 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:12:39.0093 3716 usbvideo - ok
21:12:39.0203 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:12:39.0218 3716 VgaSave - ok
21:12:39.0265 3716 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:12:39.0265 3716 viaagp - ok
21:12:39.0296 3716 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:12:39.0312 3716 ViaIde - ok
21:12:39.0343 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:12:39.0343 3716 VolSnap - ok
21:12:39.0640 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:12:39.0640 3716 Wanarp - ok
21:12:39.0828 3716 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:12:39.0843 3716 Wdf01000 - ok
21:12:39.0859 3716 WDICA - ok
21:12:39.0906 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:12:39.0921 3716 wdmaud - ok
21:12:40.0062 3716 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:12:40.0062 3716 WmiAcpi - ok
21:12:40.0171 3716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:12:40.0171 3716 WSTCODEC - ok
21:12:40.0265 3716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:12:40.0312 3716 \Device\Harddisk0\DR0 - ok
21:12:40.0546 3716 Boot (0x1200) (eb84a5b96571eac9a39ce168f129d0ce) \Device\Harddisk0\DR0\Partition0
21:12:40.0546 3716 \Device\Harddisk0\DR0\Partition0 - ok
21:12:40.0546 3716 ============================================================
21:12:40.0546 3716 Scan finished
21:12:40.0546 3716 ============================================================
21:12:40.0578 3712 Detected object count: 0
21:12:40.0578 3712 Actual detected object count: 0
21:13:06.0406 0524 ============================================================
21:13:06.0406 0524 Scan started
21:13:06.0406 0524 Mode: Manual; SigCheck; TDLFS;
21:13:06.0406 0524 ============================================================
21:13:07.0640 0524 Abiosdsk - ok
21:13:07.0687 0524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:13:08.0171 0524 abp480n5 - ok
21:13:08.0343 0524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:13:08.0703 0524 ACPI - ok
21:13:08.0734 0524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:13:09.0125 0524 ACPIEC - ok
21:13:09.0296 0524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:13:09.0718 0524 adpu160m - ok
21:13:09.0781 0524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:13:10.0250 0524 aec - ok
21:13:10.0390 0524 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
21:13:10.0750 0524 AFD - ok
21:13:10.0812 0524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:13:11.0234 0524 agp440 - ok
21:13:11.0406 0524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:13:11.0812 0524 agpCPQ - ok
21:13:11.0937 0524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:13:12.0140 0524 Aha154x - ok
21:13:12.0312 0524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:13:12.0718 0524 aic78u2 - ok
21:13:12.0843 0524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:13:13.0250 0524 aic78xx - ok
21:13:13.0437 0524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:13:13.0765 0524 AliIde - ok
21:13:13.0812 0524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:13:14.0140 0524 alim1541 - ok
21:13:14.0328 0524 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:13:14.0609 0524 Ambfilt - ok
21:13:14.0953 0524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:13:15.0531 0524 amdagp - ok
21:13:15.0687 0524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:13:15.0812 0524 amsint - ok
21:13:15.0906 0524 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys
21:13:16.0046 0524 AR5416 - ok
21:13:16.0187 0524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:13:16.0531 0524 asc - ok
21:13:16.0671 0524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:13:16.0812 0524 asc3350p - ok
21:13:16.0828 0524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:13:17.0078 0524 asc3550 - ok
21:13:17.0234 0524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:13:17.0546 0524 AsyncMac - ok
21:13:17.0718 0524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:13:18.0156 0524 atapi - ok
21:13:18.0187 0524 Atdisk - ok
21:13:18.0234 0524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:13:18.0593 0524 Atmarpc - ok
21:13:18.0703 0524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:13:19.0046 0524 audstub - ok
21:13:19.0171 0524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:13:19.0453 0524 Beep - ok
21:13:19.0578 0524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:13:19.0843 0524 cbidf - ok
21:13:19.0906 0524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:13:20.0171 0524 cbidf2k - ok
21:13:20.0453 0524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:13:20.0734 0524 CCDECODE - ok
21:13:20.0796 0524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:13:21.0000 0524 cd20xrnt - ok
21:13:21.0046 0524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:13:21.0312 0524 Cdaudio - ok
21:13:21.0453 0524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:13:21.0781 0524 Cdfs - ok
21:13:21.0843 0524 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:13:21.0968 0524 Cdrom - ok
21:13:22.0078 0524 Changer - ok
21:13:22.0140 0524 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:13:22.0421 0524 CmBatt - ok
21:13:22.0500 0524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:13:22.0781 0524 CmdIde - ok
21:13:22.0906 0524 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:13:23.0187 0524 Compbatt - ok
21:13:23.0250 0524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:13:23.0515 0524 Cpqarray - ok
21:13:23.0640 0524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:13:23.0953 0524 dac2w2k - ok
21:13:24.0031 0524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:13:24.0343 0524 dac960nt - ok
21:13:24.0500 0524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:13:24.0796 0524 Disk - ok
21:13:24.0875 0524 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
21:13:24.0953 0524 DKbFltr - ok
21:13:25.0109 0524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:13:25.0625 0524 dmboot - ok
21:13:25.0687 0524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:13:25.0984 0524 dmio - ok
21:13:26.0125 0524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:13:26.0390 0524 dmload - ok
21:13:26.0546 0524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:13:26.0921 0524 DMusic - ok
21:13:27.0000 0524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:13:27.0265 0524 dpti2o - ok
21:13:27.0390 0524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:13:27.0656 0524 drmkaud - ok
21:13:27.0765 0524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:13:28.0062 0524 Fastfat - ok
21:13:28.0203 0524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:13:28.0468 0524 Fdc - ok
21:13:28.0546 0524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:13:28.0828 0524 Fips - ok
21:13:28.0984 0524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:13:29.0265 0524 Flpydisk - ok
21:13:29.0437 0524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:13:29.0781 0524 FltMgr - ok
21:13:29.0937 0524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:13:30.0203 0524 Fs_Rec - ok
21:13:30.0250 0524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:13:30.0562 0524 Ftdisk - ok
21:13:30.0718 0524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:13:31.0015 0524 Gpc - ok
21:13:31.0187 0524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:13:31.0546 0524 HDAudBus - ok
21:13:31.0718 0524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:13:32.0000 0524 hpn - ok
21:13:32.0093 0524 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:13:32.0984 0524 HTTP - ok
21:13:33.0140 0524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:13:33.0406 0524 i2omgmt - ok
21:13:33.0562 0524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:13:33.0890 0524 i2omp - ok
21:13:33.0953 0524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:13:34.0281 0524 i8042prt - ok
21:13:34.0625 0524 igd (8b15d86eb89a7234522acf38de0ef1e7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:13:35.0390 0524 igd - ok
21:13:35.0531 0524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:13:35.0812 0524 Imapi - ok
21:13:35.0875 0524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:13:36.0171 0524 ini910u - ok
21:13:36.0500 0524 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:13:37.0046 0524 IntcAzAudAddService - ok
21:13:37.0187 0524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:13:37.0468 0524 IntelIde - ok
21:13:37.0546 0524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:13:37.0843 0524 intelppm - ok
21:13:38.0000 0524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:13:38.0343 0524 Ip6Fw - ok
21:13:38.0500 0524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:13:39.0015 0524 IpFilterDriver - ok
21:13:39.0171 0524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:13:39.0468 0524 IpInIp - ok
21:13:39.0671 0524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:13:40.0031 0524 IpNat - ok
21:13:40.0156 0524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:13:40.0609 0524 IPSec - ok
21:13:40.0734 0524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:13:40.0875 0524 IRENUM - ok
21:13:40.0921 0524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:13:41.0218 0524 isapnp - ok
21:13:41.0343 0524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:13:41.0640 0524 Kbdclass - ok
21:13:41.0703 0524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:13:41.0968 0524 kmixer - ok
21:13:42.0125 0524 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
21:13:42.0484 0524 KSecDD - ok
21:13:42.0515 0524 lbrtfdc - ok
21:13:42.0625 0524 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:13:42.0796 0524 MBAMSwissArmy - ok
21:13:42.0953 0524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:13:43.0234 0524 mnmdd - ok
21:13:43.0312 0524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:13:43.0625 0524 Modem - ok
21:13:44.0187 0524 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:13:44.0609 0524 Monfilt - ok
21:13:44.0859 0524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:13:45.0171 0524 Mouclass - ok
21:13:45.0468 0524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:13:45.0937 0524 MountMgr - ok
21:13:46.0203 0524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:13:46.0328 0524 MpFilter - ok
21:13:46.0484 0524 MpKslb95244cc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2762999-2D01-456D-868E-5129997DADA7}\MpKslb95244cc.sys
21:13:46.0578 0524 MpKslb95244cc - ok
21:13:46.0859 0524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:13:47.0296 0524 mraid35x - ok
21:13:47.0546 0524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:13:47.0968 0524 MRxDAV - ok
21:13:48.0515 0524 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:13:48.0703 0524 MRxSmb - ok
21:13:49.0015 0524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:13:49.0359 0524 Msfs - ok
21:13:49.0625 0524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:13:50.0343 0524 MSKSSRV - ok
21:13:50.0593 0524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:13:50.0921 0524 MSPCLOCK - ok
21:13:51.0062 0524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:13:51.0687 0524 MSPQM - ok
21:13:51.0843 0524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:13:52.0171 0524 mssmbios - ok
21:13:52.0453 0524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:13:52.0781 0524 MSTEE - ok
21:13:53.0078 0524 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:13:53.0406 0524 Mup - ok
21:13:53.0671 0524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:13:54.0171 0524 NABTSFEC - ok
21:13:54.0390 0524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:13:54.0953 0524 NDIS - ok
21:13:55.0203 0524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:13:55.0500 0524 NdisIP - ok
21:13:55.0750 0524 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:13:56.0281 0524 NdisTapi - ok
21:13:56.0671 0524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:13:57.0265 0524 Ndisuio - ok
21:13:57.0484 0524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:13:58.0109 0524 NdisWan - ok
21:13:58.0296 0524 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:13:59.0000 0524 NDProxy - ok
21:13:59.0343 0524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:13:59.0640 0524 NetBIOS - ok
21:14:00.0000 0524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:14:00.0625 0524 NetBT - ok
21:14:01.0046 0524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:14:01.0375 0524 Npfs - ok
21:14:01.0687 0524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:14:02.0296 0524 Ntfs - ok
21:14:02.0843 0524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:14:03.0421 0524 Null - ok
21:14:03.0687 0524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:14:04.0234 0524 NwlnkFlt - ok
21:14:04.0484 0524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:14:05.0015 0524 NwlnkFwd - ok
21:14:05.0640 0524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:14:06.0218 0524 Parport - ok
21:14:06.0718 0524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:14:07.0343 0524 PartMgr - ok
21:14:07.0781 0524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:14:08.0421 0524 ParVdm - ok
21:14:08.0578 0524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:14:08.0937 0524 PCI - ok
21:14:09.0109 0524 PCIDump - ok
21:14:09.0390 0524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:14:09.0953 0524 PCIIde - ok
21:14:10.0234 0524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:14:10.0843 0524 Pcmcia - ok
21:14:11.0359 0524 PDCOMP - ok
21:14:11.0390 0524 PDFRAME - ok
21:14:11.0656 0524 PDRELI - ok
21:14:11.0890 0524 PDRFRAME - ok
21:14:12.0203 0524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:14:12.0546 0524 perc2 - ok
21:14:12.0953 0524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:14:13.0265 0524 perc2hib - ok
21:14:13.0593 0524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:14:14.0187 0524 PptpMiniport - ok
21:14:14.0718 0524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:14:15.0125 0524 PSched - ok
21:14:15.0296 0524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:14:15.0781 0524 Ptilink - ok
21:14:15.0859 0524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:14:16.0359 0524 ql1080 - ok
21:14:16.0468 0524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:14:16.0984 0524 Ql10wnt - ok
21:14:17.0562 0524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:14:17.0921 0524 ql12160 - ok
21:14:18.0093 0524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:14:18.0671 0524 ql1240 - ok
21:14:18.0875 0524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:14:19.0203 0524 ql1280 - ok
21:14:19.0625 0524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:14:19.0875 0524 RasAcd - ok
21:14:20.0234 0524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:14:20.0843 0524 Rasl2tp - ok
21:14:21.0406 0524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:14:21.0765 0524 RasPppoe - ok
21:14:22.0000 0524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:14:22.0593 0524 Raspti - ok
21:14:23.0156 0524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:14:23.0781 0524 Rdbss - ok
21:14:23.0968 0524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:14:24.0500 0524 RDPCDD - ok
21:14:24.0843 0524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:14:25.0593 0524 rdpdr - ok
21:14:26.0062 0524 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:14:26.0718 0524 RDPWD - ok
21:14:27.0187 0524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:14:27.0843 0524 redbook - ok
21:14:28.0296 0524 RSUSBSTOR - ok
21:14:28.0375 0524 RTLE8023xp (f42679371a71a94a451785e714ef2710) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:14:28.0843 0524 RTLE8023xp - ok
21:14:28.0921 0524 RtsUIR - ok
21:14:29.0296 0524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:14:29.0437 0524 Secdrv - ok
21:14:29.0843 0524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:14:30.0515 0524 Serial - ok
21:14:30.0671 0524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:14:31.0265 0524 Sfloppy - ok
21:14:31.0781 0524 Simbad - ok
21:14:32.0125 0524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:14:32.0656 0524 sisagp - ok
21:14:32.0937 0524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:14:33.0500 0524 SLIP - ok
21:14:33.0609 0524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:14:33.0968 0524 Sparrow - ok
21:14:34.0218 0524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:14:34.0781 0524 splitter - ok
21:14:35.0156 0524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:14:35.0640 0524 sr - ok
21:14:35.0968 0524 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
21:14:36.0343 0524 Srv - ok
21:14:36.0828 0524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:14:37.0093 0524 StillCam - ok
21:14:37.0187 0524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:14:37.0718 0524 streamip - ok
21:14:38.0078 0524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:14:38.0640 0524 swenum - ok
21:14:38.0953 0524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:14:39.0500 0524 swmidi - ok
21:14:39.0796 0524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:14:40.0109 0524 symc810 - ok
21:14:40.0656 0524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:14:41.0218 0524 symc8xx - ok
21:14:41.0671 0524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:14:41.0953 0524 sym_hi - ok
21:14:42.0265 0524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:14:42.0546 0524 sym_u3 - ok
21:14:42.0843 0524 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:14:42.0953 0524 SynTP - ok
21:14:43.0468 0524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:14:43.0843 0524 sysaudio - ok
21:14:44.0093 0524 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:14:44.0921 0524 Tcpip - ok
21:14:45.0218 0524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:14:45.0812 0524 TDPIPE - ok
21:14:46.0343 0524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:14:46.0906 0524 TDTCP - ok
21:14:47.0500 0524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:14:48.0109 0524 TermDD - ok
21:14:48.0609 0524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:14:48.0921 0524 TosIde - ok
21:14:49.0187 0524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:14:49.0812 0524 Udfs - ok
21:14:50.0328 0524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:14:50.0484 0524 ultra - ok
21:14:50.0656 0524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:14:51.0234 0524 Update - ok
21:14:51.0515 0524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:14:52.0125 0524 usbccgp - ok
21:14:52.0312 0524 USBCCID - ok
21:14:52.0578 0524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:14:53.0171 0524 usbehci - ok
21:14:53.0718 0524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:14:54.0390 0524 usbhub - ok
21:14:54.0843 0524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:14:55.0437 0524 usbprint - ok
21:14:55.0906 0524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:14:56.0234 0524 USBSTOR - ok
21:14:56.0515 0524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:14:57.0093 0524 usbuhci - ok
21:14:57.0609 0524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:14:57.0953 0524 usbvideo - ok
21:14:58.0281 0524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:14:58.0937 0524 VgaSave - ok
21:14:59.0437 0524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:15:00.0218 0524 viaagp - ok
21:15:00.0593 0524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:15:00.0890 0524 ViaIde - ok
21:15:01.0156 0524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:01.0687 0524 VolSnap - ok
21:15:01.0984 0524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:02.0562 0524 Wanarp - ok
21:15:02.0843 0524 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:15:03.0203 0524 Wdf01000 - ok
21:15:03.0406 0524 WDICA - ok
21:15:03.0718 0524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:04.0312 0524 wdmaud - ok
21:15:04.0515 0524 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:15:04.0765 0524 WmiAcpi - ok
21:15:05.0046 0524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:15:05.0656 0524 WSTCODEC - ok
21:15:05.0843 0524 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:15:06.0781 0524 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:15:06.0781 0524 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:15:07.0031 0524 Boot (0x1200) (eb84a5b96571eac9a39ce168f129d0ce) \Device\Harddisk0\DR0\Partition0
21:15:07.0031 0524 \Device\Harddisk0\DR0\Partition0 - ok
21:15:07.0031 0524 ============================================================
21:15:07.0031 0524 Scan finished
21:15:07.0031 0524 ============================================================
21:15:07.0171 3424 Detected object count: 1
21:15:07.0171 3424 Actual detected object count: 1
21:15:24.0031 3424 \Device\Harddisk0\DR0\TDLFS - deleted
21:15:24.0031 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:15:59.0984 1412 Deinitialize success

End of Jan 4 log
----------------------------------------------------------------------------------------------

Jan 30 Report below:
10:40:43.0375 0476 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
10:40:43.0703 0476 ============================================================
10:40:43.0703 0476 Current date / time: 2012/01/30 10:40:43.0703
10:40:43.0703 0476 SystemInfo:
10:40:43.0703 0476
10:40:43.0703 0476 OS Version: 5.1.2600 ServicePack: 3.0
10:40:43.0703 0476 Product type: Workstation
10:40:43.0703 0476 ComputerName: G-NET
10:40:43.0718 0476 UserName: GraceAnne
10:40:43.0718 0476 Windows directory: C:\WINDOWS
10:40:43.0718 0476 System windows directory: C:\WINDOWS
10:40:43.0718 0476 Processor architecture: Intel x86
10:40:43.0718 0476 Number of processors: 2
10:40:43.0718 0476 Page size: 0x1000
10:40:43.0718 0476 Boot type: Normal boot
10:40:43.0718 0476 ============================================================
10:40:45.0703 0476 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:40:45.0718 0476 \Device\Harddisk0\DR0:
10:40:45.0718 0476 MBR used
10:40:45.0718 0476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1000800, BlocksNum 0x11A18800
10:40:45.0765 0476 Initialize success
10:40:45.0765 0476 ============================================================
10:40:58.0546 3816 ============================================================
10:40:58.0546 3816 Scan started
10:40:58.0546 3816 Mode: Manual;
10:40:58.0546 3816 ============================================================
10:40:58.0843 3816 Abiosdsk - ok
10:40:58.0906 3816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:40:58.0906 3816 abp480n5 - ok
10:40:58.0968 3816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:40:58.0968 3816 ACPI - ok
10:40:59.0000 3816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:40:59.0000 3816 ACPIEC - ok
10:40:59.0109 3816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:40:59.0125 3816 adpu160m - ok
10:40:59.0156 3816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:40:59.0171 3816 aec - ok
10:40:59.0234 3816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:40:59.0234 3816 AFD - ok
10:40:59.0359 3816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:40:59.0359 3816 agp440 - ok
10:40:59.0406 3816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:40:59.0406 3816 agpCPQ - ok
10:40:59.0453 3816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:40:59.0468 3816 Aha154x - ok
10:40:59.0515 3816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:40:59.0515 3816 aic78u2 - ok
10:40:59.0593 3816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:40:59.0593 3816 aic78xx - ok
10:40:59.0625 3816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:40:59.0640 3816 AliIde - ok
10:40:59.0687 3816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:40:59.0703 3816 alim1541 - ok
10:40:59.0843 3816 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
10:40:59.0890 3816 Ambfilt - ok
10:41:00.0031 3816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:41:00.0031 3816 amdagp - ok
10:41:00.0078 3816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:41:00.0078 3816 amsint - ok
10:41:00.0171 3816 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys
10:41:00.0218 3816 AR5416 - ok
10:41:00.0343 3816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:41:00.0359 3816 asc - ok
10:41:00.0390 3816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:41:00.0406 3816 asc3350p - ok
10:41:00.0421 3816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:41:00.0421 3816 asc3550 - ok
10:41:00.0468 3816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:41:00.0468 3816 AsyncMac - ok
10:41:00.0500 3816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:41:00.0500 3816 atapi - ok
10:41:00.0578 3816 Atdisk - ok
10:41:00.0640 3816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:41:00.0640 3816 Atmarpc - ok
10:41:00.0703 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:41:00.0703 3816 audstub - ok
10:41:00.0781 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:41:00.0781 3816 Beep - ok
10:41:00.0812 3816 catchme - ok
10:41:00.0906 3816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:41:00.0906 3816 cbidf - ok
10:41:00.0968 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:41:00.0968 3816 cbidf2k - ok
10:41:01.0000 3816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:41:01.0000 3816 CCDECODE - ok
10:41:01.0015 3816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:41:01.0031 3816 cd20xrnt - ok
10:41:01.0062 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:41:01.0062 3816 Cdaudio - ok
10:41:01.0140 3816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:41:01.0156 3816 Cdfs - ok
10:41:01.0234 3816 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:41:01.0234 3816 Cdrom - ok
10:41:01.0281 3816 Changer - ok
10:41:01.0359 3816 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:41:01.0359 3816 CmBatt - ok
10:41:01.0468 3816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:41:01.0468 3816 CmdIde - ok
10:41:01.0546 3816 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:41:01.0546 3816 Compbatt - ok
10:41:01.0656 3816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:41:01.0656 3816 Cpqarray - ok
10:41:01.0718 3816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:41:01.0734 3816 dac2w2k - ok
10:41:01.0750 3816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:41:01.0750 3816 dac960nt - ok
10:41:01.0859 3816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:41:01.0859 3816 Disk - ok
10:41:02.0031 3816 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
10:41:02.0031 3816 DKbFltr - ok
10:41:02.0109 3816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:41:02.0140 3816 dmboot - ok
10:41:02.0218 3816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:41:02.0234 3816 dmio - ok
10:41:02.0281 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:41:02.0296 3816 dmload - ok
10:41:02.0328 3816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:41:02.0328 3816 DMusic - ok
10:41:02.0468 3816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:41:02.0468 3816 dpti2o - ok
10:41:02.0515 3816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:41:02.0546 3816 drmkaud - ok
10:41:02.0640 3816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:41:02.0640 3816 Fastfat - ok
10:41:02.0765 3816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:41:02.0765 3816 Fdc - ok
10:41:02.0828 3816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:41:02.0828 3816 Fips - ok
10:41:02.0875 3816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:41:02.0875 3816 Flpydisk - ok
10:41:02.0921 3816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:41:02.0921 3816 FltMgr - ok
10:41:02.0968 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:41:02.0968 3816 Fs_Rec - ok
10:41:03.0062 3816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:41:03.0078 3816 Ftdisk - ok
10:41:03.0171 3816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:41:03.0171 3816 Gpc - ok
10:41:03.0265 3816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:41:03.0265 3816 HDAudBus - ok
10:41:03.0375 3816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:41:03.0390 3816 hpn - ok
10:41:03.0500 3816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:41:03.0500 3816 HTTP - ok
10:41:03.0578 3816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:41:03.0578 3816 i2omgmt - ok
10:41:03.0640 3816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:41:03.0640 3816 i2omp - ok
10:41:03.0687 3816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:41:03.0703 3816 i8042prt - ok
10:41:03.0968 3816 igd (8b15d86eb89a7234522acf38de0ef1e7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:41:04.0140 3816 igd - ok
10:41:04.0312 3816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:41:04.0312 3816 Imapi - ok
10:41:04.0375 3816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:41:04.0390 3816 ini910u - ok
10:41:04.0625 3816 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:41:04.0812 3816 IntcAzAudAddService - ok
10:41:04.0953 3816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:41:04.0953 3816 IntelIde - ok
10:41:05.0000 3816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:41:05.0015 3816 intelppm - ok
10:41:05.0046 3816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:41:05.0046 3816 Ip6Fw - ok
10:41:05.0078 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:41:05.0078 3816 IpFilterDriver - ok
10:41:05.0171 3816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:41:05.0171 3816 IpInIp - ok
10:41:05.0265 3816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:41:05.0281 3816 IpNat - ok
10:41:05.0359 3816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:41:05.0375 3816 IPSec - ok
10:41:05.0437 3816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:41:05.0437 3816 IRENUM - ok
10:41:05.0500 3816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:41:05.0515 3816 isapnp - ok
10:41:05.0578 3816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:41:05.0578 3816 Kbdclass - ok
10:41:05.0656 3816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:41:05.0671 3816 kmixer - ok
10:41:05.0734 3816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:41:05.0750 3816 KSecDD - ok
10:41:05.0796 3816 lbrtfdc - ok
10:41:05.0921 3816 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:41:05.0937 3816 MBAMProtector - ok
10:41:06.0015 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:41:06.0015 3816 mnmdd - ok
10:41:06.0062 3816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:41:06.0078 3816 Modem - ok
10:41:06.0218 3816 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
10:41:06.0250 3816 Monfilt - ok
10:41:06.0375 3816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:41:06.0375 3816 Mouclass - ok
10:41:06.0421 3816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:41:06.0437 3816 MountMgr - ok
10:41:06.0453 3816 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:41:06.0468 3816 MpFilter - ok
10:41:06.0500 3816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:41:06.0500 3816 mraid35x - ok
10:41:06.0593 3816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:41:06.0609 3816 MRxDAV - ok
10:41:06.0640 3816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:41:06.0656 3816 MRxSmb - ok
10:41:06.0718 3816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:41:06.0718 3816 Msfs - ok
10:41:06.0781 3816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:41:06.0781 3816 MSKSSRV - ok
10:41:06.0890 3816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:41:06.0890 3816 MSPCLOCK - ok
10:41:06.0921 3816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:41:06.0921 3816 MSPQM - ok
10:41:06.0968 3816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:41:06.0968 3816 mssmbios - ok
10:41:07.0015 3816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:41:07.0031 3816 MSTEE - ok
10:41:07.0156 3816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:41:07.0156 3816 Mup - ok
10:41:07.0203 3816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:41:07.0203 3816 NABTSFEC - ok
10:41:07.0265 3816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:41:07.0281 3816 NDIS - ok
10:41:07.0406 3816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:41:07.0406 3816 NdisIP - ok
10:41:07.0468 3816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:41:07.0468 3816 NdisTapi - ok
10:41:07.0484 3816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:41:07.0484 3816 Ndisuio - ok
10:41:07.0546 3816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:41:07.0546 3816 NdisWan - ok
10:41:07.0687 3816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:41:07.0687 3816 NDProxy - ok
10:41:07.0718 3816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:41:07.0734 3816 NetBIOS - ok
10:41:07.0781 3816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:41:07.0796 3816 NetBT - ok
10:41:07.0937 3816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:41:07.0937 3816 Npfs - ok
10:41:08.0015 3816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:41:08.0031 3816 Ntfs - ok
10:41:08.0093 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:41:08.0109 3816 Null - ok
10:41:08.0218 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:41:08.0218 3816 NwlnkFlt - ok
10:41:08.0250 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:41:08.0265 3816 NwlnkFwd - ok
10:41:08.0312 3816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:41:08.0328 3816 Parport - ok
10:41:08.0453 3816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:41:08.0453 3816 PartMgr - ok
10:41:08.0500 3816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:41:08.0500 3816 ParVdm - ok
10:41:08.0531 3816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:41:08.0531 3816 PCI - ok
10:41:08.0546 3816 PCIDump - ok
10:41:08.0578 3816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:41:08.0578 3816 PCIIde - ok
10:41:08.0625 3816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:41:08.0640 3816 Pcmcia - ok
10:41:08.0765 3816 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
10:41:08.0781 3816 PCTCore - ok
10:41:08.0812 3816 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
10:41:08.0828 3816 pctDS - ok
10:41:08.0843 3816 PDCOMP - ok
10:41:08.0859 3816 PDFRAME - ok
10:41:08.0875 3816 PDRELI - ok
10:41:08.0906 3816 PDRFRAME - ok
10:41:08.0937 3816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:41:08.0937 3816 perc2 - ok
10:41:09.0015 3816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:41:09.0015 3816 perc2hib - ok
10:41:09.0109 3816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:41:09.0125 3816 PptpMiniport - ok
10:41:09.0140 3816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:41:09.0156 3816 PSched - ok
10:41:09.0171 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:41:09.0171 3816 Ptilink - ok
10:41:09.0203 3816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:41:09.0218 3816 ql1080 - ok
10:41:09.0296 3816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:41:09.0312 3816 Ql10wnt - ok
10:41:09.0343 3816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:41:09.0359 3816 ql12160 - ok
10:41:09.0375 3816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:41:09.0406 3816 ql1240 - ok
10:41:09.0515 3816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:41:09.0515 3816 ql1280 - ok
10:41:09.0546 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:41:09.0562 3816 RasAcd - ok
10:41:09.0593 3816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:41:09.0609 3816 Rasl2tp - ok
10:41:09.0625 3816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:41:09.0640 3816 RasPppoe - ok
10:41:09.0687 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:41:09.0703 3816 Raspti - ok
10:41:09.0718 3816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:41:09.0734 3816 Rdbss - ok
10:41:09.0812 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:41:09.0828 3816 RDPCDD - ok
10:41:09.0890 3816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:41:09.0890 3816 rdpdr - ok
10:41:09.0937 3816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:41:09.0953 3816 RDPWD - ok
10:41:10.0078 3816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:41:10.0078 3816 redbook - ok
10:41:10.0156 3816 RSUSBSTOR (2ab66b8ccd92d4d8e33c98fea874325b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
10:41:10.0156 3816 RSUSBSTOR - ok
10:41:10.0296 3816 RTLE8023xp (f42679371a71a94a451785e714ef2710) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:41:10.0312 3816 RTLE8023xp - ok
10:41:10.0328 3816 RtsUIR - ok
10:41:10.0453 3816 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:41:10.0453 3816 SASDIFSV - ok
10:41:10.0468 3816 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:41:10.0468 3816 SASKUTIL - ok
10:41:10.0625 3816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:41:10.0625 3816 Secdrv - ok
10:41:10.0671 3816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:41:10.0687 3816 Serial - ok
10:41:10.0812 3816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:41:10.0812 3816 Sfloppy - ok
10:41:10.0875 3816 Simbad - ok
10:41:10.0968 3816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:41:10.0968 3816 sisagp - ok
10:41:11.0015 3816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:41:11.0015 3816 SLIP - ok
10:41:11.0093 3816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:41:11.0109 3816 Sparrow - ok
10:41:11.0187 3816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:41:11.0187 3816 splitter - ok
10:41:11.0234 3816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:41:11.0250 3816 sr - ok
10:41:11.0328 3816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:41:11.0328 3816 Srv - ok
10:41:11.0437 3816 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:41:11.0453 3816 StillCam - ok
10:41:11.0531 3816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:41:11.0531 3816 streamip - ok
10:41:11.0625 3816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:41:11.0625 3816 swenum - ok
10:41:11.0718 3816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:41:11.0718 3816 swmidi - ok
10:41:11.0781 3816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:41:11.0796 3816 symc810 - ok
10:41:11.0859 3816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:41:11.0859 3816 symc8xx - ok
10:41:11.0921 3816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:41:11.0921 3816 sym_hi - ok
10:41:11.0953 3816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:41:11.0953 3816 sym_u3 - ok
10:41:12.0015 3816 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:41:12.0015 3816 SynTP - ok
10:41:12.0109 3816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:41:12.0109 3816 sysaudio - ok
10:41:12.0218 3816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:41:12.0218 3816 Tcpip - ok
10:41:12.0312 3816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:41:12.0312 3816 TDPIPE - ok
10:41:12.0390 3816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:41:12.0390 3816 TDTCP - ok
10:41:12.0468 3816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:41:12.0468 3816 TermDD - ok
10:41:12.0562 3816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:41:12.0578 3816 TosIde - ok
10:41:12.0656 3816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:41:12.0656 3816 Udfs - ok
10:41:12.0765 3816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:41:12.0765 3816 ultra - ok
10:41:12.0859 3816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:41:12.0875 3816 Update - ok
10:41:12.0953 3816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:41:12.0968 3816 usbccgp - ok
10:41:13.0015 3816 USBCCID - ok
10:41:13.0078 3816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:41:13.0078 3816 usbehci - ok
10:41:13.0125 3816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:41:13.0125 3816 usbhub - ok
10:41:13.0203 3816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:41:13.0203 3816 usbprint - ok
10:41:13.0296 3816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:41:13.0296 3816 USBSTOR - ok
10:41:13.0375 3816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:41:13.0390 3816 usbuhci - ok
10:41:13.0468 3816 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:41:13.0468 3816 usbvideo - ok
10:41:13.0562 3816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:41:13.0562 3816 VgaSave - ok
10:41:13.0656 3816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:41:13.0656 3816 viaagp - ok
10:41:13.0718 3816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:41:13.0718 3816 ViaIde - ok
10:41:13.0796 3816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:41:13.0796 3816 VolSnap - ok
10:41:13.0906 3816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:41:13.0921 3816 Wanarp - ok
10:41:13.0984 3816 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:41:14.0015 3816 Wdf01000 - ok
10:41:14.0031 3816 WDICA - ok
10:41:14.0109 3816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:41:14.0109 3816 wdmaud - ok
10:41:14.0218 3816 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:41:14.0234 3816 WmiAcpi - ok
10:41:14.0328 3816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:41:14.0328 3816 WS2IFSL - ok
10:41:14.0406 3816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:41:14.0406 3816 WSTCODEC - ok
10:41:14.0468 3816 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:41:14.0515 3816 \Device\Harddisk0\DR0 - ok
10:41:14.0531 3816 Boot (0x1200) (eb84a5b96571eac9a39ce168f129d0ce) \Device\Harddisk0\DR0\Partition0
10:41:14.0531 3816 \Device\Harddisk0\DR0\Partition0 - ok
10:41:14.0531 3816 ============================================================
10:41:14.0531 3816 Scan finished
10:41:14.0531 3816 ============================================================
10:41:14.0562 3024 Detected object count: 0
10:41:14.0562 3024 Actual detected object count: 0

End of Jan 30 log
=========================================================

Thank you,
Lampliter

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 30 January 2012 - 12:54 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 31 January 2012 - 08:33 AM

Great work Gringo!

aswMBR found disk 0, partition 3 infected with MBR:Alureon-K [Rtk]
Windows disk management claims that partition is 100% free.

Here is the log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 07:44:04
-----------------------------
07:44:04.812 OS Version: Windows 5.1.2600 Service Pack 3
07:44:04.812 Number of processors: 2 586 0x1C02
07:44:04.812 ComputerName: G-NET UserName:
07:44:05.531 Initialize success
07:50:42.218 AVAST engine defs: 12013100
07:51:04.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:51:04.500 Disk 0 Vendor: TOSHIBA_MK1655GSX FG011J Size: 152627MB BusType: 3
07:51:04.531 Disk 0 MBR read successfully
07:51:04.531 Disk 0 MBR scan
07:51:04.625 Disk 0 Windows VISTA default MBR code
07:51:04.640 Disk 0 Partition 1 00 12 Compaq diag NTFS 8192 MB offset 2048
07:51:04.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 144433 MB offset 16779264
07:51:04.734 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 312578048
07:51:04.750 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
07:51:04.812 Disk 0 scanning sectors +312581792
07:51:04.875 Disk 0 scanning C:\WINDOWS\system32\drivers
07:51:20.953 Service scanning
07:51:22.453 Modules scanning
07:51:33.593 Disk 0 trace - called modules:
07:51:33.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:51:33.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657cab8]
07:51:33.687 3 CLASSPNP.SYS[f767dfd7] -> nt!IofCallDriver -> [0x865806c0]
07:51:33.718 5 PCTCore.sys[f738b099] -> nt!IofCallDriver -> \Device\0000008f[0x865639e8]
07:51:33.734 7 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8657fd98]
07:51:34.343 AVAST engine scan C:\WINDOWS
07:51:45.265 AVAST engine scan C:\WINDOWS\system32
07:55:12.890 AVAST engine scan C:\WINDOWS\system32\drivers
07:55:33.968 AVAST engine scan C:\Documents and Settings\GraceAnne
07:56:04.140 AVAST engine scan C:\Documents and Settings\All Users
07:56:22.218 Scan finished successfully
07:56:56.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GraceAnne\Desktop\MBR.dat"
07:56:56.500 The log file has been saved successfully to "C:\Documents and Settings\GraceAnne\Desktop\aswMBR.txt"

Thanks,
Lampliter

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 31 January 2012 - 08:47 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 01 February 2012 - 10:57 PM

Gringo,


When I click on the drive items on bottom left of the screen, the third partition on the hard drive will not mount. Pmount Puppy Drive Monitor issues a message: “ERROR: unable to mount sda3.” The same thing happens when I select the alternate mount utility, Mut.

When running GParted and selecting all drives, the /div/sda3 partition is included. I have posted a copy of the screen capture jpg.


Attached File  screenshot1.jpg   108.2KB   7 downloads


Thank you,
Lampliter

Edited by Lampliter, 01 February 2012 - 11:06 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 01 February 2012 - 11:14 PM

Hello


I want you to boot back into Gparted and mount the drives again - right click on the hidden partition and select delete

exit out of puppy and restart the computer


You may have to run startup repair if the computer will not boot

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:

    when you get to the "Choose a Recovery Tool" menu you will see at the top

    Operating System: Win 7 on (D:) OS

    Take note of the drive letter in red If it is not C then the commands below need to reflect the difference - change THe C: that are in below to what it shows above
  • From the "Choose a Recovery Tool" dialog menu, select "startup repair":

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Lampliter

Lampliter
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 02 February 2012 - 06:50 PM

Hi Gringo,

I did not delete the partition because I am not confident that I can get into the recovery console. I want to be sure that I have a repair program I can use that will repair the boot files. The system I am trying to repair is running an Acer OEM version of XP Home Edition. I think repair startup began with Vista. I have not been able to get the computer to boot into the recovery console. I did try to drop a startup disk file onto CombFix and it said the console was installed, but when I select the Recovery option I get the message: “A disk read error occurred. Press Ctrl-Alt-Del to restart.”

I borrowed an external USB DVD drive, should we need it. I made copies of the Acer eRecovery programs, but they only install drivers and software. I have an XP Pro install disk. I tried to install the recovery console from it to the netbook. It said the installation completed successfully but I still get an error message when I select the option at startup. Pressing R while the XP Pro disk version is starting doesn’t do anything, and there is no choice offered to start the recovery console. There is an option to delete the infected 3rd partition, which it says, is an inactive OS/2 boot man. If it is a boot manager, a jump command in one of the boot files may pass control to it.

I don’t know if an attempt to do an upgrade install to XP Pro would get far enough to let me use the recovery console.

Please let me know how to continue. Is there a stand alone repair program you recommend that I can put on a flash drive or a CD that will repair the XP Home Edition mbr and boot records?

Thanks,
Lampliter

Edited by Lampliter, 02 February 2012 - 06:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users