Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.ZeroAcess! found by ComboFix


  • This topic is locked This topic is locked
3 replies to this topic

#1 barefoot1972

barefoot1972

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 January 2012 - 03:00 PM

Hi,

Thanks in advance for your help.

I have an xp pro 32bit machine. Yesterday I suspected I had gotten a rootkit. So I ran ComboFix. Sure enough, combofix declared Rootkit.ZeroAcess! found and it's in the TCP/IP stack and it's hard to remove. I ran combofix a few times but to no avail. The computer symptoms: The internet sometimes stops working until I reboot. Windows Explore will no longer show or let me change settings to view hidden files. I am posting everything I have at this point: DDS, Attach, Combofix log, TDSSKiller log. I'm still running gmer and eset online scanner. I will post when these finish in a few hours:



DDS <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 12:38:56 on 2012-01-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2479 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
D:\all\files\_MAIN\virus\TDSSKiller.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lynxtr~1.lnk - c:\program files\lynx studio technology\LynxTrayVolume.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245654904421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-6-22 11264]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-6-22 16048]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-12-28 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-12-28 416112]
R3 EMUXMIDI;E-MU Xmidi Driver;c:\windows\system32\drivers\EMUXMIDI.sys [2006-8-19 134912]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.sys [2009-6-26 210440]
R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2009-6-23 23696]
S0 06698627;06698627;c:\windows\system32\drivers\42372886.sys --> c:\windows\system32\drivers\42372886.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-15 1684736]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2002-3-21 21376]
S3 koreavs;koreavs;c:\windows\system32\drivers\koreavs.sys [2009-8-5 35216]
S3 koreusb;koreusb;c:\windows\system32\drivers\koreusb.sys [2009-8-5 210064]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-7-1 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-7-1 19408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-12-28 16240]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-7-11 86016]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]
S4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\keyboard & mouse driver\KMWDSrv.exe [2007-4-5 208896]
S4 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\48.tmp --> c:\windows\system32\48.tmp [?]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-10-19 3791872]
.
=============== Created Last 30 ================
.
2012-01-27 19:11:39 -------- d-sha-r- C:\cmdcons
2012-01-27 19:10:22 98816 ----a-w- c:\windows\sed.exe
2012-01-27 19:10:22 518144 ----a-w- c:\windows\SWREG.exe
2012-01-27 19:10:22 256000 ----a-w- c:\windows\PEV.exe
2012-01-27 19:10:22 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2011-12-20 23:05:39 286356 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-20 23:05:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-12-19 03:16:22 286356 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-17 08:54:27 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 07:24:11 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-24 04:52:00 993088 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-24 04:52:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-24 04:52:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-24 04:52:00 5885952 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-24 04:52:00 4284416 ----a-w- c:\windows\system32\nv4_disp.dll
2011-11-24 04:52:00 2501952 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-24 04:52:00 2206016 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-24 04:52:00 2086912 ----a-w- c:\windows\system32\nvapi.dll
2011-11-24 04:52:00 18526208 ----a-w- c:\windows\system32\nvoglnt.dll
2011-11-24 04:52:00 17489920 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-24 04:52:00 13732800 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-24 02:26:59 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-11-24 02:18:18 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-24 02:18:17 15467840 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-24 02:18:16 148288 ----a-w- c:\windows\system32\nvsvc32.exe
2011-11-24 02:18:15 143680 ----a-w- c:\windows\system32\nvcolor.exe
2011-11-24 02:17:01 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 04:35:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 12:39:02.81 ===============







COMBOFIX <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<




ComboFix 12-01-27.01 - Administrator 01/27/2012 12:21:09.8.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2631 [GMT -7:00]
Running from: d:\all\files\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\AV
c:\documents and settings\All Users\Start Menu\Programs\AV\CyberLink PowerDVD\Online registration.lnk
c:\documents and settings\All Users\Start Menu\Programs\AV\CyberLink PowerDVD\PowerDVD Help file.lnk
c:\documents and settings\All Users\Start Menu\Programs\AV\CyberLink PowerDVD\PowerDVD.lnk
c:\documents and settings\All Users\Start Menu\Programs\AV\CyberLink PowerDVD\Readme.lnk
c:\documents and settings\All Users\Start Menu\Programs\AV\CyberLink PowerDVD\Uninstall PowerDVD.lnk
c:\documents and settings\All Users\Start Menu\Programs\AV\Spotify.lnk
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\tmpPrst.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 08:54 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-12-10 22:24 . 2009-12-04 06:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:11 . 2011-12-07 08:11 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-07 07:24 . 2009-06-22 00:29 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-24 04:52 . 2011-11-22 07:49 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-24 04:52 . 2011-11-22 07:49 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-24 04:52 . 2011-11-22 07:49 18526208 ----a-w- c:\windows\system32\nvoglnt.dll
2011-11-24 04:52 . 2011-11-22 07:49 993088 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-24 04:52 . 2011-11-22 07:49 5885952 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-24 04:52 . 2011-11-22 07:49 2501952 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-24 04:52 . 2011-11-22 07:49 2206016 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-24 04:52 . 2011-11-22 07:49 2086912 ----a-w- c:\windows\system32\nvapi.dll
2011-11-24 04:52 . 2011-11-22 07:49 17489920 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-24 04:52 . 2009-03-08 08:37 4284416 ----a-w- c:\windows\system32\nv4_disp.dll
2011-11-24 04:52 . 2009-03-08 08:37 13732800 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-24 02:27 . 2011-12-17 10:25 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-11-24 02:27 . 2011-12-17 10:25 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-11-24 02:27 . 2011-12-17 10:25 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-11-24 02:27 . 2011-12-17 10:25 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-11-24 02:27 . 2011-12-17 10:25 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-11-24 02:27 . 2011-12-17 10:25 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-11-24 02:27 . 2011-12-17 10:25 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-11-24 02:27 . 2011-12-17 10:25 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-11-24 02:27 . 2011-12-17 10:25 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-11-24 02:27 . 2011-12-17 10:25 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-11-24 02:27 . 2011-12-17 10:25 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-11-24 02:27 . 2011-12-17 10:25 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-11-24 02:27 . 2011-12-17 10:25 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-11-24 02:27 . 2011-12-17 10:25 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-11-24 02:26 . 2011-12-17 10:25 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-11-24 02:26 . 2011-12-17 10:25 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-11-24 02:26 . 2011-12-17 10:25 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-11-24 02:26 . 2011-12-17 10:25 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-11-24 02:26 . 2011-12-17 10:25 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-11-24 02:26 . 2011-12-17 10:25 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-11-24 02:26 . 2011-12-17 10:25 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-11-24 02:26 . 2011-12-17 10:25 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-11-24 02:26 . 2011-12-17 10:25 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-11-24 02:26 . 2011-12-17 10:25 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-11-24 02:26 . 2011-12-17 10:25 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-11-24 02:26 . 2011-12-17 10:25 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-11-24 02:26 . 2011-12-17 10:25 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-11-24 02:26 . 2011-12-17 10:25 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-11-24 02:18 . 2011-11-22 07:54 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-24 02:18 . 2011-11-22 07:54 15467840 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-24 02:18 . 2011-11-22 07:54 148288 ----a-w- c:\windows\system32\nvsvc32.exe
2011-11-24 02:18 . 2011-11-22 07:54 143680 ----a-w- c:\windows\system32\nvcolor.exe
2011-11-24 02:17 . 2011-11-22 07:54 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-11-23 13:25 . 2008-04-14 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 04:35 . 2011-05-18 16:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2008-04-14 12:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:42 1288704 ----a-w- c:\windows\system32\ole32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-12-22 12:52 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-12-22 12:52 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-12-22 12:52 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-12-22 12:52 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]
@="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"
[HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]
2011-12-09 21:07 37376 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]
@="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"
[HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]
2011-12-09 21:07 37376 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]
@="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"
[HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]
2011-12-09 21:07 37376 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]
@="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"
[HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]
2011-12-09 21:07 37376 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-10-14 631984]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-12-22 12214272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"RTHDCPL"="RTHDCPL.EXE" [2009-09-16 17567744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-11-24 15467840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-11-24 108352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lynx Tray Volume.lnk - c:\program files\Lynx Studio Technology\LynxTrayVolume.exe [2009-6-26 77824]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2009-6-26 294912]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MarvellTrayStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MarvellTrayStartup.lnk
backup=c:\windows\pss\MarvellTrayStartup.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 06:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 11:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-12-17 08:54 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2009-03-10 00:37 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2007-03-06 20:51 212992 ----a-w- c:\program files\Keyboard & Mouse Driver\StartAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-10 21:26 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run OC Palm]
2008-08-18 20:40 61440 ----a-w- c:\program files\ASUS\OC Palm\AsG_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncplicity]
2011-12-09 21:08 700416 ----a-w- c:\program files\Syncplicity\Syncplicity.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboV]
2008-10-22 05:14 4040192 ----a-w- c:\program files\ASUS\TurboV\TurboV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MRUWebService"=2 (0x2)
"Marvell RAID"=2 (0x2)
"avg8wd"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"NIHardwareService"=2 (0x2)
"KMWDSERVICE"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AsSysCtrlService"=2 (0x2)
"Adobe Version Cue CS4"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steinberg\\Cubase 5\\Cubase5.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [6/22/2009 2:49 PM 11264]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/22/2009 12:44 AM 16048]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [12/28/2010 7:52 AM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [12/28/2010 7:53 AM 416112]
R3 EMUXMIDI;E-MU Xmidi Driver;c:\windows\system32\drivers\EMUXMIDI.sys [8/19/2006 5:45 AM 134912]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.sys [6/26/2009 9:59 PM 210440]
R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [6/23/2009 12:50 AM 23696]
S0 06698627;06698627;c:\windows\system32\drivers\42372886.sys --> c:\windows\system32\drivers\42372886.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/15/2009 10:59 PM 1684736]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [3/21/2002 9:14 AM 21376]
S3 koreavs;koreavs;c:\windows\system32\drivers\koreavs.sys [8/5/2009 8:12 PM 35216]
S3 koreusb;koreusb;c:\windows\system32\drivers\koreusb.sys [8/5/2009 8:12 PM 210064]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [7/1/2009 10:15 AM 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [7/1/2009 10:15 AM 19408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/28/2010 7:53 AM 16240]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 288112]
S4 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [7/11/2009 10:19 PM 86016]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 3:58 PM 133104]
S4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [4/5/2007 9:29 AM 208896]
S4 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\48.tmp --> c:\windows\system32\48.tmp [?]
S4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [10/19/2010 10:34 AM 3791872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
MSConfigStartUp-InstantBurn - c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 12:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\48.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-220523388-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,c8,44,78,18,a1,9b,44,92,85,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,c8,44,78,18,a1,9b,44,92,85,3c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:db,4a,08,55,c3,58,91,54,c1,0e,f4,b2,f9,eb,9c,32,11,59,42,52,4f,
c1,53,e6,c4,1b,28,69,09,99,f2,be,73,5d,11,87,56,fe,cc,d0,88,fb,34,f0,11,21,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:db,4a,08,55,c3,58,91,54,c1,0e,f4,b2,f9,eb,9c,32,11,59,42,52,4f,
c1,53,e6,c4,1b,28,69,09,99,f2,be,73,5d,11,87,56,fe,cc,d0,88,fb,34,f0,11,21,\
.
Completion time: 2012-01-27 12:28:21
ComboFix-quarantined-files.txt 2012-01-27 19:28
.
Pre-Run: 236,773,302,272 bytes free
Post-Run: 236,913,377,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XXCLONE: (Cloned Volume) [d:0,p:1] \WINDOWS" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3DD058A3C03C31A846AB4FCA5330A17B










TDSSKILLER <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<




12:38:34.0765 2432 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
12:38:34.0796 2432 ============================================================
12:38:34.0796 2432 Current date / time: 2012/01/27 12:38:34.0796
12:38:34.0796 2432 SystemInfo:
12:38:34.0796 2432
12:38:34.0796 2432 OS Version: 5.1.2600 ServicePack: 3.0
12:38:34.0796 2432 Product type: Workstation
12:38:34.0796 2432 ComputerName: BIG
12:38:34.0796 2432 UserName: Administrator
12:38:34.0796 2432 Windows directory: C:\WINDOWS
12:38:34.0796 2432 System windows directory: C:\WINDOWS
12:38:34.0796 2432 Processor architecture: Intel x86
12:38:34.0796 2432 Number of processors: 8
12:38:34.0796 2432 Page size: 0x1000
12:38:34.0796 2432 Boot type: Normal boot
12:38:34.0796 2432 ============================================================
12:38:36.0312 2432 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:38:36.0343 2432 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:38:36.0453 2432 Initialize success
12:38:42.0187 2716 ============================================================
12:38:42.0187 2716 Scan started
12:38:42.0187 2716 Mode: Manual; SigCheck; TDLFS;
12:38:42.0187 2716 ============================================================
12:38:43.0406 2716 06698627 - ok
12:38:44.0265 2716 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:38:44.0437 2716 61883 - ok
12:38:45.0328 2716 Abiosdsk - ok
12:38:46.0203 2716 abp480n5 - ok
12:38:47.0078 2716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:38:47.0140 2716 ACPI - ok
12:38:48.0031 2716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:38:48.0093 2716 ACPIEC - ok
12:38:48.0984 2716 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
12:38:48.0984 2716 adfs - ok
12:38:49.0890 2716 adpu160m - ok
12:38:50.0765 2716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:38:50.0828 2716 aec - ok
12:38:51.0734 2716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:38:51.0750 2716 AFD - ok
12:38:52.0625 2716 Aha154x - ok
12:38:53.0531 2716 aic78u2 - ok
12:38:54.0406 2716 aic78xx - ok
12:38:55.0296 2716 AliIde - ok
12:38:56.0203 2716 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:38:56.0281 2716 Ambfilt - ok
12:38:57.0343 2716 amsint - ok
12:38:58.0250 2716 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:38:58.0312 2716 Arp1394 - ok
12:38:59.0421 2716 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
12:38:59.0437 2716 Asapi ( UnsignedFile.Multi.Generic ) - warning
12:38:59.0437 2716 Asapi - detected UnsignedFile.Multi.Generic (1)
12:39:00.0937 2716 asc - ok
12:39:03.0765 2716 asc3350p - ok
12:39:06.0765 2716 asc3550 - ok
12:39:09.0796 2716 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
12:39:10.0484 2716 AsIO - ok
12:39:11.0609 2716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:39:11.0671 2716 AsyncMac - ok
12:39:12.0562 2716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:39:12.0609 2716 atapi - ok
12:39:13.0531 2716 Atdisk - ok
12:39:14.0437 2716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:39:14.0515 2716 Atmarpc - ok
12:39:15.0421 2716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:39:15.0468 2716 audstub - ok
12:39:16.0406 2716 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:39:16.0468 2716 Avc - ok
12:39:17.0390 2716 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
12:39:17.0437 2716 AVCSTRM - ok
12:39:18.0359 2716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:39:18.0421 2716 Beep - ok
12:39:18.0468 2716 catchme - ok
12:39:19.0375 2716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:39:19.0421 2716 cbidf2k - ok
12:39:20.0328 2716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:39:20.0390 2716 CCDECODE - ok
12:39:22.0156 2716 cd20xrnt - ok
12:39:23.0062 2716 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12:39:23.0062 2716 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
12:39:23.0062 2716 CdaC15BA - detected UnsignedFile.Multi.Generic (1)
12:39:24.0000 2716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:39:24.0046 2716 Cdaudio - ok
12:39:24.0968 2716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:39:25.0031 2716 Cdfs - ok
12:39:25.0953 2716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:39:26.0000 2716 Cdrom - ok
12:39:26.0953 2716 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:39:26.0968 2716 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
12:39:26.0968 2716 cercsr6 - detected UnsignedFile.Multi.Generic (1)
12:39:27.0875 2716 Changer - ok
12:39:28.0796 2716 CLBStor (3b15740f137b2b243fdae2e7b9c391f7) C:\WINDOWS\system32\drivers\CLBStor.sys
12:39:28.0796 2716 CLBStor - ok
12:39:29.0734 2716 CmdIde - ok
12:39:30.0625 2716 Cpqarray - ok
12:39:32.0125 2716 dac2w2k - ok
12:39:33.0000 2716 dac960nt - ok
12:39:33.0906 2716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:39:33.0968 2716 Disk - ok
12:39:34.0875 2716 DM9USB (8842b0c5a5a24164f69b1a5ede4c2519) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
12:39:34.0906 2716 DM9USB - ok
12:39:35.0796 2716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:39:35.0875 2716 dmboot - ok
12:39:36.0812 2716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:39:36.0875 2716 dmio - ok
12:39:37.0875 2716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:39:37.0937 2716 dmload - ok
12:39:38.0843 2716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:39:38.0906 2716 DMusic - ok
12:39:39.0765 2716 dpti2o - ok
12:39:40.0671 2716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:39:40.0718 2716 drmkaud - ok
12:39:41.0625 2716 EMUXMIDI (5e47a5550f531771d367d8e24f2fa16c) C:\WINDOWS\system32\DRIVERS\EMUXMIDI.sys
12:39:41.0640 2716 EMUXMIDI - ok
12:39:42.0703 2716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:39:42.0765 2716 Fastfat - ok
12:39:43.0656 2716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:39:43.0718 2716 Fdc - ok
12:39:44.0609 2716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:39:44.0671 2716 Fips - ok
12:39:45.0578 2716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:39:45.0625 2716 Flpydisk - ok
12:39:46.0562 2716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:39:46.0625 2716 FltMgr - ok
12:39:48.0187 2716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:39:48.0687 2716 Fs_Rec - ok
12:39:49.0562 2716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:39:49.0625 2716 Ftdisk - ok
12:39:50.0515 2716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:39:50.0578 2716 Gpc - ok
12:39:51.0453 2716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:39:51.0515 2716 HDAudBus - ok
12:39:52.0437 2716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:39:52.0500 2716 HidUsb - ok
12:39:53.0390 2716 hpn - ok
12:39:54.0281 2716 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:39:54.0312 2716 HPZid412 - ok
12:39:55.0218 2716 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:39:55.0234 2716 HPZipr12 - ok
12:39:56.0171 2716 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:39:56.0171 2716 HPZius12 - ok
12:39:57.0078 2716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:39:57.0093 2716 HTTP - ok
12:39:57.0968 2716 i2omgmt - ok
12:39:58.0828 2716 i2omp - ok
12:39:59.0734 2716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:39:59.0796 2716 i8042prt - ok
12:40:00.0718 2716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:40:00.0781 2716 Imapi - ok
12:40:01.0656 2716 ini910u - ok
12:40:02.0656 2716 IntcAzAudAddService (e61c2662ba16c6d6e933abf45a625d55) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:40:02.0765 2716 IntcAzAudAddService - ok
12:40:03.0656 2716 IntelIde - ok
12:40:04.0578 2716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:40:04.0625 2716 intelppm - ok
12:40:05.0515 2716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:40:05.0578 2716 Ip6Fw - ok
12:40:06.0484 2716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:40:06.0546 2716 IpFilterDriver - ok
12:40:07.0640 2716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:40:07.0687 2716 IpInIp - ok
12:40:08.0625 2716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:40:08.0687 2716 IpNat - ok
12:40:09.0578 2716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:40:09.0625 2716 IPSec - ok
12:40:10.0546 2716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:40:10.0562 2716 IRENUM - ok
12:40:11.0484 2716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:40:11.0546 2716 isapnp - ok
12:40:12.0437 2716 JRAID (44b2aa8d7c28608e29eae6ddc64da7cd) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:40:12.0468 2716 JRAID - ok
12:40:13.0359 2716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:40:13.0421 2716 Kbdclass - ok
12:40:15.0171 2716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:40:15.0218 2716 kbdhid - ok
12:40:16.0125 2716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:40:16.0187 2716 kmixer - ok
12:40:17.0078 2716 KMWDFilter (73186a580e287152b1be5087c0e92339) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
12:40:17.0078 2716 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
12:40:17.0078 2716 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
12:40:17.0968 2716 koreavs (e19094a9d5054c27998cc37c1cf3fdc4) C:\WINDOWS\system32\Drivers\koreavs.sys
12:40:17.0968 2716 koreavs - ok
12:40:18.0921 2716 koreusb (1f44aec97aa50ed589527902cbdde343) C:\WINDOWS\system32\Drivers\koreusb.sys
12:40:18.0937 2716 koreusb - ok
12:40:19.0875 2716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:40:19.0906 2716 KSecDD - ok
12:40:20.0781 2716 lbrtfdc - ok
12:40:21.0656 2716 LynxWDM (5354c6b95de33415ec17503b7ee6882b) C:\WINDOWS\system32\DRIVERS\LynxWDM.sys
12:40:21.0671 2716 LynxWDM - ok
12:40:22.0468 2716 MEMSWEEP2 - ok
12:40:23.0390 2716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:40:23.0437 2716 mnmdd - ok
12:40:24.0359 2716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:40:24.0421 2716 Modem - ok
12:40:25.0328 2716 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
12:40:25.0390 2716 Monfilt - ok
12:40:26.0281 2716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:40:26.0343 2716 Mouclass - ok
12:40:27.0234 2716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:40:27.0296 2716 mouhid - ok
12:40:28.0203 2716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:40:28.0265 2716 MountMgr - ok
12:40:29.0140 2716 mraid35x - ok
12:40:30.0046 2716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:40:30.0109 2716 MRxDAV - ok
12:40:31.0015 2716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:40:31.0046 2716 MRxSmb - ok
12:40:31.0921 2716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:40:31.0984 2716 Msfs - ok
12:40:32.0890 2716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:40:32.0937 2716 MSKSSRV - ok
12:40:33.0843 2716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:40:33.0906 2716 MSPCLOCK - ok
12:40:34.0812 2716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:40:34.0875 2716 MSPQM - ok
12:40:35.0765 2716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:40:35.0812 2716 mssmbios - ok
12:40:36.0703 2716 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
12:40:36.0765 2716 MSTAPE - ok
12:40:37.0656 2716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:40:37.0718 2716 MSTEE - ok
12:40:38.0609 2716 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:40:38.0625 2716 MTsensor - ok
12:40:39.0515 2716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:40:39.0546 2716 Mup - ok
12:40:40.0437 2716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:40:40.0484 2716 NABTSFEC - ok
12:40:41.0390 2716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:40:41.0453 2716 NDIS - ok
12:40:42.0359 2716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:40:42.0421 2716 NdisIP - ok
12:40:43.0328 2716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:40:43.0343 2716 NdisTapi - ok
12:40:44.0234 2716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:40:44.0296 2716 Ndisuio - ok
12:40:45.0187 2716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:40:45.0250 2716 NdisWan - ok
12:40:46.0156 2716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:40:46.0171 2716 NDProxy - ok
12:40:47.0078 2716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:40:47.0140 2716 NetBIOS - ok
12:40:48.0031 2716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:40:48.0093 2716 NetBT - ok
12:40:49.0015 2716 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:40:49.0062 2716 NIC1394 - ok
12:40:49.0953 2716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:40:50.0015 2716 Npfs - ok
12:40:50.0906 2716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:40:50.0968 2716 Ntfs - ok
12:40:51.0859 2716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:40:51.0921 2716 Null - ok
12:40:53.0000 2716 nv (942031c83d24c92fd78d4c625f4a0325) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:40:53.0265 2716 nv ( UnsignedFile.Multi.Generic ) - warning
12:40:53.0265 2716 nv - detected UnsignedFile.Multi.Generic (1)
12:40:54.0156 2716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:40:54.0218 2716 NwlnkFlt - ok
12:40:55.0109 2716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:40:55.0156 2716 NwlnkFwd - ok
12:40:56.0031 2716 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:40:56.0078 2716 ohci1394 - ok
12:40:56.0968 2716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:40:57.0031 2716 Parport - ok
12:40:57.0921 2716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:40:57.0968 2716 PartMgr - ok
12:40:58.0843 2716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:40:58.0906 2716 ParVdm - ok
12:40:59.0796 2716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:40:59.0859 2716 PCI - ok
12:41:00.0734 2716 PCIDump - ok
12:41:01.0625 2716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:41:01.0687 2716 PCIIde - ok
12:41:02.0562 2716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:41:02.0625 2716 Pcmcia - ok
12:41:03.0500 2716 PDCOMP - ok
12:41:04.0359 2716 PDFRAME - ok
12:41:05.0234 2716 PDRELI - ok
12:41:06.0125 2716 PDRFRAME - ok
12:41:06.0984 2716 perc2 - ok
12:41:07.0843 2716 perc2hib - ok
12:41:08.0734 2716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:41:08.0781 2716 PptpMiniport - ok
12:41:09.0781 2716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:41:09.0843 2716 PSched - ok
12:41:10.0734 2716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:41:10.0796 2716 Ptilink - ok
12:41:11.0687 2716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:41:11.0687 2716 PxHelp20 - ok
12:41:12.0562 2716 ql1080 - ok
12:41:13.0437 2716 Ql10wnt - ok
12:41:14.0296 2716 ql12160 - ok
12:41:15.0187 2716 ql1240 - ok
12:41:16.0187 2716 ql1280 - ok
12:41:17.0234 2716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:41:17.0281 2716 RasAcd - ok
12:41:18.0203 2716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:41:18.0265 2716 Rasl2tp - ok
12:41:19.0171 2716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:41:19.0218 2716 RasPppoe - ok
12:41:20.0156 2716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:41:20.0203 2716 Raspti - ok
12:41:21.0234 2716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:41:21.0296 2716 Rdbss - ok
12:41:22.0453 2716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:41:22.0500 2716 RDPCDD - ok
12:41:23.0484 2716 RDPDISPM (a862a3a8d7d2d75bdc41b556325e9876) C:\WINDOWS\system32\DRIVERS\rdpdispm.sys
12:41:23.0484 2716 RDPDISPM - ok
12:41:24.0390 2716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:41:24.0453 2716 rdpdr - ok
12:41:25.0375 2716 RDPVDD (95508469d4da5c13bbfef9c35f3e5c61) C:\WINDOWS\system32\DRIVERS\rdpvmp.sys
12:41:25.0375 2716 RDPVDD - ok
12:41:26.0296 2716 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:41:26.0312 2716 RDPWD - ok
12:41:28.0062 2716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:41:28.0734 2716 redbook - ok
12:41:29.0625 2716 RTLE8023xp (387c8f70e992efa3d25816ecc1ab2b8b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:41:29.0656 2716 RTLE8023xp - ok
12:41:30.0578 2716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:41:30.0609 2716 Secdrv - ok
12:41:31.0515 2716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:41:31.0562 2716 Serial - ok
12:41:32.0859 2716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:41:32.0921 2716 Sfloppy - ok
12:41:33.0921 2716 Simbad - ok
12:41:34.0843 2716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:41:34.0890 2716 SLIP - ok
12:41:35.0968 2716 Sparrow - ok
12:41:36.0875 2716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:41:36.0937 2716 splitter - ok
12:41:38.0281 2716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:41:38.0312 2716 sr - ok
12:41:39.0203 2716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:41:39.0234 2716 Srv - ok
12:41:40.0125 2716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:41:40.0171 2716 streamip - ok
12:41:41.0078 2716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:41:41.0140 2716 swenum - ok
12:41:42.0031 2716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:41:42.0093 2716 swmidi - ok
12:41:42.0968 2716 symc810 - ok
12:41:43.0828 2716 symc8xx - ok
12:41:44.0703 2716 sym_hi - ok
12:41:45.0609 2716 sym_u3 - ok
12:41:46.0546 2716 SynasUSB (af9a16163545685856ffd8b17aaa5e0b) C:\WINDOWS\system32\drivers\SynasUSB.sys
12:41:46.0593 2716 SynasUSB - ok
12:41:47.0515 2716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:41:47.0578 2716 sysaudio - ok
12:41:48.0484 2716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:41:48.0500 2716 Tcpip - ok
12:41:49.0437 2716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:41:49.0484 2716 TDPIPE - ok
12:41:50.0406 2716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:41:50.0468 2716 TDTCP - ok
12:41:51.0375 2716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:41:51.0437 2716 TermDD - ok
12:41:52.0312 2716 TosIde - ok
12:41:53.0234 2716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:41:53.0296 2716 Udfs - ok
12:41:54.0171 2716 ultra - ok
12:41:55.0109 2716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:41:55.0171 2716 Update - ok
12:41:56.0093 2716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:41:56.0140 2716 usbaudio - ok
12:41:57.0031 2716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:41:57.0078 2716 usbccgp - ok
12:41:58.0000 2716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:41:58.0046 2716 usbehci - ok
12:41:58.0984 2716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:41:59.0046 2716 usbhub - ok
12:41:59.0953 2716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:42:00.0015 2716 usbprint - ok
12:42:00.0953 2716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:42:01.0015 2716 usbscan - ok
12:42:01.0984 2716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:02.0031 2716 USBSTOR - ok
12:42:02.0953 2716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:42:03.0015 2716 usbuhci - ok
12:42:03.0921 2716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:42:03.0984 2716 VgaSave - ok
12:42:04.0875 2716 ViaIde - ok
12:42:05.0781 2716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:05.0828 2716 VolSnap - ok
12:42:06.0781 2716 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
12:42:06.0781 2716 wacmoumonitor - ok
12:42:07.0687 2716 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
12:42:07.0687 2716 wacommousefilter - ok
12:42:08.0593 2716 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
12:42:08.0609 2716 wacomvhid - ok
12:42:09.0484 2716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:09.0546 2716 Wanarp - ok
12:42:10.0421 2716 WDICA - ok
12:42:11.0312 2716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:11.0359 2716 wdmaud - ok
12:42:12.0265 2716 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:42:12.0312 2716 WmiAcpi - ok
12:42:13.0187 2716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:42:13.0250 2716 WS2IFSL - ok
12:42:14.0171 2716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:42:14.0218 2716 WSTCODEC - ok
12:42:15.0156 2716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:42:15.0171 2716 WudfPf - ok
12:42:16.0109 2716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:42:16.0109 2716 WudfRd - ok
12:42:16.0125 2716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:42:16.0312 2716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:42:16.0312 2716 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:42:16.0328 2716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:42:16.0406 2716 \Device\Harddisk1\DR1 - ok
12:42:16.0406 2716 Boot (0x1200) (ecf3e390151bf9a55a556a464e027251) \Device\Harddisk0\DR0\Partition0
12:42:16.0421 2716 \Device\Harddisk0\DR0\Partition0 - ok
12:42:16.0421 2716 Boot (0x1200) (3398fee5fe36a10b439bcda6374894fb) \Device\Harddisk1\DR1\Partition0
12:42:16.0421 2716 \Device\Harddisk1\DR1\Partition0 - ok
12:42:16.0421 2716 ============================================================
12:42:16.0421 2716 Scan finished
12:42:16.0421 2716 ============================================================
12:42:16.0531 2560 Detected object count: 6
12:42:16.0531 2560 Actual detected object count: 6
12:43:48.0781 2560 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:48.0781 2560 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:48.0781 2560 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:48.0781 2560 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:48.0781 2560 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:48.0781 2560 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:48.0781 2560 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:48.0781 2560 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:48.0781 2560 nv ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:48.0781 2560 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:48.0781 2560 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:43:48.0781 2560 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Attached Files



BC AdBot (Login to Remove)

 


#2 barefoot1972

barefoot1972
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 January 2012 - 08:48 PM

Hopefully I won't be penalized for adding additional logs, as I'm not bumping, I'm just adding more info as my computer is finished processing it.

Also, I hope to get the computer up and running by Monday. Any help before then would be greatly appreciated!

I'm attaching grem, OTL and OTL Extras and pasting FFS

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 27-01-2012 at 13:20:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Attached Files



#3 barefoot1972

barefoot1972
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 29 January 2012 - 03:06 PM

Thanks for your service. I've posted to another site and am getting assistance there. Please close out this post.

Thanks,
John

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 29 January 2012 - 05:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users