Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST using over 900k, Google search results redirect...Fearing I Have A Virus, HELP?


  • Please log in to reply
24 replies to this topic

#1 Damaru

Damaru

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 08 February 2012 - 06:11 PM

System: Win XP Service Pack 3
Browser: Firefox

Hello,

Today around noon (it is now around 3pm where I am) I noticed in Windows Task Manager that a system process called SVCHOST had skyrocketed to over 400k memory usage (normally this hovers around 30k on my machine). About the same time, I got a system tray prompt that my antivirus software (Avira AntiVir Personal) was out of date and that a newer version was available. Thinking that the SVCHOST process's sudden jump in memory usage might have had something to do with the system tray prompt, I logged out of my account and back in.... This didn't help at all; SVCHOST has risen even more - to around 900k (which is absurd!) - I'm afraid it's going to cripple my machine if it keeps rising. I also can't use Google - clicking on search results redirects me to random websites, and the address that pops up temporarily in the navigation field is something like "vipsearchs". I'm typing this post on another computer because I can't get to any computer help forums on the affected machine. Is this a virus? Somebody please help before it's too late!

Thank you!

UPDATE 1: I'm also unable to print from the machine in question using the text editor Notepad++. Never had that problem before either...fearing I have something nasty...

UPDATE 2: My virus scanner logs say that a piece of Malware was detected earlier today in C > WINDOWS > TEMP > etc... Under Action Taken it says "Allow access" (as opposed to quarantine, delete, etc.).

What can I do to safeguard my machine? Help Please?

Edited by hamluis, 08 February 2012 - 06:35 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 08 February 2012 - 09:08 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 12:44 AM

Hi Broni, thank you very much for this response!

There is one more update I want to include before posting my MbAM logs.

Earlier this afternoon, I followed an online tutorial on removing the virus vipsearchs.net from my computer. This involved restarting my computer in safe mode (which I was able to do), downloading and running a program called RKill (which I believe I was also able to do - although there were some hiccups in the process that weren't described in the tutorial), then downloading and running Malwarebytes Anti-Malware. I did all this - apparently successfully; MbAM detected 14 objects and all were quarantined and deleted. Then I restarted my computer in normal mode and checked my Task Manager. The system process SVCHOST isn't going hogwild anymore (it's back down from around 970k to around 30k where it belongs)...I don't know if my Google search results are redirecting or not, however, as the network connection on the affected machine is not working.

I also downloaded a program called RogueKiller to the desktop of a different machine, saved it to CD-R, moved it to desktop of the affected machine, and completed a "pre-scan" with the program. I then clicked "Scan", whereupon I saw several things happen in rapid succession. First, the program appeared to identify 5 or so objects of concern. Then, my machine shut itself down with an error message beginning "A problem has been detected" and something about Windows shutting itself down to protect itself from harm. My machine then rebooted by itself. I tried to run a Scan with RogueKiller again, but my machine shut down and restarted a few seconds into it just like before.

RogueKiller was supposed to create a log in .txt format after it was done, but this log is not present in the expected location. There is a new folder named RK_Quarantine (which is empty) on the desktop...suggesting maybe that RogueKiller wasn't able to complete it's scan?

The final thing I did was run a quick AND a full MbAM scan (again) after I noticed the program updated its definition file. So I have 3 MbAM logs to post. First and last ones were full scans, middle one was a quick scan. Here goes:

-

First Scan (full):

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 912020901

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/8/2012 5:37:58 PM
mbam-log-2012-02-08 (17-37-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 361816
Time elapsed: 41 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dplaysvr (Trojan.QHost.Gen) -> Value: dplaysvr -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dplaysvr (Trojan.QHost.Gen) -> Value: dplaysvr -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\dplaysvr.exe (Trojan.QHost.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\dplayx.dll (Trojan.QHost.BG) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\yr0.31187474741935606.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

-

Second Scan (quick):

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: MICHAEL-B5BC8D0 [administrator]

Protection: Enabled

2/8/2012 7:36:19 PM
mbam-log-2012-02-08 (19-36-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234596
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-

Third Scan (full):

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: MICHAEL-B5BC8D0 [administrator]

Protection: Enabled

2/8/2012 8:07:53 PM
mbam-log-2012-02-08 (20-07-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350088
Time elapsed: 1 hour(s), 13 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\5badeab2-14cb7288 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\5badeab2-720f76cb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043094.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043095.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043096.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043097.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

-

Where am I, and what do I do now?

Thank you very much for your continued time in reading and responding =]

UPDATE: the newly-installed Malwarebytes Anti-Malware program is now popping up balloons over the system tray at a rate of about 1 per minute saying access was blocked (either incoming or outgoing) to potentially malicious websites.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 12:59 AM

Follow my original reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 01:08 AM

I'm sorry, was I supposed to download and run each of the above-referenced programs? I assumed it was a list of alternatives.

I will assume that I should go through the entire list, then. If that is mistaken, please continue to advise. :)

Edited by Damaru, 09 February 2012 - 01:16 AM.


#6 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 02:24 AM

Here are the complete results (with both MbAM full-scan logs included):

checkup.txt

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (3.6.26) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

-

FSS.txt

Farbar Service Scanner Version: 08-02-2012
Ran by Michael (administrator) on 08-02-2012 at 23:03:35
Running from "C:\Documents and Settings\Michael\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) odysseyIM3(8) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

-

MiniToolBox by Farbar Version: 18-01-2012
Ran by Michael (administrator) on 08-02-2012 at 23:07:04
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


94.63.147.14 www.google.com
94.63.147.15 www.bing.com


========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)
NETGEAR WG311v2 802.11g Wireless PCI Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : michael-b5bc8d0 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NETGEAR WG311v2 802.11g Wireless PCI Adapter Physical Address. . . . . . . . . : 00-0F-B5-05-FD-F8Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-1D-92-F7-A8-EAServer: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f b5 05 fd f8 ...... NETGEAR WG311v2 802.11g Wireless PCI Adapter - Packet Scheduler Miniport
0x3 ...00 1d 92 f7 a8 ea ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 07:26:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/08/2012 07:26:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/08/2012 07:31:25 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 b9f3b71d, parameter3 9fc47580, parameter4 00000000.

Error: (02/08/2012 07:30:39 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/08/2012 07:30:39 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (02/08/2012 07:25:51 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 b9f3b71d, parameter3 9e6d9580, parameter4 00000000.

Error: (02/08/2012 05:41:52 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/08/2012 04:38:41 PM) (Source: DCOM) (User: Michael)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/08/2012 04:38:41 PM) (Source: DCOM) (User: Michael)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/08/2012 04:37:09 PM) (Source: DCOM) (User: Michael)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/08/2012 04:35:50 PM) (Source: DCOM) (User: Michael)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/08/2012 04:33:36 PM) (Source: DCOM) (User: Michael)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK

Error: (02/08/2012 09:28:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK

Error: (02/08/2012 07:26:47 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK

Error: (02/08/2012 07:26:47 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK


=========================== Installed Programs ============================

ACDSee 4.0.2 PowerPack (Version: 4.00.0002)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Amazing Slow Downer (remove only)
Apple Application Support (Version: 1.4.1)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
ArcSoft TotalMedia Backup & Record
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.706)
Chord Alchemy 4.3 (Version: 4.3)
Creative Audio Console
Creative MediaSource 5 (Version: 5.00)
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7 (Version: 7.12)
DebugMode Wink
DVD Suite (Version: 5.0.1319)
FastStone Capture 6.7 (Version: 6.7)
FlashCatch
FLVideoConverter
Free M4a to MP3 Converter 6.2
FrostWire 4.21.1 (Version: 4.21.1.0)
GNU Solfege 3.18.7
Google Photos Screensaver (Version: 2.0.0)
IconPackager
IconPackager (Version: 5.00)
Java™ 6 Update 22 (Version: 6.0.220)
Just Great Software EditPad Lite 6.6.4 (Version: 6.6.4)
LG ODD Auto Firmware Update (Version: 6.01.0723.01)
Logitech Audio Echo Cancellation Component (Version: 10.00.1439)
Logitech iTouch Software
Logitech QuickCam (Version: 10.00.1439)
Logitech Video Enumerator (Version: 10.00.1439)
Logitech® Camera Driver
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox (3.6.26) (Version: 3.6.26 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.03.0824)
neroxml (Version: 1.0.0)
NETGEAR WG311v2 802.11g Wireless PCI Adapter (Version: 2.0)
Nikon Message Center 2 (Version: 2.0.1)
Notepad++ (Version: 5.8.5)
NVIDIA Drivers
ObjectDock Free (Version: 2.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.01 (Version: 11.01)
Paint Shop Pro 7 Anniversary Edition (Version: 7.0.4.0000)
PDF Download for Internet Explorer (Version: 3.0.0)
PDFCreator (Version: 1.1.0)
Picture Control Utility (Version: 1.2.2)
Power Tab Editor 1.7 (Version: 1.7.0)
PowerDVD (Version: 7.0.3409.a)
PowerProducer
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.5591)
RocketDock 1.3.5
Royale Remixed Theme (Version: 1.4.6)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.112)
Sound Blaster X-Fi Xtreme Audio (Version: 1.0)
Taskbar Shuffle version 2.5 (Version: 2.5)
Tweak UI
UMVPLStandalone (Version: 10.00.1439)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
ViewNX 2 (Version: 2.1.2)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR archiver
WOT for Internet Explorer (Version: 10.8.30.0)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3071.23 MB
Available physical RAM: 2466.44 MB
Total Pagefile: 5982.43 MB
Available Pagefile: 5371.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:196.89 GB) NTFS
2 Drive d: (4 apps) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MICHAEL-B5BC8D0

Admin 2 Administrator ASPNET
Guest HelpAssistant Michael
SUPPORT_388945a0


**** End of log ****

-

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 912020901

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/8/2012 5:37:58 PM
mbam-log-2012-02-08 (17-37-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 361816
Time elapsed: 41 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dplaysvr (Trojan.QHost.Gen) -> Value: dplaysvr -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dplaysvr (Trojan.QHost.Gen) -> Value: dplaysvr -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\dplaysvr.exe (Trojan.QHost.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\dplayx.dll (Trojan.QHost.BG) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\yr0.31187474741935606.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

...

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: MICHAEL-B5BC8D0 [administrator]

Protection: Enabled

2/8/2012 8:07:53 PM
mbam-log-2012-02-08 (20-07-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350088
Time elapsed: 1 hour(s), 13 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\5badeab2-14cb7288 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\5badeab2-720f76cb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043094.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043095.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043096.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A3A45B5-B0DE-415A-945C-BEB3A1355484}\RP485\A0043097.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

-

aswMBR.txt

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 23:12:40
-----------------------------
23:12:40.375 OS Version: Windows 5.1.2600 Service Pack 3
23:12:40.375 Number of processors: 2 586 0x1706
23:12:40.375 ComputerName: MICHAEL-B5BC8D0 UserName: Michael
23:12:41.421 Initialize success
23:13:05.437 AVAST engine download error: 0
23:13:23.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
23:13:23.062 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
23:13:23.062 Device \Driver\atapi -> DriverStartIo 8a3442c6
23:13:23.062 Disk 0 MBR read successfully
23:13:23.078 Disk 0 MBR scan
23:13:23.078 Disk 0 TDL4@MBR code has been found
23:13:23.078 Disk 0 Windows XP default MBR code found via API
23:13:23.078 Disk 0 MBR hidden
23:13:23.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
23:13:23.078 Disk 0 MBR [TDL4] **ROOTKIT**
23:13:23.078 Disk 0 trace - called modules:
23:13:23.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a34449f]<<
23:13:23.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a441ab8]
23:13:23.078 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a444540]
23:13:23.078 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a4b7b68]
23:13:23.093 \Driver\atapi[0x8a41fb30] -> IRP_MJ_CREATE -> 0x8a34449f
23:13:23.093 Scan finished successfully
23:14:15.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
23:14:15.078 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 04:59 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 05:39 PM

Hm, when I saved tdsskiller.exe to a CD-R and inserted it in the drive of the affected machine, I got this message (looks like it may be from the Antivirus software on the affected machine):

Avira
Guard: Malware found
A virus or unwanted program 'TR/Crypt.ULPM.Gen' was found in file 'D:\tdsskiller.exe'.
Access to this file was denied
Please select a further action:
[Remove] [Details]

I haven't tried to move it to the desktop yet. What should I do now?

Thanks! :)

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 05:43 PM

That's false positive.
Disable Avira, move TDSSKiller to your desktop and run it from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 05:59 PM

Okay, I disabled Avira Guard, moved tdsskiller.exe to the desktop, removed the CD-R, and ran the program from the desktop.

When the program found its first infected file and I clicked continue, I got this message:

tdsskiller.exe - No Disk
There is no disk in the drive. Please insert a disk into drive D:
[cancel] [try again] [continue]

Does it want me to keep the CD-R in drive D: even though I moved the program to the desktop and ran it from there?

Thanks! :)

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 06:02 PM

Delete TDSSKiller file, download new one to your desktop (as my instructions say). Why did you download it to some CD?
Try to run it again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 06:06 PM

I saved tdsskiller.exe to CD-R to move it from the machine I'm typing on to the infected machine. I don't have internet access on the infected machine since the network connection isn't working.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 06:13 PM

You didn't say you have no connection.

In any case you have a rootkit there.

Restart in safe mode and try to run TDSSKIller from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Damaru

Damaru
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 09 February 2012 - 06:39 PM

Okay, thank you Broni :)

When I returned to the infected machine, TDSSKiller requested that I restart my computer, which I did.

When I got back into my user account, my network connection was working again. :)

I deleted the old TDSSKiller app, downloaded a new one directly from this thread to the desktop of the infected machine, and ran it.

Here are both scan logs:

The first scan (the one which got interrupted by the disk prompt):

14:48:33.0625 4812 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
14:48:33.0734 4812 ============================================================
14:48:33.0734 4812 Current date / time: 2012/02/09 14:48:33.0734
14:48:33.0734 4812 SystemInfo:
14:48:33.0734 4812
14:48:33.0734 4812 OS Version: 5.1.2600 ServicePack: 3.0
14:48:33.0734 4812 Product type: Workstation
14:48:33.0734 4812 ComputerName: MICHAEL-B5BC8D0
14:48:33.0734 4812 UserName: Michael
14:48:33.0734 4812 Windows directory: C:\WINDOWS
14:48:33.0734 4812 System windows directory: C:\WINDOWS
14:48:33.0734 4812 Processor architecture: Intel x86
14:48:33.0734 4812 Number of processors: 2
14:48:33.0734 4812 Page size: 0x1000
14:48:33.0734 4812 Boot type: Normal boot
14:48:33.0734 4812 ============================================================
14:48:34.0687 4812 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:48:34.0687 4812 \Device\Harddisk0\DR0:
14:48:34.0687 4812 MBR used
14:48:34.0687 4812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
14:48:34.0718 4812 Initialize success
14:48:34.0718 4812 ============================================================
14:48:49.0515 5648 ============================================================
14:48:49.0515 5648 Scan started
14:48:49.0515 5648 Mode: Manual;
14:48:49.0515 5648 ============================================================
14:48:49.0937 5648 Abiosdsk - ok
14:48:49.0953 5648 abp480n5 - ok
14:48:50.0015 5648 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:48:50.0015 5648 ACPI - ok
14:48:50.0062 5648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:48:50.0062 5648 ACPIEC - ok
14:48:50.0062 5648 adpu160m - ok
14:48:50.0109 5648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:48:50.0109 5648 aec - ok
14:48:50.0156 5648 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
14:48:50.0156 5648 Afc - ok
14:48:50.0203 5648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:48:50.0203 5648 AFD - ok
14:48:50.0203 5648 Aha154x - ok
14:48:50.0218 5648 aic78u2 - ok
14:48:50.0218 5648 aic78xx - ok
14:48:50.0234 5648 AliIde - ok
14:48:50.0250 5648 amsint - ok
14:48:50.0296 5648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:48:50.0296 5648 Arp1394 - ok
14:48:50.0296 5648 asc - ok
14:48:50.0312 5648 asc3350p - ok
14:48:50.0312 5648 asc3550 - ok
14:48:50.0359 5648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:48:50.0359 5648 AsyncMac - ok
14:48:50.0359 5648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:48:50.0375 5648 atapi - ok
14:48:50.0375 5648 Atdisk - ok
14:48:50.0390 5648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:48:50.0390 5648 Atmarpc - ok
14:48:50.0421 5648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:48:50.0421 5648 audstub - ok
14:48:50.0656 5648 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Documents and Settings\Michael\My Documents\My Programs\Avira AntiVir Personal\Avira\AntiVir Desktop\avgio.sys
14:48:50.0656 5648 avgio - ok
14:48:50.0718 5648 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:48:50.0718 5648 avgntflt - ok
14:48:50.0734 5648 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:48:50.0734 5648 avipbb - ok
14:48:50.0781 5648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:48:50.0781 5648 Beep - ok
14:48:50.0828 5648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:48:50.0828 5648 cbidf2k - ok
14:48:50.0859 5648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:48:50.0859 5648 CCDECODE - ok
14:48:50.0859 5648 cd20xrnt - ok
14:48:50.0875 5648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:48:50.0875 5648 Cdaudio - ok
14:48:50.0890 5648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:48:50.0890 5648 Cdfs - ok
14:48:50.0937 5648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:48:50.0937 5648 Cdrom - ok
14:48:50.0953 5648 Changer - ok
14:48:50.0968 5648 CmdIde - ok
14:48:50.0984 5648 Cpqarray - ok
14:48:51.0031 5648 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
14:48:51.0031 5648 ctsfm2k - ok
14:48:51.0062 5648 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
14:48:51.0062 5648 CTUSFSYN - ok
14:48:51.0062 5648 dac2w2k - ok
14:48:51.0078 5648 dac960nt - ok
14:48:51.0093 5648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:48:51.0093 5648 Disk - ok
14:48:51.0140 5648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:48:51.0156 5648 dmboot - ok
14:48:51.0203 5648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:48:51.0203 5648 dmio - ok
14:48:51.0218 5648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:48:51.0218 5648 dmload - ok
14:48:51.0250 5648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:48:51.0250 5648 DMusic - ok
14:48:51.0265 5648 dpti2o - ok
14:48:51.0296 5648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:48:51.0296 5648 drmkaud - ok
14:48:51.0328 5648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:48:51.0328 5648 Fastfat - ok
14:48:51.0359 5648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:48:51.0359 5648 Fdc - ok
14:48:51.0390 5648 FilterService (64795f5368272d034a108d34c0f4e44f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:48:51.0390 5648 FilterService - ok
14:48:51.0421 5648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:48:51.0421 5648 Fips - ok
14:48:51.0421 5648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:48:51.0421 5648 Flpydisk - ok
14:48:51.0468 5648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:48:51.0468 5648 FltMgr - ok
14:48:51.0484 5648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:48:51.0484 5648 Fs_Rec - ok
14:48:51.0500 5648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:48:51.0500 5648 Ftdisk - ok
14:48:51.0500 5648 GMSIPCI - ok
14:48:51.0515 5648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:48:51.0515 5648 Gpc - ok
14:48:51.0562 5648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:48:51.0562 5648 HDAudBus - ok
14:48:51.0609 5648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:48:51.0609 5648 HidUsb - ok
14:48:51.0609 5648 hpn - ok
14:48:51.0656 5648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:48:51.0671 5648 HTTP - ok
14:48:51.0671 5648 i2omgmt - ok
14:48:51.0687 5648 i2omp - ok
14:48:51.0703 5648 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:48:51.0703 5648 i8042prt - ok
14:48:51.0734 5648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:48:51.0734 5648 Imapi - ok
14:48:51.0750 5648 ini910u - ok
14:48:51.0953 5648 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:48:52.0046 5648 IntcAzAudAddService - ok
14:48:52.0062 5648 IntelIde - ok
14:48:52.0109 5648 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:48:52.0109 5648 intelppm - ok
14:48:52.0140 5648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:48:52.0140 5648 Ip6Fw - ok
14:48:52.0156 5648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:48:52.0156 5648 IpFilterDriver - ok
14:48:52.0171 5648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:48:52.0171 5648 IpInIp - ok
14:48:52.0218 5648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:48:52.0218 5648 IpNat - ok
14:48:52.0250 5648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:48:52.0250 5648 IPSec - ok
14:48:52.0281 5648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:48:52.0281 5648 IRENUM - ok
14:48:52.0312 5648 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:48:52.0312 5648 isapnp - ok
14:48:52.0343 5648 itchfltr (f905a2e4a3a8db0f8c41d90cf830b4ca) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
14:48:52.0343 5648 itchfltr - ok
14:48:52.0359 5648 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:48:52.0359 5648 Kbdclass - ok
14:48:52.0406 5648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:48:52.0406 5648 kmixer - ok
14:48:52.0437 5648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:48:52.0437 5648 KSecDD - ok
14:48:52.0453 5648 lbrtfdc - ok
14:48:52.0625 5648 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
14:48:52.0640 5648 LVcKap - ok
14:48:52.0750 5648 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
14:48:52.0812 5648 LVMVDrv - ok
14:48:52.0875 5648 lvpopflt (2154ea3701f4f1f8f2ab7750b41f149b) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
14:48:52.0921 5648 lvpopflt - ok
14:48:52.0937 5648 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
14:48:52.0937 5648 LVPr2Mon - ok
14:48:52.0953 5648 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
14:48:52.0953 5648 lvselsus - ok
14:48:52.0984 5648 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
14:48:52.0984 5648 LVUSBSta - ok
14:48:53.0046 5648 LVUVC (b48e599a8cf96876760c7ee62c1352ec) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:48:53.0062 5648 LVUVC - ok
14:48:53.0093 5648 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:48:53.0093 5648 MBAMProtector - ok
14:48:53.0125 5648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:48:53.0125 5648 mnmdd - ok
14:48:53.0171 5648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:48:53.0171 5648 Modem - ok
14:48:53.0218 5648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:48:53.0218 5648 Mouclass - ok
14:48:53.0234 5648 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:48:53.0234 5648 mouhid - ok
14:48:53.0250 5648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:48:53.0250 5648 MountMgr - ok
14:48:53.0265 5648 mraid35x - ok
14:48:53.0265 5648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:48:53.0281 5648 MRxDAV - ok
14:48:53.0343 5648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:48:53.0343 5648 MRxSmb - ok
14:48:53.0359 5648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:48:53.0359 5648 Msfs - ok
14:48:53.0359 5648 MSICPL - ok
14:48:53.0390 5648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:48:53.0390 5648 MSKSSRV - ok
14:48:53.0406 5648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:48:53.0406 5648 MSPCLOCK - ok
14:48:53.0421 5648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:48:53.0421 5648 MSPQM - ok
14:48:53.0468 5648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:48:53.0468 5648 mssmbios - ok
14:48:53.0500 5648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:48:53.0500 5648 MSTEE - ok
14:48:53.0531 5648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:48:53.0531 5648 Mup - ok
14:48:53.0546 5648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:48:53.0546 5648 NABTSFEC - ok
14:48:53.0578 5648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:48:53.0578 5648 NDIS - ok
14:48:53.0609 5648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:48:53.0609 5648 NdisIP - ok
14:48:53.0640 5648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:48:53.0640 5648 NdisTapi - ok
14:48:53.0671 5648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:48:53.0671 5648 Ndisuio - ok
14:48:53.0687 5648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:48:53.0687 5648 NdisWan - ok
14:48:53.0718 5648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:48:53.0718 5648 NDProxy - ok
14:48:53.0718 5648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:48:53.0734 5648 NetBIOS - ok
14:48:53.0750 5648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:48:53.0750 5648 NetBT - ok
14:48:53.0812 5648 netwg311 (95694fc00ba1a488f2987c3db926e19f) C:\WINDOWS\system32\DRIVERS\netwg311.sys
14:48:53.0812 5648 netwg311 - ok
14:48:53.0859 5648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:48:53.0859 5648 NIC1394 - ok
14:48:53.0875 5648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:48:53.0875 5648 Npfs - ok
14:48:53.0875 5648 NTACCESS - ok
14:48:53.0921 5648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:48:53.0937 5648 Ntfs - ok
14:48:53.0968 5648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:48:53.0968 5648 Null - ok
14:48:54.0187 5648 nv (0da811df2e794de3c02f945f3e8b94e8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:48:54.0359 5648 nv - ok
14:48:54.0390 5648 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:48:54.0390 5648 NVENETFD - ok
14:48:54.0421 5648 NVHDA (7466677b20d0aba7baf1b43e09f4e881) C:\WINDOWS\system32\drivers\nvhda32.sys
14:48:54.0421 5648 NVHDA - ok
14:48:54.0437 5648 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:48:54.0437 5648 nvnetbus - ok
14:48:54.0453 5648 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
14:48:54.0453 5648 nvsmu - ok
14:48:54.0546 5648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:48:54.0546 5648 NwlnkFlt - ok
14:48:54.0562 5648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:48:54.0562 5648 NwlnkFwd - ok
14:48:54.0578 5648 odysseyIM3 (5dcc587deba479b1f8e33aa8fb079b8a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
14:48:54.0578 5648 odysseyIM3 - ok
14:48:54.0593 5648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:48:54.0593 5648 ohci1394 - ok
14:48:54.0625 5648 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
14:48:54.0625 5648 ossrv - ok
14:48:54.0703 5648 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
14:48:54.0734 5648 P17xfi - ok
14:48:54.0781 5648 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
14:48:54.0828 5648 p17xfilt - ok
14:48:54.0875 5648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:48:54.0875 5648 Parport - ok
14:48:54.0890 5648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:48:54.0890 5648 PartMgr - ok
14:48:54.0937 5648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:48:54.0937 5648 ParVdm - ok
14:48:54.0937 5648 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:48:54.0953 5648 PCI - ok
14:48:54.0953 5648 PCIDump - ok
14:48:54.0968 5648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:48:54.0968 5648 PCIIde - ok
14:48:55.0015 5648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:48:55.0015 5648 Pcmcia - ok
14:48:55.0015 5648 PDCOMP - ok
14:48:55.0031 5648 PDFRAME - ok
14:48:55.0031 5648 PDRELI - ok
14:48:55.0046 5648 PDRFRAME - ok
14:48:55.0046 5648 perc2 - ok
14:48:55.0062 5648 perc2hib - ok
14:48:55.0093 5648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:48:55.0093 5648 PptpMiniport - ok
14:48:55.0109 5648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:48:55.0109 5648 PSched - ok
14:48:55.0109 5648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:48:55.0109 5648 Ptilink - ok
14:48:55.0140 5648 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:48:55.0140 5648 PxHelp20 - ok
14:48:55.0156 5648 ql1080 - ok
14:48:55.0156 5648 Ql10wnt - ok
14:48:55.0171 5648 ql12160 - ok
14:48:55.0171 5648 ql1240 - ok
14:48:55.0187 5648 ql1280 - ok
14:48:55.0218 5648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:48:55.0218 5648 RasAcd - ok
14:48:55.0218 5648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:48:55.0218 5648 Rasl2tp - ok
14:48:55.0234 5648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:48:55.0234 5648 RasPppoe - ok
14:48:55.0250 5648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:48:55.0250 5648 Raspti - ok
14:48:55.0281 5648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:48:55.0281 5648 Rdbss - ok
14:48:55.0296 5648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:48:55.0296 5648 RDPCDD - ok
14:48:55.0343 5648 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:48:55.0343 5648 RDPWD - ok
14:48:55.0390 5648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:48:55.0390 5648 redbook - ok
14:48:55.0437 5648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:48:55.0437 5648 Secdrv - ok
14:48:55.0468 5648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:48:55.0468 5648 serenum - ok
14:48:55.0484 5648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:48:55.0484 5648 Serial - ok
14:48:55.0484 5648 SetupNTGLM7X - ok
14:48:55.0515 5648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:48:55.0515 5648 Sfloppy - ok
14:48:55.0531 5648 Simbad - ok
14:48:55.0546 5648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:48:55.0546 5648 SLIP - ok
14:48:55.0562 5648 Sparrow - ok
14:48:55.0593 5648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:48:55.0593 5648 splitter - ok
14:48:55.0640 5648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:48:55.0656 5648 sr - ok
14:48:55.0703 5648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:48:55.0703 5648 Srv - ok
14:48:55.0750 5648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:48:55.0750 5648 ssmdrv - ok
14:48:55.0781 5648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:48:55.0781 5648 streamip - ok
14:48:55.0812 5648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:48:55.0812 5648 swenum - ok
14:48:55.0812 5648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:48:55.0812 5648 swmidi - ok
14:48:55.0828 5648 symc810 - ok
14:48:55.0843 5648 symc8xx - ok
14:48:55.0843 5648 sym_hi - ok
14:48:55.0875 5648 sym_u3 - ok
14:48:55.0921 5648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:48:55.0921 5648 sysaudio - ok
14:48:55.0968 5648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:48:55.0968 5648 Tcpip - ok
14:48:56.0015 5648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:48:56.0015 5648 TDPIPE - ok
14:48:56.0015 5648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:48:56.0015 5648 TDTCP - ok
14:48:56.0046 5648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:48:56.0046 5648 TermDD - ok
14:48:56.0046 5648 TosIde - ok
14:48:56.0093 5648 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
14:48:56.0093 5648 TrueSight - ok
14:48:56.0140 5648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:48:56.0140 5648 Udfs - ok
14:48:56.0171 5648 ultra - ok
14:48:56.0218 5648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:48:56.0234 5648 Update - ok
14:48:56.0265 5648 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:48:56.0265 5648 usbaudio - ok
14:48:56.0296 5648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:48:56.0296 5648 usbccgp - ok
14:48:56.0328 5648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:48:56.0328 5648 usbehci - ok
14:48:56.0343 5648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:48:56.0343 5648 usbhub - ok
14:48:56.0343 5648 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:48:56.0359 5648 usbohci - ok
14:48:56.0390 5648 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:48:56.0390 5648 usbscan - ok
14:48:56.0421 5648 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:48:56.0421 5648 USBSTOR - ok
14:48:56.0468 5648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:48:56.0468 5648 VgaSave - ok
14:48:56.0468 5648 ViaIde - ok
14:48:56.0515 5648 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:48:56.0515 5648 VolSnap - ok
14:48:56.0546 5648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:48:56.0546 5648 Wanarp - ok
14:48:56.0546 5648 WDICA - ok
14:48:56.0609 5648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:48:56.0609 5648 wdmaud - ok
14:48:56.0656 5648 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:48:56.0656 5648 WmiAcpi - ok
14:48:56.0718 5648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:48:56.0718 5648 WSTCODEC - ok
14:48:56.0750 5648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:48:56.0750 5648 WudfPf - ok
14:48:56.0765 5648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:48:56.0765 5648 WudfRd - ok
14:48:56.0781 5648 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
14:48:56.0796 5648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:48:56.0796 5648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:48:56.0812 5648 Boot (0x1200) (45be0b887d6641b2ec801755ba9704ca) \Device\Harddisk0\DR0\Partition0
14:48:56.0812 5648 \Device\Harddisk0\DR0\Partition0 - ok
14:48:56.0812 5648 ============================================================
14:48:56.0812 5648 Scan finished
14:48:56.0812 5648 ============================================================
14:48:56.0812 5320 Detected object count: 1
14:48:56.0812 5320 Actual detected object count: 1
14:49:20.0718 5320 \Device\Harddisk0\DR0\# - copied to quarantine
14:49:20.0718 5320 \Device\Harddisk0\DR0 - copied to quarantine
14:49:20.0734 5320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:49:20.0750 5320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:49:20.0750 5320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:49:20.0750 5320 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
14:49:20.0765 5320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:49:20.0765 5320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:49:20.0765 5320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:49:20.0781 5320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:49:20.0781 5320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:49:20.0781 5320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:49:20.0781 5320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:49:20.0796 5320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:49:20.0796 5320 \Device\Harddisk0\DR0 - ok
15:22:22.0234 5320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:23:04.0078 5884 Deinitialize success

-

The second scan (after I downloaded a new TDSSKiller.exe):

15:29:14.0828 3664 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:29:15.0328 3664 ============================================================
15:29:15.0328 3664 Current date / time: 2012/02/09 15:29:15.0328
15:29:15.0328 3664 SystemInfo:
15:29:15.0328 3664
15:29:15.0328 3664 OS Version: 5.1.2600 ServicePack: 3.0
15:29:15.0328 3664 Product type: Workstation
15:29:15.0328 3664 ComputerName: MICHAEL-B5BC8D0
15:29:15.0328 3664 UserName: Michael
15:29:15.0328 3664 Windows directory: C:\WINDOWS
15:29:15.0328 3664 System windows directory: C:\WINDOWS
15:29:15.0328 3664 Processor architecture: Intel x86
15:29:15.0328 3664 Number of processors: 2
15:29:15.0328 3664 Page size: 0x1000
15:29:15.0328 3664 Boot type: Normal boot
15:29:15.0328 3664 ============================================================
15:29:16.0062 3664 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:29:16.0062 3664 \Device\Harddisk0\DR0:
15:29:16.0062 3664 MBR used
15:29:16.0062 3664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
15:29:16.0546 3664 Initialize success
15:29:16.0546 3664 ============================================================
15:29:21.0046 3928 ============================================================
15:29:21.0046 3928 Scan started
15:29:21.0046 3928 Mode: Manual;
15:29:21.0046 3928 ============================================================
15:29:21.0390 3928 Abiosdsk - ok
15:29:21.0390 3928 abp480n5 - ok
15:29:21.0453 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:29:21.0453 3928 ACPI - ok
15:29:21.0500 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:29:21.0500 3928 ACPIEC - ok
15:29:21.0515 3928 adpu160m - ok
15:29:21.0625 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:29:21.0625 3928 aec - ok
15:29:21.0671 3928 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
15:29:21.0671 3928 Afc - ok
15:29:21.0703 3928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:29:21.0718 3928 AFD - ok
15:29:21.0718 3928 Aha154x - ok
15:29:21.0734 3928 aic78u2 - ok
15:29:21.0734 3928 aic78xx - ok
15:29:21.0750 3928 AliIde - ok
15:29:21.0765 3928 amsint - ok
15:29:21.0812 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:29:21.0812 3928 Arp1394 - ok
15:29:21.0828 3928 asc - ok
15:29:21.0828 3928 asc3350p - ok
15:29:21.0843 3928 asc3550 - ok
15:29:21.0906 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:29:21.0906 3928 AsyncMac - ok
15:29:21.0937 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:29:21.0937 3928 atapi - ok
15:29:21.0937 3928 Atdisk - ok
15:29:21.0953 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:29:21.0953 3928 Atmarpc - ok
15:29:22.0000 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:29:22.0000 3928 audstub - ok
15:29:22.0218 3928 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Documents and Settings\Michael\My Documents\My Programs\Avira AntiVir Personal\Avira\AntiVir Desktop\avgio.sys
15:29:22.0218 3928 avgio - ok
15:29:22.0265 3928 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:29:22.0265 3928 avgntflt - ok
15:29:22.0281 3928 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:29:22.0281 3928 avipbb - ok
15:29:22.0343 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:29:22.0343 3928 Beep - ok
15:29:22.0375 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:29:22.0375 3928 cbidf2k - ok
15:29:22.0406 3928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:29:22.0406 3928 CCDECODE - ok
15:29:22.0421 3928 cd20xrnt - ok
15:29:22.0421 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:29:22.0421 3928 Cdaudio - ok
15:29:22.0453 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:29:22.0453 3928 Cdfs - ok
15:29:22.0484 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:29:22.0484 3928 Cdrom - ok
15:29:22.0500 3928 Changer - ok
15:29:22.0531 3928 CmdIde - ok
15:29:22.0546 3928 Cpqarray - ok
15:29:22.0593 3928 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:29:22.0593 3928 ctsfm2k - ok
15:29:22.0625 3928 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:29:22.0625 3928 CTUSFSYN - ok
15:29:22.0625 3928 dac2w2k - ok
15:29:22.0640 3928 dac960nt - ok
15:29:22.0656 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:29:22.0656 3928 Disk - ok
15:29:22.0703 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:29:22.0718 3928 dmboot - ok
15:29:22.0734 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:29:22.0734 3928 dmio - ok
15:29:22.0750 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:29:22.0750 3928 dmload - ok
15:29:22.0796 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:29:22.0796 3928 DMusic - ok
15:29:22.0812 3928 dpti2o - ok
15:29:22.0812 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:29:22.0812 3928 drmkaud - ok
15:29:22.0859 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:29:22.0859 3928 Fastfat - ok
15:29:22.0890 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:29:22.0890 3928 Fdc - ok
15:29:22.0921 3928 FilterService (64795f5368272d034a108d34c0f4e44f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:29:22.0921 3928 FilterService - ok
15:29:22.0953 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:29:22.0953 3928 Fips - ok
15:29:22.0968 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:29:22.0968 3928 Flpydisk - ok
15:29:23.0015 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:29:23.0015 3928 FltMgr - ok
15:29:23.0031 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:29:23.0031 3928 Fs_Rec - ok
15:29:23.0031 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:29:23.0046 3928 Ftdisk - ok
15:29:23.0046 3928 GMSIPCI - ok
15:29:23.0078 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:29:23.0078 3928 Gpc - ok
15:29:23.0125 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:29:23.0125 3928 HDAudBus - ok
15:29:23.0171 3928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:29:23.0171 3928 HidUsb - ok
15:29:23.0171 3928 hpn - ok
15:29:23.0218 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:29:23.0234 3928 HTTP - ok
15:29:23.0234 3928 i2omgmt - ok
15:29:23.0250 3928 i2omp - ok
15:29:23.0296 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:29:23.0296 3928 i8042prt - ok
15:29:23.0312 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:29:23.0312 3928 Imapi - ok
15:29:23.0312 3928 ini910u - ok
15:29:23.0484 3928 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:29:23.0515 3928 IntcAzAudAddService - ok
15:29:23.0515 3928 IntelIde - ok
15:29:23.0578 3928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:29:23.0578 3928 intelppm - ok
15:29:23.0609 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:29:23.0609 3928 Ip6Fw - ok
15:29:23.0640 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:29:23.0640 3928 IpFilterDriver - ok
15:29:23.0640 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:29:23.0640 3928 IpInIp - ok
15:29:23.0656 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:29:23.0656 3928 IpNat - ok
15:29:23.0671 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:29:23.0671 3928 IPSec - ok
15:29:23.0687 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:29:23.0687 3928 IRENUM - ok
15:29:23.0734 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:29:23.0734 3928 isapnp - ok
15:29:23.0781 3928 itchfltr (f905a2e4a3a8db0f8c41d90cf830b4ca) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
15:29:23.0781 3928 itchfltr - ok
15:29:23.0796 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:29:23.0796 3928 Kbdclass - ok
15:29:23.0828 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:29:23.0828 3928 kmixer - ok
15:29:23.0859 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:29:23.0859 3928 KSecDD - ok
15:29:23.0875 3928 lbrtfdc - ok
15:29:24.0031 3928 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:29:24.0062 3928 LVcKap - ok
15:29:24.0171 3928 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:29:24.0234 3928 LVMVDrv - ok
15:29:24.0296 3928 lvpopflt (2154ea3701f4f1f8f2ab7750b41f149b) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:29:24.0359 3928 lvpopflt - ok
15:29:24.0375 3928 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
15:29:24.0375 3928 LVPr2Mon - ok
15:29:24.0406 3928 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
15:29:24.0406 3928 lvselsus - ok
15:29:24.0437 3928 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
15:29:24.0437 3928 LVUSBSta - ok
15:29:24.0515 3928 LVUVC (b48e599a8cf96876760c7ee62c1352ec) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:29:24.0531 3928 LVUVC - ok
15:29:24.0578 3928 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:29:24.0578 3928 MBAMProtector - ok
15:29:24.0625 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:29:24.0625 3928 mnmdd - ok
15:29:24.0656 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:29:24.0656 3928 Modem - ok
15:29:24.0687 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:29:24.0687 3928 Mouclass - ok
15:29:24.0703 3928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:29:24.0703 3928 mouhid - ok
15:29:24.0734 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:29:24.0734 3928 MountMgr - ok
15:29:24.0734 3928 mraid35x - ok
15:29:24.0750 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:29:24.0750 3928 MRxDAV - ok
15:29:24.0812 3928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:29:24.0828 3928 MRxSmb - ok
15:29:24.0843 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:29:24.0843 3928 Msfs - ok
15:29:24.0843 3928 MSICPL - ok
15:29:24.0890 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:29:24.0890 3928 MSKSSRV - ok
15:29:24.0906 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:29:24.0906 3928 MSPCLOCK - ok
15:29:24.0921 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:29:24.0921 3928 MSPQM - ok
15:29:24.0968 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:29:24.0968 3928 mssmbios - ok
15:29:25.0000 3928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:29:25.0000 3928 MSTEE - ok
15:29:25.0046 3928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:29:25.0046 3928 Mup - ok
15:29:25.0078 3928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:29:25.0078 3928 NABTSFEC - ok
15:29:25.0109 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:29:25.0125 3928 NDIS - ok
15:29:25.0140 3928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:29:25.0140 3928 NdisIP - ok
15:29:25.0171 3928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:29:25.0171 3928 NdisTapi - ok
15:29:25.0218 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:29:25.0218 3928 Ndisuio - ok
15:29:25.0218 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:29:25.0234 3928 NdisWan - ok
15:29:25.0265 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:29:25.0265 3928 NDProxy - ok
15:29:25.0281 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:29:25.0281 3928 NetBIOS - ok
15:29:25.0296 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:29:25.0296 3928 NetBT - ok
15:29:25.0359 3928 netwg311 (95694fc00ba1a488f2987c3db926e19f) C:\WINDOWS\system32\DRIVERS\netwg311.sys
15:29:25.0359 3928 netwg311 - ok
15:29:25.0406 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:29:25.0406 3928 NIC1394 - ok
15:29:25.0421 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:29:25.0421 3928 Npfs - ok
15:29:25.0421 3928 NTACCESS - ok
15:29:25.0437 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:29:25.0437 3928 Ntfs - ok
15:29:25.0453 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:29:25.0453 3928 Null - ok
15:29:25.0671 3928 nv (0da811df2e794de3c02f945f3e8b94e8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:29:25.0843 3928 nv - ok
15:29:25.0890 3928 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:29:25.0890 3928 NVENETFD - ok
15:29:25.0906 3928 NVHDA (7466677b20d0aba7baf1b43e09f4e881) C:\WINDOWS\system32\drivers\nvhda32.sys
15:29:25.0906 3928 NVHDA - ok
15:29:25.0953 3928 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:29:25.0953 3928 nvnetbus - ok
15:29:25.0968 3928 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
15:29:25.0968 3928 nvsmu - ok
15:29:26.0000 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:29:26.0000 3928 NwlnkFlt - ok
15:29:26.0015 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:29:26.0015 3928 NwlnkFwd - ok
15:29:26.0031 3928 odysseyIM3 (5dcc587deba479b1f8e33aa8fb079b8a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
15:29:26.0031 3928 odysseyIM3 - ok
15:29:26.0062 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:29:26.0062 3928 ohci1394 - ok
15:29:26.0109 3928 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:29:26.0109 3928 ossrv - ok
15:29:26.0156 3928 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
15:29:26.0156 3928 P17xfi - ok
15:29:26.0203 3928 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
15:29:26.0250 3928 p17xfilt - ok
15:29:26.0296 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:29:26.0296 3928 Parport - ok
15:29:26.0296 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:29:26.0296 3928 PartMgr - ok
15:29:26.0312 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:29:26.0312 3928 ParVdm - ok
15:29:26.0328 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:29:26.0328 3928 PCI - ok
15:29:26.0328 3928 PCIDump - ok
15:29:26.0359 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:29:26.0375 3928 PCIIde - ok
15:29:26.0390 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:29:26.0406 3928 Pcmcia - ok
15:29:26.0406 3928 PDCOMP - ok
15:29:26.0421 3928 PDFRAME - ok
15:29:26.0437 3928 PDRELI - ok
15:29:26.0453 3928 PDRFRAME - ok
15:29:26.0453 3928 perc2 - ok
15:29:26.0468 3928 perc2hib - ok
15:29:26.0515 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:29:26.0515 3928 PptpMiniport - ok
15:29:26.0515 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:29:26.0515 3928 PSched - ok
15:29:26.0531 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:29:26.0531 3928 Ptilink - ok
15:29:26.0546 3928 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:29:26.0546 3928 PxHelp20 - ok
15:29:26.0562 3928 ql1080 - ok
15:29:26.0578 3928 Ql10wnt - ok
15:29:26.0578 3928 ql12160 - ok
15:29:26.0593 3928 ql1240 - ok
15:29:26.0625 3928 ql1280 - ok
15:29:26.0640 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:29:26.0640 3928 RasAcd - ok
15:29:26.0671 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:29:26.0671 3928 Rasl2tp - ok
15:29:26.0671 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:29:26.0687 3928 RasPppoe - ok
15:29:26.0687 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:29:26.0687 3928 Raspti - ok
15:29:26.0718 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:29:26.0718 3928 Rdbss - ok
15:29:26.0734 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:29:26.0734 3928 RDPCDD - ok
15:29:26.0781 3928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:29:26.0781 3928 RDPWD - ok
15:29:26.0828 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:29:26.0828 3928 redbook - ok
15:29:26.0875 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:29:26.0875 3928 Secdrv - ok
15:29:26.0906 3928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:29:26.0906 3928 serenum - ok
15:29:26.0921 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:29:26.0921 3928 Serial - ok
15:29:26.0937 3928 SetupNTGLM7X - ok
15:29:26.0953 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:29:26.0953 3928 Sfloppy - ok
15:29:26.0953 3928 Simbad - ok
15:29:27.0000 3928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:29:27.0000 3928 SLIP - ok
15:29:27.0000 3928 Sparrow - ok
15:29:27.0078 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:29:27.0078 3928 splitter - ok
15:29:27.0125 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:29:27.0125 3928 sr - ok
15:29:27.0171 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:29:27.0187 3928 Srv - ok
15:29:27.0234 3928 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:29:27.0234 3928 ssmdrv - ok
15:29:27.0265 3928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:29:27.0265 3928 streamip - ok
15:29:27.0281 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:29:27.0281 3928 swenum - ok
15:29:27.0296 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:29:27.0296 3928 swmidi - ok
15:29:27.0312 3928 symc810 - ok
15:29:27.0328 3928 symc8xx - ok
15:29:27.0328 3928 sym_hi - ok
15:29:27.0343 3928 sym_u3 - ok
15:29:27.0375 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:29:27.0375 3928 sysaudio - ok
15:29:27.0421 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:29:27.0437 3928 Tcpip - ok
15:29:27.0468 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:29:27.0468 3928 TDPIPE - ok
15:29:27.0484 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:29:27.0484 3928 TDTCP - ok
15:29:27.0500 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:29:27.0500 3928 TermDD - ok
15:29:27.0500 3928 TosIde - ok
15:29:27.0546 3928 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
15:29:27.0562 3928 TrueSight - ok
15:29:27.0593 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:29:27.0593 3928 Udfs - ok
15:29:27.0625 3928 ultra - ok
15:29:27.0671 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:29:27.0671 3928 Update - ok
15:29:27.0734 3928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:29:27.0734 3928 usbaudio - ok
15:29:27.0781 3928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:29:27.0781 3928 usbccgp - ok
15:29:27.0812 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:29:27.0812 3928 usbehci - ok
15:29:27.0812 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:29:27.0828 3928 usbhub - ok
15:29:27.0828 3928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:29:27.0828 3928 usbohci - ok
15:29:27.0875 3928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:29:27.0875 3928 usbscan - ok
15:29:27.0906 3928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:29:27.0906 3928 USBSTOR - ok
15:29:27.0937 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:29:27.0937 3928 VgaSave - ok
15:29:27.0953 3928 ViaIde - ok
15:29:28.0000 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:29:28.0000 3928 VolSnap - ok
15:29:28.0031 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:29:28.0031 3928 Wanarp - ok
15:29:28.0031 3928 WDICA - ok
15:29:28.0078 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:29:28.0093 3928 wdmaud - ok
15:29:28.0140 3928 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:29:28.0140 3928 WmiAcpi - ok
15:29:28.0187 3928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:29:28.0187 3928 WSTCODEC - ok
15:29:28.0218 3928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:29:28.0218 3928 WudfPf - ok
15:29:28.0234 3928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:29:28.0234 3928 WudfRd - ok
15:29:28.0265 3928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:29:28.0468 3928 \Device\Harddisk0\DR0 - ok
15:29:28.0468 3928 Boot (0x1200) (45be0b887d6641b2ec801755ba9704ca) \Device\Harddisk0\DR0\Partition0
15:29:28.0468 3928 \Device\Harddisk0\DR0\Partition0 - ok
15:29:28.0468 3928 ============================================================
15:29:28.0468 3928 Scan finished
15:29:28.0468 3928 ============================================================
15:29:28.0468 3620 Detected object count: 0
15:29:28.0468 3620 Actual detected object count: 0

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:12 AM

Posted 09 February 2012 - 07:01 PM

Good news :)

How is computer doing?

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users