Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My system is infected again


  • Please log in to reply
14 replies to this topic

#1 banditz

banditz

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 February 2012 - 01:18 PM

I am running xp sp3 and ie8 if you need to know.I can use it in safe mode but get a bsod in regular mode saying something about kdcom.dll. So. I will be using my laptop to communicate with you and will transfer files and logs between the 2 computers.

Here's whats going on.

Malwarebytes kept blocking websites (141.136.16.151, 88.214.193.251, 141.136.16.77, 173.236.35.99) online and offline. PC running slow also.

I ran malwarebytes and cleaned up what it found and we
hen I restarted I got the BSOD.

Please let me know what I need to do to get it back in shape.

Thank you very much,
-Rich

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 22 February 2012 - 01:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC into regular mode

Run TDSSkiller once again to make sure it comes out clean

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 February 2012 - 01:55 PM

Here is the first tdsskiller log:
Also after reboot and 2nd run it still shows the same 2 files that were skipped the first time (locked file sptd service and TDSS File System Physical drive:\device\Harddisk0\DRO).Should they be deleted?

13:41:43.0312 3712 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:41:44.0187 3712 ============================================================
13:41:44.0187 3712 Current date / time: 2012/02/22 13:41:44.0187
13:41:44.0187 3712 SystemInfo:
13:41:44.0187 3712
13:41:44.0187 3712 OS Version: 5.1.2600 ServicePack: 3.0
13:41:44.0187 3712 Product type: Workstation
13:41:44.0187 3712 ComputerName: BOSS
13:41:44.0218 3712 UserName: Rich
13:41:44.0218 3712 Windows directory: C:\WINDOWS
13:41:44.0218 3712 System windows directory: C:\WINDOWS
13:41:44.0218 3712 Processor architecture: Intel x86
13:41:44.0218 3712 Number of processors: 1
13:41:44.0218 3712 Page size: 0x1000
13:41:44.0218 3712 Boot type: Safe boot with network
13:41:44.0218 3712 ============================================================
13:41:53.0718 3712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:41:53.0734 3712 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:41:53.0750 3712 Drive \Device\Harddisk2\DR4 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:41:53.0750 3712 \Device\Harddisk0\DR0:
13:41:53.0750 3712 MBR used
13:41:53.0750 3712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:41:53.0750 3712 \Device\Harddisk1\DR1:
13:41:53.0750 3712 MBR used
13:41:53.0750 3712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
13:41:53.0750 3712 \Device\Harddisk2\DR4:
13:41:53.0750 3712 MBR used
13:41:53.0750 3712 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
13:41:54.0328 3712 Initialize success
13:41:54.0328 3712 ============================================================
13:42:50.0500 3804 ============================================================
13:42:50.0500 3804 Scan started
13:42:50.0500 3804 Mode: Manual; TDLFS;
13:42:50.0500 3804 ============================================================
13:42:52.0453 3804 Abiosdsk - ok
13:42:52.0515 3804 abp480n5 - ok
13:42:52.0609 3804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:42:52.0625 3804 ACPI - ok
13:42:52.0703 3804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:42:52.0703 3804 ACPIEC - ok
13:42:52.0750 3804 adpu160m - ok
13:42:52.0812 3804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:42:52.0812 3804 aec - ok
13:42:52.0906 3804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:42:52.0921 3804 AFD - ok
13:42:52.0953 3804 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:42:52.0953 3804 agp440 - ok
13:42:52.0984 3804 Aha154x - ok
13:42:53.0031 3804 aic78u2 - ok
13:42:53.0062 3804 aic78xx - ok
13:42:53.0093 3804 akqim - ok
13:42:53.0187 3804 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
13:42:53.0187 3804 aksfridge - ok
13:42:53.0250 3804 AliIde - ok
13:42:53.0296 3804 amsint - ok
13:42:53.0359 3804 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
13:42:53.0390 3804 AnyDVD - ok
13:42:53.0484 3804 asc - ok
13:42:53.0531 3804 asc3350p - ok
13:42:53.0578 3804 asc3550 - ok
13:42:53.0687 3804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:42:53.0687 3804 AsyncMac - ok
13:42:53.0718 3804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:42:53.0718 3804 atapi - ok
13:42:53.0765 3804 Atdisk - ok
13:42:53.0843 3804 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:42:53.0875 3804 ati2mtag - ok
13:42:53.0937 3804 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
13:42:53.0937 3804 atinrvxx - ok
13:42:53.0984 3804 ATITUNEP (edd66332608d27f4fd5069bcd0bc5164) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
13:42:54.0000 3804 ATITUNEP - ok
13:42:54.0046 3804 ativraxx (da36687d701c833430605a298731410b) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
13:42:54.0046 3804 ativraxx - ok
13:42:54.0093 3804 ATIXSAudio (77b575d7aab35d5908ae6ce681608d62) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
13:42:54.0093 3804 ATIXSAudio - ok
13:42:54.0156 3804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:42:54.0156 3804 Atmarpc - ok
13:42:54.0234 3804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:42:54.0234 3804 audstub - ok
13:42:54.0296 3804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:42:54.0312 3804 Beep - ok
13:42:54.0515 3804 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
13:42:54.0546 3804 BHDrvx86 - ok
13:42:54.0640 3804 btaudio - ok
13:42:54.0671 3804 BTCFilterService - ok
13:42:54.0718 3804 BTDriver - ok
13:42:54.0750 3804 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:42:54.0765 3804 BthEnum - ok
13:42:54.0812 3804 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
13:42:54.0812 3804 BTHMODEM - ok
13:42:54.0875 3804 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:42:54.0875 3804 BthPan - ok
13:42:54.0921 3804 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:42:54.0937 3804 BTHPORT - ok
13:42:55.0015 3804 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:42:55.0015 3804 BTHUSB - ok
13:42:55.0062 3804 BTWDNDIS - ok
13:42:55.0093 3804 btwhid - ok
13:42:55.0203 3804 catchme - ok
13:42:55.0265 3804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:42:55.0281 3804 cbidf2k - ok
13:42:55.0343 3804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:42:55.0343 3804 CCDECODE - ok
13:42:55.0421 3804 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
13:42:55.0437 3804 ccSet_NIS - ok
13:42:55.0484 3804 cd20xrnt - ok
13:42:55.0562 3804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:42:55.0562 3804 Cdaudio - ok
13:42:55.0609 3804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:42:55.0609 3804 Cdfs - ok
13:42:55.0687 3804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:42:55.0687 3804 Cdrom - ok
13:42:55.0718 3804 Changer - ok
13:42:55.0859 3804 CmdIde - ok
13:42:55.0953 3804 Cpqarray - ok
13:42:56.0046 3804 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
13:42:56.0046 3804 ctsfm2k - ok
13:42:56.0093 3804 dac2w2k - ok
13:42:56.0140 3804 dac960nt - ok
13:42:56.0250 3804 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
13:42:56.0250 3804 dgderdrv - ok
13:42:56.0328 3804 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
13:42:56.0375 3804 dg_ssudbus - ok
13:42:56.0453 3804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:42:56.0453 3804 Disk - ok
13:42:56.0562 3804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:42:56.0578 3804 dmboot - ok
13:42:56.0656 3804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:42:56.0656 3804 dmio - ok
13:42:56.0703 3804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:42:56.0703 3804 dmload - ok
13:42:56.0781 3804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:42:56.0781 3804 DMusic - ok
13:42:56.0859 3804 dpti2o - ok
13:42:56.0937 3804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:42:56.0937 3804 drmkaud - ok
13:42:57.0000 3804 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:42:57.0015 3804 E100B - ok
13:42:57.0140 3804 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:42:57.0156 3804 eeCtrl - ok
13:42:57.0265 3804 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
13:42:57.0265 3804 ElbyCDIO - ok
13:42:57.0328 3804 EraserUtilDrv11122 - ok
13:42:57.0406 3804 EraserUtilRebootDrv - ok
13:42:57.0531 3804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:42:57.0546 3804 Fastfat - ok
13:42:57.0625 3804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:42:57.0625 3804 Fdc - ok
13:42:57.0687 3804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:42:57.0687 3804 Fips - ok
13:42:57.0750 3804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:42:57.0750 3804 Flpydisk - ok
13:42:57.0828 3804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:42:57.0828 3804 FltMgr - ok
13:42:57.0906 3804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:42:57.0906 3804 Fs_Rec - ok
13:42:57.0953 3804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:42:57.0968 3804 Ftdisk - ok
13:42:58.0031 3804 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:42:58.0031 3804 gameenum - ok
13:42:58.0125 3804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:42:58.0125 3804 GEARAspiWDM - ok
13:42:58.0171 3804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:42:58.0171 3804 Gpc - ok
13:42:58.0250 3804 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
13:42:58.0281 3804 Hardlock - ok
13:42:58.0375 3804 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
13:42:58.0375 3804 Haspnt - ok
13:42:58.0484 3804 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:42:58.0500 3804 HidUsb - ok
13:42:58.0546 3804 hpn - ok
13:42:58.0671 3804 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:42:58.0671 3804 HPZid412 - ok
13:42:58.0734 3804 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:42:58.0734 3804 HPZipr12 - ok
13:42:58.0796 3804 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:42:58.0796 3804 HPZius12 - ok
13:42:58.0921 3804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:42:58.0937 3804 HTTP - ok
13:42:59.0000 3804 i2omgmt - ok
13:42:59.0046 3804 i2omp - ok
13:42:59.0125 3804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:42:59.0125 3804 i8042prt - ok
13:42:59.0218 3804 IDMTDI (d890bcc3070242f6ba34744bba756152) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
13:42:59.0218 3804 IDMTDI - ok
13:42:59.0453 3804 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120218.003\IDSxpx86.sys
13:42:59.0484 3804 IDSxpx86 - ok
13:42:59.0531 3804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:42:59.0531 3804 Imapi - ok
13:42:59.0625 3804 ini910u - ok
13:42:59.0687 3804 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:42:59.0687 3804 IntelIde - ok
13:42:59.0750 3804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:42:59.0750 3804 intelppm - ok
13:42:59.0843 3804 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:42:59.0843 3804 ip6fw - ok
13:42:59.0921 3804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:42:59.0921 3804 IpFilterDriver - ok
13:42:59.0984 3804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:42:59.0984 3804 IpInIp - ok
13:43:00.0046 3804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:43:00.0046 3804 IpNat - ok
13:43:00.0125 3804 iPodDrv - ok
13:43:00.0203 3804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:43:00.0203 3804 IPSec - ok
13:43:00.0265 3804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:43:00.0265 3804 IRENUM - ok
13:43:00.0343 3804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:43:00.0343 3804 isapnp - ok
13:43:00.0375 3804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:43:00.0375 3804 Kbdclass - ok
13:43:00.0468 3804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:43:00.0468 3804 kbdhid - ok
13:43:00.0515 3804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:43:00.0531 3804 kmixer - ok
13:43:00.0578 3804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:43:00.0593 3804 KSecDD - ok
13:43:00.0703 3804 lbrtfdc - ok
13:43:00.0796 3804 libusb0 (05c10e70b437841f31e1bfa8812895ba) C:\WINDOWS\system32\DRIVERS\libusb0.sys
13:43:00.0796 3804 libusb0 - ok
13:43:00.0968 3804 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:43:00.0968 3804 MBAMProtector - ok
13:43:01.0062 3804 MCSTRM - ok
13:43:01.0140 3804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:43:01.0156 3804 mnmdd - ok
13:43:01.0250 3804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:43:01.0265 3804 Modem - ok
13:43:01.0312 3804 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
13:43:01.0312 3804 motandroidusb - ok
13:43:01.0343 3804 motccgp - ok
13:43:01.0375 3804 motccgpfl - ok
13:43:01.0437 3804 MotDev - ok
13:43:01.0484 3804 motmodem - ok
13:43:01.0546 3804 MotoSwitchService - ok
13:43:01.0593 3804 Motousbnet - ok
13:43:01.0640 3804 motusbdevice - ok
13:43:01.0703 3804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:43:01.0703 3804 Mouclass - ok
13:43:01.0765 3804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:43:01.0765 3804 mouhid - ok
13:43:01.0828 3804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:43:01.0828 3804 MountMgr - ok
13:43:01.0859 3804 mraid35x - ok
13:43:01.0937 3804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:43:01.0937 3804 MRxDAV - ok
13:43:02.0031 3804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:43:02.0062 3804 MRxSmb - ok
13:43:02.0171 3804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:43:02.0171 3804 Msfs - ok
13:43:02.0234 3804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:43:02.0250 3804 MSKSSRV - ok
13:43:02.0281 3804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:43:02.0281 3804 MSPCLOCK - ok
13:43:02.0343 3804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:43:02.0343 3804 MSPQM - ok
13:43:02.0406 3804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:43:02.0406 3804 mssmbios - ok
13:43:02.0500 3804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:43:02.0500 3804 MSTEE - ok
13:43:02.0578 3804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:43:02.0578 3804 Mup - ok
13:43:02.0640 3804 MVDCODEC (ed4c2bf8403f4437987c0ba09cf48716) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
13:43:02.0640 3804 MVDCODEC - ok
13:43:02.0734 3804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:43:02.0734 3804 NABTSFEC - ok
13:43:02.0968 3804 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120221.018\NAVENG.SYS
13:43:02.0968 3804 NAVENG - ok
13:43:03.0109 3804 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120221.018\NAVEX15.SYS
13:43:03.0156 3804 NAVEX15 - ok
13:43:03.0281 3804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:43:03.0296 3804 NDIS - ok
13:43:03.0343 3804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:43:03.0343 3804 NdisIP - ok
13:43:03.0390 3804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:43:03.0406 3804 NdisTapi - ok
13:43:03.0453 3804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:43:03.0453 3804 Ndisuio - ok
13:43:03.0531 3804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:43:03.0531 3804 NdisWan - ok
13:43:03.0593 3804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:43:03.0593 3804 NDProxy - ok
13:43:03.0703 3804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:43:03.0703 3804 NetBIOS - ok
13:43:03.0765 3804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:43:03.0765 3804 NetBT - ok
13:43:03.0984 3804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:43:04.0000 3804 Npfs - ok
13:43:04.0078 3804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:43:04.0109 3804 Ntfs - ok
13:43:04.0234 3804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:43:04.0234 3804 Null - ok
13:43:04.0390 3804 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:43:04.0453 3804 nv - ok
13:43:04.0531 3804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:43:04.0531 3804 NwlnkFlt - ok
13:43:04.0578 3804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:43:04.0578 3804 NwlnkFwd - ok
13:43:04.0625 3804 onsneo - ok
13:43:04.0750 3804 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
13:43:04.0765 3804 ossrv - ok
13:43:04.0843 3804 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
13:43:04.0890 3804 P16X - ok
13:43:04.0968 3804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:43:04.0968 3804 Parport - ok
13:43:05.0031 3804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:43:05.0031 3804 PartMgr - ok
13:43:05.0078 3804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:43:05.0078 3804 ParVdm - ok
13:43:05.0125 3804 PCDCODEC (e90ac2b14e98f1a4372e5891b4278784) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
13:43:05.0125 3804 PCDCODEC - ok
13:43:05.0203 3804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:43:05.0203 3804 PCI - ok
13:43:05.0265 3804 PCIDump - ok
13:43:05.0328 3804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:43:05.0328 3804 PCIIde - ok
13:43:05.0375 3804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:43:05.0390 3804 Pcmcia - ok
13:43:05.0421 3804 PDCOMP - ok
13:43:05.0468 3804 PDFRAME - ok
13:43:05.0515 3804 PDRELI - ok
13:43:05.0562 3804 PDRFRAME - ok
13:43:05.0593 3804 perc2 - ok
13:43:05.0640 3804 perc2hib - ok
13:43:05.0781 3804 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
13:43:05.0796 3804 PfModNT - ok
13:43:05.0906 3804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:43:05.0906 3804 PptpMiniport - ok
13:43:05.0953 3804 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:43:05.0953 3804 Processor - ok
13:43:06.0031 3804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:43:06.0031 3804 PSched - ok
13:43:06.0140 3804 pssnap (830b3ac88cf4ab9547f9ba484037819b) C:\WINDOWS\system32\DRIVERS\pssnap.sys
13:43:06.0140 3804 pssnap - ok
13:43:06.0234 3804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:43:06.0234 3804 Ptilink - ok
13:43:06.0343 3804 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:43:06.0359 3804 PxHelp20 - ok
13:43:06.0421 3804 ql1080 - ok
13:43:06.0484 3804 Ql10wnt - ok
13:43:06.0531 3804 ql12160 - ok
13:43:06.0625 3804 ql1240 - ok
13:43:06.0671 3804 ql1280 - ok
13:43:06.0750 3804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:43:06.0750 3804 RasAcd - ok
13:43:06.0812 3804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:43:06.0812 3804 Rasl2tp - ok
13:43:06.0875 3804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:43:06.0890 3804 RasPppoe - ok
13:43:06.0937 3804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:43:06.0937 3804 Raspti - ok
13:43:07.0015 3804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:43:07.0015 3804 Rdbss - ok
13:43:07.0078 3804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:43:07.0078 3804 RDPCDD - ok
13:43:07.0156 3804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:43:07.0156 3804 rdpdr - ok
13:43:07.0265 3804 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:43:07.0265 3804 RDPWD - ok
13:43:07.0359 3804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:43:07.0359 3804 redbook - ok
13:43:07.0453 3804 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:43:07.0453 3804 RFCOMM - ok
13:43:07.0562 3804 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:43:07.0578 3804 RTL8023xp - ok
13:43:07.0640 3804 SABProcEnum - ok
13:43:07.0796 3804 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:43:07.0796 3804 SASKUTIL - ok
13:43:07.0890 3804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:43:07.0890 3804 Secdrv - ok
13:43:08.0015 3804 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
13:43:08.0015 3804 Sentinel - ok
13:43:08.0093 3804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:43:08.0109 3804 serenum - ok
13:43:08.0171 3804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:43:08.0187 3804 Serial - ok
13:43:08.0359 3804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:43:08.0359 3804 Sfloppy - ok
13:43:08.0421 3804 Simbad - ok
13:43:08.0500 3804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:43:08.0500 3804 SLIP - ok
13:43:08.0578 3804 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
13:43:08.0578 3804 Sntnlusb - ok
13:43:08.0625 3804 Sparrow - ok
13:43:08.0687 3804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:43:08.0687 3804 splitter - ok
13:43:08.0781 3804 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
13:43:08.0781 3804 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
13:43:08.0796 3804 sptd ( LockedFile.Multi.Generic ) - warning
13:43:08.0796 3804 sptd - detected LockedFile.Multi.Generic (1)
13:43:08.0890 3804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:43:08.0890 3804 sr - ok
13:43:09.0046 3804 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS
13:43:09.0078 3804 SRTSP - ok
13:43:09.0203 3804 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
13:43:09.0203 3804 SRTSPX - ok
13:43:09.0265 3804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:43:09.0281 3804 Srv - ok
13:43:09.0468 3804 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
13:43:09.0484 3804 ssudmdm - ok
13:43:09.0546 3804 st3wolf (1e9a652d898cc96038e5e5554f79c49f) C:\WINDOWS\system32\DRIVERS\st3wolf.sys
13:43:09.0546 3804 st3wolf - ok
13:43:09.0640 3804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:43:09.0656 3804 streamip - ok
13:43:09.0734 3804 stwlfbus (24e09d134304fbc605626fced3e4cb50) C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
13:43:09.0734 3804 stwlfbus - ok
13:43:09.0812 3804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:43:09.0812 3804 swenum - ok
13:43:09.0921 3804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:43:09.0921 3804 swmidi - ok
13:43:09.0984 3804 symc810 - ok
13:43:10.0046 3804 symc8xx - ok
13:43:10.0140 3804 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
13:43:10.0156 3804 SymDS - ok
13:43:10.0250 3804 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
13:43:10.0281 3804 SymEFA - ok
13:43:10.0359 3804 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:43:10.0359 3804 SymEvent - ok
13:43:10.0421 3804 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
13:43:10.0437 3804 SymIRON - ok
13:43:10.0515 3804 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS
13:43:10.0531 3804 SYMTDI - ok
13:43:10.0578 3804 sym_hi - ok
13:43:10.0625 3804 sym_u3 - ok
13:43:10.0671 3804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:43:10.0671 3804 sysaudio - ok
13:43:10.0781 3804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:43:10.0796 3804 Tcpip - ok
13:43:10.0937 3804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:43:10.0937 3804 TDPIPE - ok
13:43:11.0015 3804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:43:11.0015 3804 TDTCP - ok
13:43:11.0093 3804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:43:11.0093 3804 TermDD - ok
13:43:11.0203 3804 thdudf (9d4bbd6e27b5562aea8295de7134e386) C:\WINDOWS\system32\DRIVERS\thdudf.sys
13:43:11.0203 3804 thdudf - ok
13:43:11.0312 3804 TosIde - ok
13:43:11.0406 3804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:43:11.0406 3804 Udfs - ok
13:43:11.0453 3804 ultra - ok
13:43:11.0546 3804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:43:11.0562 3804 Update - ok
13:43:11.0656 3804 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:43:11.0656 3804 USBAAPL - ok
13:43:11.0718 3804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:43:11.0718 3804 usbccgp - ok
13:43:11.0781 3804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:43:11.0781 3804 usbehci - ok
13:43:11.0828 3804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:43:11.0828 3804 usbhub - ok
13:43:11.0890 3804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:43:11.0890 3804 usbprint - ok
13:43:11.0968 3804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:43:11.0968 3804 usbscan - ok
13:43:12.0031 3804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:43:12.0031 3804 USBSTOR - ok
13:43:12.0078 3804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:43:12.0078 3804 usbuhci - ok
13:43:12.0140 3804 vdiskbus (d1528fa039ff71779a3ea6296f746a23) C:\WINDOWS\system32\DRIVERS\vdiskbus.sys
13:43:12.0156 3804 vdiskbus - ok
13:43:12.0203 3804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:43:12.0203 3804 VgaSave - ok
13:43:12.0234 3804 ViaIde - ok
13:43:12.0312 3804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:43:12.0312 3804 VolSnap - ok
13:43:12.0484 3804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:43:12.0484 3804 Wanarp - ok
13:43:12.0562 3804 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:43:12.0578 3804 Wdf01000 - ok
13:43:12.0625 3804 WDICA - ok
13:43:12.0703 3804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:43:12.0703 3804 wdmaud - ok
13:43:12.0843 3804 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:43:12.0843 3804 WinUSB - ok
13:43:13.0000 3804 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:43:13.0000 3804 WpdUsb - ok
13:43:13.0078 3804 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
13:43:13.0093 3804 WsAudio_DeviceS(1) - ok
13:43:13.0109 3804 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
13:43:13.0125 3804 WsAudio_DeviceS(2) - ok
13:43:13.0156 3804 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
13:43:13.0156 3804 WsAudio_DeviceS(3) - ok
13:43:13.0218 3804 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
13:43:13.0218 3804 WsAudio_DeviceS(4) - ok
13:43:13.0250 3804 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
13:43:13.0250 3804 WsAudio_DeviceS(5) - ok
13:43:13.0328 3804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:43:13.0328 3804 WSTCODEC - ok
13:43:13.0406 3804 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:43:13.0421 3804 WudfPf - ok
13:43:13.0484 3804 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:43:13.0484 3804 WUDFRd - ok
13:43:13.0640 3804 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
13:43:13.0671 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:43:13.0671 3804 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:43:13.0718 3804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:43:13.0718 3804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:43:13.0765 3804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:43:14.0312 3804 \Device\Harddisk1\DR1 - ok
13:43:14.0343 3804 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
13:43:14.0484 3804 \Device\Harddisk2\DR4 - ok
13:43:14.0515 3804 Boot (0x1200) (ae7ff9e8f8aa0360eb6b64ac8b70a340) \Device\Harddisk0\DR0\Partition0
13:43:14.0515 3804 \Device\Harddisk0\DR0\Partition0 - ok
13:43:14.0531 3804 Boot (0x1200) (f5752831df1d054880a78d253d2a9684) \Device\Harddisk1\DR1\Partition0
13:43:14.0531 3804 \Device\Harddisk1\DR1\Partition0 - ok
13:43:14.0562 3804 Boot (0x1200) (f972a37b21a6348dcfc7ecb86bc84923) \Device\Harddisk2\DR4\Partition0
13:43:14.0562 3804 \Device\Harddisk2\DR4\Partition0 - ok
13:43:14.0578 3804 ============================================================
13:43:14.0578 3804 Scan finished
13:43:14.0578 3804 ============================================================
13:43:14.0656 3232 Detected object count: 3
13:43:14.0656 3232 Actual detected object count: 3
13:45:06.0656 3232 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:45:06.0656 3232 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:45:07.0453 3232 \Device\Harddisk0\DR0\# - copied to quarantine
13:45:07.0453 3232 \Device\Harddisk0\DR0 - copied to quarantine
13:45:07.0531 3232 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:45:07.0531 3232 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:45:07.0546 3232 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:45:07.0546 3232 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:45:07.0546 3232 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:45:07.0562 3232 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:45:07.0578 3232 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:45:07.0578 3232 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:45:07.0593 3232 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:45:07.0656 3232 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:45:07.0687 3232 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:45:07.0703 3232 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:45:07.0734 3232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:45:07.0734 3232 \Device\Harddisk0\DR0 - ok
13:45:12.0187 3232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:45:12.0187 3232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:45:12.0187 3232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:45:17.0015 3744 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 22 February 2012 - 02:04 PM

13:45:12.0187 3232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run TDSSkiller once and make sure to DELETE -TDSSfile system-do not skip it
sptd.sys is safe and it can be skipped

Post the new TDSSkiller log

You should be able to boot into normal mode now

I will wait for other logs

#5 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 February 2012 - 02:22 PM

Here is the second log. Running Gamer now.

14:24:36.0515 3060 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:24:37.0062 3060 ============================================================
14:24:37.0062 3060 Current date / time: 2012/02/22 14:24:37.0062
14:24:37.0062 3060 SystemInfo:
14:24:37.0062 3060
14:24:37.0062 3060 OS Version: 5.1.2600 ServicePack: 3.0
14:24:37.0062 3060 Product type: Workstation
14:24:37.0062 3060 ComputerName: BOSS
14:24:37.0062 3060 UserName: Rich
14:24:37.0062 3060 Windows directory: C:\WINDOWS
14:24:37.0062 3060 System windows directory: C:\WINDOWS
14:24:37.0062 3060 Processor architecture: Intel x86
14:24:37.0062 3060 Number of processors: 1
14:24:37.0062 3060 Page size: 0x1000
14:24:37.0062 3060 Boot type: Normal boot
14:24:37.0062 3060 ============================================================
14:24:39.0843 3060 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:24:39.0859 3060 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:24:39.0875 3060 \Device\Harddisk0\DR0:
14:24:39.0875 3060 MBR used
14:24:39.0875 3060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
14:24:39.0875 3060 \Device\Harddisk1\DR1:
14:24:39.0890 3060 MBR used
14:24:39.0890 3060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:24:40.0109 3060 Initialize success
14:24:40.0109 3060 ============================================================
14:25:47.0390 4080 ============================================================
14:25:47.0390 4080 Scan started
14:25:47.0390 4080 Mode: Manual; TDLFS;
14:25:47.0390 4080 ============================================================
14:25:47.0718 4080 Abiosdsk - ok
14:25:47.0750 4080 abp480n5 - ok
14:25:47.0796 4080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:25:47.0796 4080 ACPI - ok
14:25:47.0843 4080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:25:47.0843 4080 ACPIEC - ok
14:25:47.0875 4080 adpu160m - ok
14:25:47.0921 4080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:25:47.0921 4080 aec - ok
14:25:47.0968 4080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:25:47.0984 4080 AFD - ok
14:25:48.0062 4080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:25:48.0062 4080 agp440 - ok
14:25:48.0093 4080 Aha154x - ok
14:25:48.0109 4080 aic78u2 - ok
14:25:48.0140 4080 aic78xx - ok
14:25:48.0156 4080 akqim - ok
14:25:48.0234 4080 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
14:25:48.0250 4080 aksfridge - ok
14:25:48.0281 4080 AliIde - ok
14:25:48.0312 4080 amsint - ok
14:25:48.0359 4080 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
14:25:48.0359 4080 AnyDVD - ok
14:25:48.0406 4080 asc - ok
14:25:48.0421 4080 asc3350p - ok
14:25:48.0453 4080 asc3550 - ok
14:25:48.0531 4080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:25:48.0531 4080 AsyncMac - ok
14:25:48.0562 4080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:25:48.0562 4080 atapi - ok
14:25:48.0578 4080 Atdisk - ok
14:25:48.0625 4080 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:25:48.0656 4080 ati2mtag - ok
14:25:48.0687 4080 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
14:25:48.0703 4080 atinrvxx - ok
14:25:48.0734 4080 ATITUNEP (edd66332608d27f4fd5069bcd0bc5164) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
14:25:48.0734 4080 ATITUNEP - ok
14:25:48.0765 4080 ativraxx (da36687d701c833430605a298731410b) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
14:25:48.0765 4080 ativraxx - ok
14:25:48.0796 4080 ATIXSAudio (77b575d7aab35d5908ae6ce681608d62) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
14:25:48.0796 4080 ATIXSAudio - ok
14:25:48.0828 4080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:25:48.0843 4080 Atmarpc - ok
14:25:48.0890 4080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:25:48.0890 4080 audstub - ok
14:25:48.0937 4080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:25:48.0937 4080 Beep - ok
14:25:49.0078 4080 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
14:25:49.0109 4080 BHDrvx86 - ok
14:25:49.0156 4080 btaudio - ok
14:25:49.0171 4080 BTCFilterService - ok
14:25:49.0203 4080 BTDriver - ok
14:25:49.0234 4080 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:25:49.0234 4080 BthEnum - ok
14:25:49.0265 4080 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
14:25:49.0281 4080 BTHMODEM - ok
14:25:49.0312 4080 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:25:49.0312 4080 BthPan - ok
14:25:49.0359 4080 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
14:25:49.0375 4080 BTHPORT - ok
14:25:49.0406 4080 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:25:49.0406 4080 BTHUSB - ok
14:25:49.0437 4080 BTWDNDIS - ok
14:25:49.0453 4080 btwhid - ok
14:25:49.0531 4080 catchme - ok
14:25:49.0578 4080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:49.0578 4080 cbidf2k - ok
14:25:49.0625 4080 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:25:49.0625 4080 CCDECODE - ok
14:25:49.0703 4080 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
14:25:49.0703 4080 ccSet_NIS - ok
14:25:49.0734 4080 cd20xrnt - ok
14:25:49.0781 4080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:49.0781 4080 Cdaudio - ok
14:25:49.0812 4080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:49.0812 4080 Cdfs - ok
14:25:49.0859 4080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:49.0875 4080 Cdrom - ok
14:25:49.0890 4080 Changer - ok
14:25:49.0937 4080 CmdIde - ok
14:25:49.0968 4080 Cpqarray - ok
14:25:50.0062 4080 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
14:25:50.0062 4080 ctsfm2k - ok
14:25:50.0093 4080 dac2w2k - ok
14:25:50.0109 4080 dac960nt - ok
14:25:50.0171 4080 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
14:25:50.0187 4080 dgderdrv - ok
14:25:50.0234 4080 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:25:50.0265 4080 dg_ssudbus - ok
14:25:50.0312 4080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:50.0328 4080 Disk - ok
14:25:50.0375 4080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:25:50.0406 4080 dmboot - ok
14:25:50.0437 4080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:25:50.0437 4080 dmio - ok
14:25:50.0468 4080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:25:50.0468 4080 dmload - ok
14:25:50.0515 4080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:25:50.0515 4080 DMusic - ok
14:25:50.0546 4080 dpti2o - ok
14:25:50.0578 4080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:50.0578 4080 drmkaud - ok
14:25:50.0625 4080 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:25:50.0625 4080 E100B - ok
14:25:50.0703 4080 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:25:50.0718 4080 eeCtrl - ok
14:25:50.0750 4080 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:25:50.0765 4080 ElbyCDIO - ok
14:25:50.0765 4080 EraserUtilDrv11122 - ok
14:25:50.0796 4080 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:25:50.0796 4080 EraserUtilRebootDrv - ok
14:25:50.0843 4080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:50.0859 4080 Fastfat - ok
14:25:50.0890 4080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:50.0890 4080 Fdc - ok
14:25:50.0921 4080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:25:50.0937 4080 Fips - ok
14:25:50.0968 4080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:50.0968 4080 Flpydisk - ok
14:25:51.0000 4080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:25:51.0015 4080 FltMgr - ok
14:25:51.0078 4080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:51.0078 4080 Fs_Rec - ok
14:25:51.0109 4080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:51.0109 4080 Ftdisk - ok
14:25:51.0140 4080 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:25:51.0140 4080 gameenum - ok
14:25:51.0171 4080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:25:51.0171 4080 GEARAspiWDM - ok
14:25:51.0218 4080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:51.0218 4080 Gpc - ok
14:25:51.0281 4080 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
14:25:51.0296 4080 Hardlock - ok
14:25:51.0343 4080 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
14:25:51.0343 4080 Haspnt - ok
14:25:51.0406 4080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:51.0406 4080 HidUsb - ok
14:25:51.0437 4080 hpn - ok
14:25:51.0500 4080 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:25:51.0500 4080 HPZid412 - ok
14:25:51.0531 4080 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:25:51.0531 4080 HPZipr12 - ok
14:25:51.0562 4080 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:25:51.0578 4080 HPZius12 - ok
14:25:51.0625 4080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:51.0640 4080 HTTP - ok
14:25:51.0671 4080 i2omgmt - ok
14:25:51.0687 4080 i2omp - ok
14:25:51.0718 4080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:51.0718 4080 i8042prt - ok
14:25:51.0765 4080 IDMTDI (d890bcc3070242f6ba34744bba756152) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
14:25:51.0781 4080 IDMTDI - ok
14:25:51.0953 4080 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120218.003\IDSxpx86.sys
14:25:51.0968 4080 IDSxpx86 - ok
14:25:52.0000 4080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:52.0000 4080 Imapi - ok
14:25:52.0062 4080 ini910u - ok
14:25:52.0093 4080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:52.0093 4080 IntelIde - ok
14:25:52.0140 4080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:25:52.0140 4080 intelppm - ok
14:25:52.0187 4080 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:25:52.0187 4080 ip6fw - ok
14:25:52.0234 4080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:52.0234 4080 IpFilterDriver - ok
14:25:52.0296 4080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:52.0328 4080 IpInIp - ok
14:25:52.0468 4080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:52.0484 4080 IpNat - ok
14:25:52.0546 4080 iPodDrv - ok
14:25:52.0656 4080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:52.0656 4080 IPSec - ok
14:25:52.0703 4080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:52.0703 4080 IRENUM - ok
14:25:52.0875 4080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:52.0875 4080 isapnp - ok
14:25:52.0921 4080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:52.0921 4080 Kbdclass - ok
14:25:53.0000 4080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:25:53.0000 4080 kbdhid - ok
14:25:53.0125 4080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:25:53.0140 4080 kmixer - ok
14:25:53.0203 4080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:53.0218 4080 KSecDD - ok
14:25:53.0250 4080 lbrtfdc - ok
14:25:53.0312 4080 libusb0 (05c10e70b437841f31e1bfa8812895ba) C:\WINDOWS\system32\DRIVERS\libusb0.sys
14:25:53.0312 4080 libusb0 - ok
14:25:53.0390 4080 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:25:53.0437 4080 MBAMProtector - ok
14:25:53.0515 4080 MCSTRM - ok
14:25:53.0562 4080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:53.0562 4080 mnmdd - ok
14:25:53.0625 4080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:25:53.0625 4080 Modem - ok
14:25:53.0656 4080 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
14:25:53.0656 4080 motandroidusb - ok
14:25:53.0687 4080 motccgp - ok
14:25:53.0703 4080 motccgpfl - ok
14:25:53.0734 4080 MotDev - ok
14:25:53.0750 4080 motmodem - ok
14:25:53.0781 4080 MotoSwitchService - ok
14:25:53.0812 4080 Motousbnet - ok
14:25:53.0828 4080 motusbdevice - ok
14:25:53.0875 4080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:53.0890 4080 Mouclass - ok
14:25:53.0937 4080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:53.0937 4080 mouhid - ok
14:25:53.0953 4080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:53.0968 4080 MountMgr - ok
14:25:53.0984 4080 mraid35x - ok
14:25:54.0062 4080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:54.0078 4080 MRxDAV - ok
14:25:54.0125 4080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:54.0156 4080 MRxSmb - ok
14:25:54.0203 4080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:25:54.0203 4080 Msfs - ok
14:25:54.0234 4080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:54.0234 4080 MSKSSRV - ok
14:25:54.0265 4080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:54.0281 4080 MSPCLOCK - ok
14:25:54.0296 4080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:54.0312 4080 MSPQM - ok
14:25:54.0328 4080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:54.0328 4080 mssmbios - ok
14:25:54.0390 4080 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:25:54.0390 4080 MSTEE - ok
14:25:54.0437 4080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:25:54.0437 4080 Mup - ok
14:25:54.0484 4080 MVDCODEC (ed4c2bf8403f4437987c0ba09cf48716) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
14:25:54.0484 4080 MVDCODEC - ok
14:25:54.0531 4080 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:25:54.0531 4080 NABTSFEC - ok
14:25:54.0718 4080 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120222.001\NAVENG.SYS
14:25:54.0718 4080 NAVENG - ok
14:25:54.0781 4080 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120222.001\NAVEX15.SYS
14:25:54.0828 4080 NAVEX15 - ok
14:25:54.0875 4080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:25:54.0890 4080 NDIS - ok
14:25:54.0921 4080 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:25:54.0921 4080 NdisIP - ok
14:25:54.0968 4080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:54.0968 4080 NdisTapi - ok
14:25:55.0000 4080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:55.0000 4080 Ndisuio - ok
14:25:55.0093 4080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:55.0093 4080 NdisWan - ok
14:25:55.0125 4080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:55.0140 4080 NDProxy - ok
14:25:55.0187 4080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:55.0187 4080 NetBIOS - ok
14:25:55.0234 4080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:55.0234 4080 NetBT - ok
14:25:55.0312 4080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:25:55.0312 4080 Npfs - ok
14:25:55.0359 4080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:55.0390 4080 Ntfs - ok
14:25:55.0437 4080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:25:55.0437 4080 Null - ok
14:25:55.0515 4080 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:25:55.0578 4080 nv - ok
14:25:55.0640 4080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:55.0640 4080 NwlnkFlt - ok
14:25:55.0671 4080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:55.0671 4080 NwlnkFwd - ok
14:25:55.0703 4080 onsneo - ok
14:25:55.0765 4080 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
14:25:55.0765 4080 ossrv - ok
14:25:55.0859 4080 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
14:25:55.0875 4080 P16X - ok
14:25:55.0921 4080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:55.0937 4080 Parport - ok
14:25:55.0968 4080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:55.0984 4080 PartMgr - ok
14:25:56.0015 4080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:56.0015 4080 ParVdm - ok
14:25:56.0062 4080 PCDCODEC (e90ac2b14e98f1a4372e5891b4278784) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
14:25:56.0062 4080 PCDCODEC - ok
14:25:56.0109 4080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:56.0125 4080 PCI - ok
14:25:56.0140 4080 PCIDump - ok
14:25:56.0187 4080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:56.0187 4080 PCIIde - ok
14:25:56.0234 4080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:25:56.0234 4080 Pcmcia - ok
14:25:56.0265 4080 PDCOMP - ok
14:25:56.0281 4080 PDFRAME - ok
14:25:56.0312 4080 PDRELI - ok
14:25:56.0328 4080 PDRFRAME - ok
14:25:56.0359 4080 perc2 - ok
14:25:56.0390 4080 perc2hib - ok
14:25:56.0437 4080 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
14:25:56.0437 4080 PfModNT - ok
14:25:56.0484 4080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:56.0500 4080 PptpMiniport - ok
14:25:56.0515 4080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:25:56.0515 4080 Processor - ok
14:25:56.0546 4080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:56.0562 4080 PSched - ok
14:25:56.0625 4080 pssnap (830b3ac88cf4ab9547f9ba484037819b) C:\WINDOWS\system32\DRIVERS\pssnap.sys
14:25:56.0625 4080 pssnap - ok
14:25:56.0671 4080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:56.0671 4080 Ptilink - ok
14:25:56.0718 4080 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:56.0734 4080 PxHelp20 - ok
14:25:56.0750 4080 ql1080 - ok
14:25:56.0781 4080 Ql10wnt - ok
14:25:56.0796 4080 ql12160 - ok
14:25:56.0828 4080 ql1240 - ok
14:25:56.0843 4080 ql1280 - ok
14:25:56.0890 4080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:56.0890 4080 RasAcd - ok
14:25:56.0921 4080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:56.0921 4080 Rasl2tp - ok
14:25:56.0968 4080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:56.0968 4080 RasPppoe - ok
14:25:57.0000 4080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:57.0000 4080 Raspti - ok
14:25:57.0062 4080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:57.0062 4080 Rdbss - ok
14:25:57.0093 4080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:57.0093 4080 RDPCDD - ok
14:25:57.0125 4080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:25:57.0140 4080 rdpdr - ok
14:25:57.0203 4080 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:57.0203 4080 RDPWD - ok
14:25:57.0234 4080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:57.0234 4080 redbook - ok
14:25:57.0296 4080 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:25:57.0296 4080 RFCOMM - ok
14:25:57.0375 4080 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:25:57.0375 4080 RTL8023xp - ok
14:25:57.0421 4080 SABProcEnum - ok
14:25:57.0515 4080 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:25:57.0515 4080 SASKUTIL - ok
14:25:57.0562 4080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:57.0562 4080 Secdrv - ok
14:25:57.0625 4080 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
14:25:57.0640 4080 Sentinel - ok
14:25:57.0671 4080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:57.0671 4080 serenum - ok
14:25:57.0703 4080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:57.0703 4080 Serial - ok
14:25:57.0765 4080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:57.0781 4080 Sfloppy - ok
14:25:57.0812 4080 Simbad - ok
14:25:57.0875 4080 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:25:57.0875 4080 SLIP - ok
14:25:57.0921 4080 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
14:25:57.0921 4080 Sntnlusb - ok
14:25:57.0953 4080 Sparrow - ok
14:25:57.0968 4080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:25:57.0968 4080 splitter - ok
14:25:58.0078 4080 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
14:25:58.0078 4080 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
14:25:58.0078 4080 sptd ( LockedFile.Multi.Generic ) - warning
14:25:58.0078 4080 sptd - detected LockedFile.Multi.Generic (1)
14:25:58.0125 4080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:58.0125 4080 sr - ok
14:25:58.0218 4080 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS
14:25:58.0234 4080 SRTSP - ok
14:25:58.0265 4080 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
14:25:58.0265 4080 SRTSPX - ok
14:25:58.0312 4080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:58.0328 4080 Srv - ok
14:25:58.0375 4080 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:25:58.0390 4080 ssudmdm - ok
14:25:58.0437 4080 st3wolf (1e9a652d898cc96038e5e5554f79c49f) C:\WINDOWS\system32\DRIVERS\st3wolf.sys
14:25:58.0437 4080 st3wolf - ok
14:25:58.0484 4080 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:25:58.0484 4080 streamip - ok
14:25:58.0531 4080 stwlfbus (24e09d134304fbc605626fced3e4cb50) C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
14:25:58.0531 4080 stwlfbus - ok
14:25:58.0593 4080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:58.0593 4080 swenum - ok
14:25:58.0640 4080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:25:58.0640 4080 swmidi - ok
14:25:58.0671 4080 symc810 - ok
14:25:58.0703 4080 symc8xx - ok
14:25:58.0750 4080 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
14:25:58.0765 4080 SymDS - ok
14:25:58.0828 4080 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
14:25:58.0843 4080 SymEFA - ok
14:25:58.0906 4080 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:25:58.0921 4080 SymEvent - ok
14:25:58.0937 4080 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
14:25:58.0953 4080 SymIRON - ok
14:25:58.0984 4080 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS
14:25:59.0000 4080 SYMTDI - ok
14:25:59.0031 4080 sym_hi - ok
14:25:59.0046 4080 sym_u3 - ok
14:25:59.0093 4080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:59.0093 4080 sysaudio - ok
14:25:59.0171 4080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:25:59.0187 4080 Tcpip - ok
14:25:59.0234 4080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:25:59.0234 4080 TDPIPE - ok
14:25:59.0281 4080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:25:59.0281 4080 TDTCP - ok
14:25:59.0328 4080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:25:59.0328 4080 TermDD - ok
14:25:59.0406 4080 thdudf (9d4bbd6e27b5562aea8295de7134e386) C:\WINDOWS\system32\DRIVERS\thdudf.sys
14:25:59.0406 4080 thdudf - ok
14:25:59.0453 4080 TosIde - ok
14:25:59.0484 4080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:25:59.0484 4080 Udfs - ok
14:25:59.0515 4080 ultra - ok
14:25:59.0578 4080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:25:59.0593 4080 Update - ok
14:25:59.0640 4080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:25:59.0640 4080 USBAAPL - ok
14:25:59.0687 4080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:25:59.0687 4080 usbccgp - ok
14:25:59.0718 4080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:25:59.0718 4080 usbehci - ok
14:25:59.0750 4080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:25:59.0765 4080 usbhub - ok
14:25:59.0796 4080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:25:59.0796 4080 usbprint - ok
14:25:59.0843 4080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:25:59.0843 4080 usbscan - ok
14:25:59.0875 4080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:25:59.0875 4080 USBSTOR - ok
14:25:59.0906 4080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:25:59.0906 4080 usbuhci - ok
14:25:59.0953 4080 vdiskbus (d1528fa039ff71779a3ea6296f746a23) C:\WINDOWS\system32\DRIVERS\vdiskbus.sys
14:25:59.0953 4080 vdiskbus - ok
14:25:59.0984 4080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:25:59.0984 4080 VgaSave - ok
14:26:00.0000 4080 ViaIde - ok
14:26:00.0078 4080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:00.0078 4080 VolSnap - ok
14:26:00.0140 4080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:00.0156 4080 Wanarp - ok
14:26:00.0203 4080 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:26:00.0218 4080 Wdf01000 - ok
14:26:00.0250 4080 WDICA - ok
14:26:00.0296 4080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:00.0296 4080 wdmaud - ok
14:26:00.0390 4080 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:26:00.0390 4080 WinUSB - ok
14:26:00.0468 4080 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:26:00.0468 4080 WpdUsb - ok
14:26:00.0515 4080 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
14:26:00.0531 4080 WsAudio_DeviceS(1) - ok
14:26:00.0546 4080 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
14:26:00.0546 4080 WsAudio_DeviceS(2) - ok
14:26:00.0593 4080 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
14:26:00.0593 4080 WsAudio_DeviceS(3) - ok
14:26:00.0625 4080 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
14:26:00.0625 4080 WsAudio_DeviceS(4) - ok
14:26:00.0656 4080 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
14:26:00.0656 4080 WsAudio_DeviceS(5) - ok
14:26:00.0718 4080 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:26:00.0718 4080 WSTCODEC - ok
14:26:00.0781 4080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:26:00.0781 4080 WudfPf - ok
14:26:00.0812 4080 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
14:26:00.0812 4080 WUDFRd - ok
14:26:00.0875 4080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:26:01.0500 4080 \Device\Harddisk0\DR0 - ok
14:26:01.0515 4080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:26:02.0000 4080 \Device\Harddisk1\DR1 - ok
14:26:02.0015 4080 Boot (0x1200) (ae7ff9e8f8aa0360eb6b64ac8b70a340) \Device\Harddisk0\DR0\Partition0
14:26:02.0015 4080 \Device\Harddisk0\DR0\Partition0 - ok
14:26:02.0015 4080 Boot (0x1200) (f5752831df1d054880a78d253d2a9684) \Device\Harddisk1\DR1\Partition0
14:26:02.0031 4080 \Device\Harddisk1\DR1\Partition0 - ok
14:26:02.0031 4080 ============================================================
14:26:02.0031 4080 Scan finished
14:26:02.0031 4080 ============================================================
14:26:02.0062 2928 Detected object count: 1
14:26:02.0062 2928 Actual detected object count: 1
14:26:42.0406 2928 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:26:42.0406 2928 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:26:44.0953 2492 Deinitialize success

#6 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 February 2012 - 03:19 PM

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-22 14:57:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKB-00H8A0 rev.05.04E05
Running: h3zqynks.exe; Driver: C:\DOCUME~1\Rich\LOCALS~1\Temp\pxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT 877401B8 ZwAlertResumeThread
SSDT 8773F4E0 ZwAlertThread
SSDT 872FB4F8 ZwAllocateVirtualMemory
SSDT 87749108 ZwAssignProcessToJobObject
SSDT 8654D750 ZwConnectPort
SSDT 86ACE808 ZwCreateMutant
SSDT 85FDD470 ZwCreateSymbolicLinkObject
SSDT 8724FD30 ZwCreateThread
SSDT 8768C348 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF4E1BFC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF4E1C680]
SSDT 86A8AE88 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xF76ACE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF76AD1BA]
SSDT 872FD498 ZwFreeVirtualMemory
SSDT 87740060 ZwImpersonateAnonymousToken
SSDT 877282B8 ZwImpersonateThread
SSDT 86480CB8 ZwLoadDriver
SSDT 87249608 ZwMapViewOfSection
SSDT 873EF290 ZwOpenEvent
SSDT 872F3F80 ZwOpenProcess
SSDT 8730AB00 ZwOpenProcessToken
SSDT 873F2B28 ZwOpenSection
SSDT 86A781B8 ZwOpenThread
SSDT 85FF1D60 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xF76AD292]
SSDT sptd.sys ZwQueryValueKey [0xF76AD112]
SSDT 87301210 ZwResumeThread
SSDT 87307698 ZwSetContextThread
SSDT 86A57300 ZwSetInformationProcess
SSDT 873F2C00 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF4E1C910]
SSDT 873F0BA0 ZwSuspendProcess
SSDT 8724E0E0 ZwSuspendThread
SSDT 87258E68 ZwTerminateProcess
SSDT 87302870 ZwTerminateThread
SSDT 87307AE0 ZwUnmapViewOfSection
SSDT 873DC008 ZwWriteVirtualMemory
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7571] ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7576]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7576] ZwOpenKey [0x804D7576]

INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F2CAA16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F2CA9FC2

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E275C 3 Bytes [71, 75, 4D] {JNO 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL D667AE15
.text ntoskrnl.exe!_abnormal_termination + 228 804E2894 3 Bytes [76, 75, 4D] {JBE 0x77; DEC EBP}
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F65348AC 5 Bytes JMP 872EA578
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xF29EE000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xF2A43224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xF2A43000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xF2935400, 0x6E1B2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xF29BF220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xF29BF220]
.protect˙˙˙˙hardlockunknown last code section [0xF29BF000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xF29BF000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2020] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F76BD886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76BD832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76DF892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F76BD886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76A7AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76A7C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76A7B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76A8748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76A861E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76BCACA] sptd.sys

---- Devices - GMER 1.0.15 ----

Device 877631E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 858A77A0
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 872751E8
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 87391598
Device \Driver\usbuhci \Device\USBPDO-1 87391598
Device \Driver\dmio \Device\DmControl\DmIoDaemon 877D11E8
Device \Driver\dmio \Device\DmControl\DmConfig 877D11E8
Device \Driver\dmio \Device\DmControl\DmPnP 877D11E8
Device \Driver\dmio \Device\DmControl\DmInfo 877D11E8
Device \Driver\usbuhci \Device\USBPDO-2 87391598
Device \Driver\NetBT \Device\NetBT_Tcpip_{A1CEDA1A-FF51-4AD6-8430-809F40233C6E} 860021E8
Device \Driver\usbehci \Device\USBPDO-3 873821E8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 877651E8
Device \Driver\Cdrom \Device\CdRom0 872451E8
Device \Driver\Cdrom \Device\CdRom0 87338010
Device \Driver\Ftdisk \Device\HarddiskVolume2 877651E8
Device \Driver\atapi \Device\Ide\IdePort0 [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 87232518
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 87232518
Device \Driver\atapi \Device\Ide\IdePort1 [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 87232518
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 87232518
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 87232518
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F75FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 87232518
Device \Driver\Cdrom \Device\CdRom1 872451E8
Device \Driver\Cdrom \Device\CdRom1 87338010
Device \Driver\Cdrom \Device\CdRom2 872451E8
Device \Driver\Cdrom \Device\CdRom2 87338010
Device \Driver\NetBT \Device\NetBt_Wins_Export 860021E8
Device \Driver\NetBT \Device\NetbiosSmb 860021E8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)

Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\usbuhci \Device\USBFDO-0 87391598
Device \Driver\usbuhci \Device\USBFDO-1 87391598
Device \Driver\usbuhci \Device\USBFDO-2 87391598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86549398
Device \Driver\usbehci \Device\USBFDO-3 873821E8
Device 86549398
Device \Driver\Ftdisk \Device\FtControl 877651E8
Device \Driver\st3wolf \Device\Scsi\st3wolf1 8727C7A0
Device \Driver\st3wolf \Device\Scsi\st3wolf1 869FB328
Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 8727C7A0
Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 869FB328

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xCF 0x08 0x58 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xF4 0xBA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC3 0xF8 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f16f07 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f16f07@001fe3c3f127 0x1D 0x38 0x8C 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xCF 0x08 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xF4 0xBA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC3 0xF8 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xCF 0x08 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xF4 0xBA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC3 0xF8 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f16f07
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f16f07@001fe3c3f127 0x1D 0x38 0x8C 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xCF 0x08 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xF4 0xBA 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC3 0xF8 0x70 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001583f16f07 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001583f16f07@001fe3c3f127 0x1D 0x38 0x8C 0x19 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xCF 0x08 0x58 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xF4 0xBA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1C 0xC3 0xF8 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xCF 0x89 0xD1 0x7B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{62d5a59d-2aca-45eb-9a20-bd218585c959}@Model 173
Reg HKLM\SOFTWARE\Classes\CLSID\{62d5a59d-2aca-45eb-9a20-bd218585c959}@Therad 29
Reg HKLM\SOFTWARE\Classes\CLSID\{62d5a59d-2aca-45eb-9a20-bd218585c959}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xBC 0xC7 0xDE 0xFB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{b6863c0e-bb55-434d-b255-38c5ea0bdffc}@Model 174
Reg HKLM\SOFTWARE\Classes\CLSID\{b6863c0e-bb55-434d-b255-38c5ea0bdffc}@Therad 21
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4D73FF7-2501-12B7-E97C-16D75FE72D4E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4D73FF7-2501-12B7-E97C-16D75FE72D4E}@iaiflhnmbnlnbipfkc 0x69 0x61 0x63 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4D73FF7-2501-12B7-E97C-16D75FE72D4E}@hakfngedhbncfhpj 0x6A 0x61 0x63 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4D73FF7-2501-12B7-E97C-16D75FE72D4E}@gadgiafblhfkpm 0x61 0x63 0x6F 0x63 ...


---- EOF - GMER 1.0.15 ----

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 22 February 2012 - 04:06 PM

aswmbr?

#8 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 22 February 2012 - 04:38 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 15:24:23
-----------------------------
15:24:23.046 OS Version: Windows 5.1.2600 Service Pack 3
15:24:23.046 Number of processors: 1 586 0x207
15:24:23.046 ComputerName: BOSS UserName: Rich
15:24:25.140 Initialize success
15:29:45.328 AVAST engine defs: 12022200
15:29:57.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:29:57.515 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
15:29:57.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
15:29:57.515 Disk 1 Vendor: ST3160812A 3.AAJ Size: 152627MB BusType: 3
15:29:57.531 Disk 0 MBR read successfully
15:29:57.546 Disk 0 MBR scan
15:29:57.578 Disk 0 Windows XP default MBR code
15:29:57.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
15:29:57.593 Disk 0 scanning sectors +976752000
15:29:57.687 Disk 0 scanning C:\WINDOWS\system32\drivers
15:30:12.000 Service scanning
15:30:32.703 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:30:37.671 Modules scanning
15:30:48.109 Disk 0 trace - called modules:
15:30:48.140 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86bc3630]<<
15:30:48.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877cfab8]
15:30:48.140 3 CLASSPNP.SYS[f77effd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x87719d98]
15:30:48.140 \Driver\atapi[0x8774cd20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86bc3630
15:30:50.390 AVAST engine scan C:\WINDOWS
15:31:06.968 AVAST engine scan C:\WINDOWS\system32
15:34:18.906 AVAST engine scan C:\WINDOWS\system32\drivers
15:34:39.953 AVAST engine scan C:\Documents and Settings\Rich
15:44:11.109 AVAST engine scan C:\Documents and Settings\All Users
16:23:23.421 Scan finished successfully
16:31:29.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rich\Desktop\MBR.dat"
16:31:29.546 The log file has been saved successfully to "C:\Documents and Settings\Rich\Desktop\aswMBR.txt"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 22 February 2012 - 04:47 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#10 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 23 February 2012 - 09:59 AM

Good Morning,

Ran Malwarebytes once, cleaned and ran a second time and nothing.

Ran the ESET Scanner and cleaned the program is still up (I didn't know if I should uninstall and delete quarantined items or not?)

Also ESET deleteted a couple of files that are needed, actually they were in two locations. I do need the gingerbreak and the psneuter exploilts in the Droidx stuff folders,the last two files in the list.C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RGBLD2DM\field[1].swf SWF/Exploit.Blacole.AA trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UBCHGYQ2\624e268643be9dea42e2ab748b1a3b9b[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\13GHECA0\field[1].swf SWF/Exploit.Blacole.AA trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\13GHECA0\jeraemma_info[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\System Volume Information\_restore{519268D6-84AE-4379-BD70-11F93EC85311}\RP141\A0065774.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_13.41.44\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.02.2012_14.14.12\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\~ DroidX Stuff\SuperOneClick v2.2 - Root Android Phone\Exploits\GingerBreak Linux/Exploit.Lotoor.AF trojan cleaned by deleting - quarantined
C:\~ DroidX Stuff\SuperOneClick v2.2 - Root Android Phone\Exploits\psneuter Linux/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\~ DroidX Stuff\~ TOOLS ~\SuperOneClickv1.9.1-ShortFuse.Drivers\Exploits\GingerBreak Linux/Exploit.Lotoor.AF trojan cleaned by deleting - quarantined
C:\~ DroidX Stuff\~ TOOLS ~\SuperOneClickv1.9.1-ShortFuse.Drivers\Exploits\psneuter Linux/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined



------------------------------------------------------------
------------------------------------------------------------

Mini Toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Rich (administrator) on 23-02-2012 at 09:49:39
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : boss Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-1E-2A-B3-81-B5 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Wednesday, February 22, 2012 10:28:36 PM Lease Expires . . . . . . . . . . : Thursday, February 23, 2012 10:28:36 PMServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.100, 74.125.225.96, 74.125.225.103, 74.125.225.104
74.125.225.105, 74.125.225.102, 74.125.225.99, 74.125.225.98, 74.125.225.110
74.125.225.101, 74.125.225.97

Pinging google.com [74.125.225.137] with 32 bytes of data:Reply from 74.125.225.137: bytes=32 time=21ms TTL=49Reply from 74.125.225.137: bytes=32 time=19ms TTL=49Ping statistics for 74.125.225.137: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 19ms, Maximum = 21ms, Average = 20msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.127.62, 98.139.183.24, 209.191.122.70

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=487ms TTL=45Reply from 98.139.183.24: bytes=32 time=500ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 487ms, Maximum = 500ms, Average = 493msServer: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 2a b3 81 b5 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 10
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 10
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 10
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/22/2012 10:30:52 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/22/2012 05:36:03 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/22/2012 03:20:59 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/22/2012 02:19:58 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/22/2012 02:19:07 PM) (Source: MSSQL$MYMOVIES) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 192.168.1.2]

Error: (02/22/2012 01:49:38 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/21/2012 08:49:17 PM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/20/2012 07:56:58 PM) (Source: MBAMService) (User: )
Description: MBAMService2012/02/20 19:56:58 -0500 BOSS Rich IP-BLOCK 141.136.16.77 (Type: outgoing)

Error: (02/20/2012 07:52:08 PM) (Source: MBAMService) (User: )
Description: MBAMService2012/02/20 19:52:07 -0500 BOSS Rich IP-BLOCK 141.136.16.77 (Type: outgoing)

Error: (02/20/2012 09:59:41 AM) (Source: SamsungAllShareV2.0) (User: )
Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()
at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
at AllShareDMS.AllShareDMS.DoStart()
at AllShareDMS.AllShareDMS.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (02/22/2012 10:32:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (02/22/2012 10:32:12 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (02/22/2012 10:30:03 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (02/22/2012 10:30:03 PM) (Source: Service Control Manager) (User: )
Description: The LEC TranslateDotNet Server service failed to start due to the following error:
%%3

Error: (02/22/2012 10:30:03 PM) (Source: Service Control Manager) (User: )
Description: The iPodDrv service failed to start due to the following error:
%%2

Error: (02/22/2012 10:30:03 PM) (Source: Service Control Manager) (User: )
Description: The AST Service service failed to start due to the following error:
%%2

Error: (02/22/2012 10:28:58 PM) (Source: 0) (User: )
Description:

Error: (02/22/2012 10:28:58 PM) (Source: 0) (User: )
Description:

Error: (02/22/2012 05:37:29 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (02/22/2012 05:35:11 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.0)
7-Zip 9.20
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop Lightroom 3.2 (Version: 3.2.1)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
AI RoboForm (All Users)
AIO_Scan (Version: 100.0.206.000)
Amazon Kindle
Android (Version: 1.0.0)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
AnyDVD (Version: 7.0.0.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.11 (Unicode)
Auto-Do-It
AutoFX PhotoGraphic Edges 6
AutoFX Suites
BarBack
BarGenie 9.0
BayGenie eBay Auction Sniper Pro Edition 3.3.6.0 (Version: 3.3.6.0)
Bias Sound Soap 2 DX RTAS VST v2.01
BigOven (Version: 1.8.978)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
C8100 (Version: 100.0.206.000)
C8100_Help (Version: 100.0.206.000)
calibre (Version: 0.8.37)
CalorieKing Nutrition and Exercise Manager (remove only)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Chapter Master 1.2.6 (Version: 1.2.6)
CloneDVD2 (Version: 2.9.2.8)
CloneDVDmobile (Version: 1.7.1.0)
CollegeBAR 8.4
Compare It! (Version: 4.2)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ContentManager (Version: 0.5)
CoPilot Central 2.0 (Version: 2.3.0.16)
Copy (Version: 100.0.170.000)
CopyPod Suite (remove only)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Coupon Printer for Windows (Version: 5.0.0.0)
CP2101 USB to UART Bridge Controller Driver Set
CuteShield File Shredder
DAEMON Tools (Version: 3.33.0.0)
Daniusoft Media Converter Ultimate(Build 2.5.1.4)
DAO (Version: 3.5)
DepositFiles FileManager 0.9.9.206
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
Dfx (Version: 3.0)
DjVuLibre+DjView (Version: 3.5.21+4.4)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dropbox (Version: 1.2.51)
DVD Profiler Version 3.7.2
DxO Optics Pro 6 (Version: 6.1.1)
Easy Video Joiner 5.21
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Evernote (Version: 3.5.5.2672)
EZ Label Xpress Lite (Version: 1.00.0000)
Fax (Version: 100.0.187.000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Final Media Player 2011
FNC 11 Installer (Version: 11.06.0000)
Genuine Fractals 6.0.6 Professional Edition (Version: 6.0.6)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
Hallmark Card Studio 2011 Deluxe (Version: 12.0.0.37)
Hoyle Card Games 2011 (remove only)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
ICA (Version: 14.0.0.332)
ImageSizer (Version: 0.6.4)
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 (Version: 5.2.0.2)
Intel® PRO Ethernet Adapter and Software
Internet Download Manager (Version: 6.0.5.14)
IPM_PSP_COM (Version: 14.0.0.332)
iPod PC Transfer Suit 3.4 (Version: 3.4)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.2.4)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ SE Development Kit 6 Update 21 (Version: 1.6.0.210)
Jawbone Updater (Version: 0.1)
Jobber Computer Plus
LAME v3.98.2 for Audacity
LEAD Command Line Utils
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe Applications (Version: 1.18.5.1)
LightScribe Diagnostic Utility (Version: 1.18.6.1)
LightScribe System Software (Version: 1.18.24.1)
LightScribe Template Labeler (Version: 1.18.5.1)
LightZone 3.7
Living Cookbook 2011
Living Cookbook 2011 (Version: 3.0.34)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Macrium Reflect Professional Edition (Version: 5.0.4168)
Magic ISO Maker v5.4 (build 0245)
MakeMKV v1.6.16 (Version: v1.6.16)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarkAble 2.3.1 (Version: 2.3.1)
MasterCook 11 (Version: 1.10.0000)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MYMOVIES) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Management Studio Express (Version: 9.00.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Streets & Trips 2010 (Version: 17.0.19.2900)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0)
Microsoft WinUsb 1.0
MKV Converter Studio V2.0.1 (Version: 2.0.1)
MobileMe Control Panel (Version: 3.1.8.0)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
MOTOR / ALLDATA (Version: 10.20.1001.003)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MP3 Splitter & Joiner Pro 4.21
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 (Version: 4.20.9818.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
My Movies Collection Management (Version: 4.0.2.100)
MyFreeCodec
Mystical (Version: 2.00.0000)
NAVIGON Fresh 3.4.1 (Version: 3.4.1)
Nero 7 Ultra Edition (Version: 7.02.6445)
neroxml (Version: 1.0.0)
Nitro PDF Professional (Version: 6.2.3.6)
Norton Internet Security (Version: 19.5.0.145)
Nuance OmniPage 17 (Version: 17.0.0000)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Omron Health Management Software (Version: 1.31.0007)
OnDemand5 (Version: 5.8.0.10)
PanoStandAlone (Version: 100.0.170.000)
PDF Settings (Version: 1.0)
PhotoTools 2.5 Professional Edition (Version: 2.5)
PL-2303 USB-to-Serial
ProntoProEdit NG (Version: 2.1.8.0)
ProntoProEdit NG Setup Support (Version: 2.0.0.0)
PropertiesPlus (Remove Only)
Protected Music Converter 1.0.0.9 (Version: 1.0.0.9)
PS_AIO_02_ProductContext (Version: 100.0.206.000)
PS_AIO_02_Software (Version: 100.0.206.000)
PS_AIO_02_Software_Min (Version: 100.0.206.000)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
PSSWCORE (Version: 2.02.0000)
Quicken 2010 (Version: 19.1.1.27)
Quicken WillMaker Plus 2011
QuickTime (Version: 7.71.80.42)
RAIDar 4.1.6
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.23.0000)
Recover My iPod (Version: 1.7.2.833)
Registry Clean Expert
Remote Control USB Driver (Version: 2.3.2.317)
RoxioShim (Version: 100.0.206.000)
RSDLite (Version: 4.9)
Samsung AllShare (Version: 2.1.0.11123_8)
Samsung Kies (Version: 2.1.1.11124_17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
SAPI Wrapper (Version: 1.0.0.0)
Scan (Version: 10.1.0.0)
Sentinel System Driver
Setup (Version: 14.0.0.332)
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sound Blaster Live!
Status (Version: 100.0.175.000)
SUPERAntiSpyware (Version: 4.42.1000)
SureThing CD Labeler Deluxe 5
Tansee iPod Copy v1.01
The Ultimate Troubleshooter
Toolbox (Version: 100.0.170.000)
TouchCopy 09 (Version: 9.53)
TrayApp (Version: 100.0.170.000)
TTS Wrapper (Version: 1.0.0.0)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2596)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0424)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0209)
TurboTax 2011 wmiiper (Version: 011.000.1389)
TurboTax 2011 wrapper (Version: 011.000.0120)
UnloadSupport (Version: 10.0.0)
Unlocker 1.8.6 (Version: 1.8.6)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
V CAST Music with Rhapsody
VC User CRT71 RTL X86 --- (Version: 1.0)
VC User MFC71 RTL X86 --- (Version: 1.0)
VideoToolkit01 (Version: 100.0.128.000)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 100.0.170.000)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (Version: 08/11/2009 2.0.0010.00002)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinISO 5.3
WinRAR archiver
Winternals Administrator's Pak
WinTools.net 9.11.1 Ultimate

========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 1023 MB
Available physical RAM: 267.71 MB
Total Pagefile: 2076.39 MB
Available Pagefile: 1211.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:20.08 GB) NTFS
3 Drive d: (Music) (Fixed) (Total:149.04 GB) (Free:20.8 GB) NTFS
4 Drive e: (DM5Q110) (CDROM) (Total:7.34 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\BOSS

Administrator ASPNET Guest
HelpAssistant Rich SUPPORT_388945a0


**** End of log ****



ESET and minitoolbox logs below"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 23 February 2012 - 10:19 AM

Ran the ESET Scanner and cleaned the program is still up (I didn't know if I should uninstall and delete quarantined items or not?)

go ahead

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 23 February 2012 - 03:12 PM

TFC has been just sitting there for 5 hours now.I think it frooze for the second time.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 23 February 2012 - 09:41 PM

Run it in safemode then

good luck

#14 banditz

banditz
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 25 February 2012 - 12:21 PM

Ran TFC in safe mode with no problem. Java updated and everything seems to be working fine.

Thank you so much for all your help. You can close this thread if we are done.

Thanks again,

- Rich

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:02 AM

Posted 26 February 2012 - 09:47 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users