Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirecting; Program Failures; General Mayhem on my PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mikey Bull

Mikey Bull

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 04 April 2012 - 11:15 AM

Hello - Before I jump in, I just want to say thank you to all of the experts who donate their time to help people like myself save their computers from malware and viruses!

OK, I will do my best to detail all the issues I am facing but, generally, pretty much everything is going wrong. Specifically, I've noticed the following:

1) I can get to browser homepages (Firefox, Explorer and Chrome) but, any links I click are being redirected (not always to the same sites). This is true for all three browsers. If I type in addresses directly I can navigate to the right pages.
2) Opening any of the browsers results in a "Windows Security Alert" pop-up opening which says: "To help protect your computer, Windows Firewall has blocked some features of this program". I then have the choice to select keep blocking, unblock or ask me later (I have been selecting ask me later).
3) Browser(s) open new tabs to websites I did not request in addition to pages I did request (by typing in addresses directly).
4) I keep getting TCP/IP Error messages. They read as follows:
C:\DOCUME~1\MIKEYB~1\LOCALS~1\Temp\WERb62e.dir00\ping.exe.mdmp
C:\DOCUME~1\MIKEYB~1\LOCALS~1\Temp\WERb62e.dir00\appcompat.txt
5) I am getting multiple program failures accompanied by the "the program encountered a problem and needs to close" message.
6) After the PC has been running for awhile, I start losing access to programs. Last night, after running many of the LOG programs listed below, my PC blocked my access to the Task Manager, prevented me from opening any browsers, and hid all my log files I had posted to my desktop (I got them back by doing a hard re-boot).
7) Not surprisingly, my PC is running like molasses no matter what I am trying to do.

OK, so here is what I have already done before posting to ask for help:

1) Downloaded and launched TDSSkiller. Changed parameters to include scan TDLFS file system. Ran program. Saved log file (posted below).
2) Downloaded and ran GMER. Saved log file (posted below). I believe this program required that I restart the PC, which I did.
3) Downloaded and ran aswMBR. Saved log file (posted below).
4) I have also downloaded several other scan programs like MBAM and Toolkit in case I need to run them.

Can someone please tell me what to do next? Thank you!


TDSSkiller log

09:43:55.0890 2116 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
09:43:57.0921 2116 ============================================================
09:43:57.0921 2116 Current date / time: 2012/04/03 09:43:57.0921
09:43:57.0921 2116 SystemInfo:
09:43:57.0921 2116
09:43:57.0921 2116 OS Version: 5.1.2600 ServicePack: 3.0
09:43:57.0921 2116 Product type: Workstation
09:43:57.0921 2116 ComputerName: FUDGIE1
09:43:57.0921 2116 UserName: Mikey Bull
09:43:57.0921 2116 Windows directory: C:\WINDOWS
09:43:57.0921 2116 System windows directory: C:\WINDOWS
09:43:57.0921 2116 Processor architecture: Intel x86
09:43:57.0921 2116 Number of processors: 1
09:43:57.0921 2116 Page size: 0x1000
09:43:57.0921 2116 Boot type: Normal boot
09:43:57.0921 2116 ============================================================
09:44:05.0500 2116 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:44:05.0593 2116 \Device\Harddisk0\DR0:
09:44:05.0609 2116 MBR used
09:44:05.0609 2116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
09:44:05.0890 2116 Initialize success
09:44:05.0890 2116 ============================================================
09:45:57.0218 1804 ============================================================
09:45:57.0218 1804 Scan started
09:45:57.0218 1804 Mode: Manual; TDLFS;
09:45:57.0218 1804 ============================================================
09:46:02.0062 1804 Abiosdsk - ok
09:46:02.0265 1804 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
09:46:02.0265 1804 abp480n5 - ok
09:46:02.0484 1804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:46:02.0484 1804 ACPI - ok
09:46:02.0750 1804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:46:02.0781 1804 ACPIEC - ok
09:46:02.0953 1804 Ad-Watch Connect Filter - ok
09:46:03.0265 1804 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
09:46:03.0265 1804 adpu160m - ok
09:46:03.0671 1804 adsservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bwcsrv.dll
09:46:03.0671 1804 adsservice ( Backdoor.Multi.ZAccess.gen ) - infected
09:46:03.0671 1804 adsservice - detected Backdoor.Multi.ZAccess.gen (0)
09:46:03.0921 1804 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:46:03.0921 1804 aeaudio - ok
09:46:04.0140 1804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:46:04.0156 1804 aec - ok
09:46:04.0375 1804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:46:04.0375 1804 AFD - ok
09:46:04.0593 1804 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
09:46:04.0593 1804 agp440 - ok
09:46:04.0906 1804 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
09:46:05.0031 1804 agpCPQ - ok
09:46:05.0281 1804 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
09:46:05.0281 1804 Aha154x - ok
09:46:05.0625 1804 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
09:46:05.0625 1804 aic78u2 - ok
09:46:05.0875 1804 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
09:46:05.0875 1804 aic78xx - ok
09:46:06.0359 1804 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:46:06.0390 1804 Alerter - ok
09:46:07.0359 1804 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:46:07.0359 1804 ALG - ok
09:46:07.0609 1804 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
09:46:07.0609 1804 AliIde - ok
09:46:07.0828 1804 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
09:46:07.0828 1804 alim1541 - ok
09:46:08.0125 1804 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
09:46:08.0187 1804 amdagp - ok
09:46:08.0546 1804 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
09:46:08.0546 1804 amsint - ok
09:46:08.0765 1804 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:46:08.0765 1804 Apple Mobile Device - ok
09:46:08.0875 1804 AppMgmt - ok
09:46:09.0156 1804 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
09:46:09.0156 1804 asc - ok
09:46:09.0578 1804 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
09:46:09.0578 1804 asc3350p - ok
09:46:09.0828 1804 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
09:46:09.0828 1804 asc3550 - ok
09:46:10.0078 1804 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:46:10.0234 1804 aspnet_state - ok
09:46:10.0453 1804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:46:10.0453 1804 AsyncMac - ok
09:46:10.0687 1804 atapi (13d4de398a8faf82319dae94f2a03fe3) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:46:10.0687 1804 atapi - ok
09:46:10.0906 1804 Atdisk - ok
09:46:11.0109 1804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:46:11.0109 1804 Atmarpc - ok
09:46:11.0218 1804 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:46:11.0218 1804 AudioSrv - ok
09:46:11.0531 1804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:46:11.0578 1804 audstub - ok
09:46:12.0328 1804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:46:12.0328 1804 Beep - ok
09:46:12.0500 1804 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\SYSTEM32\qmgr.dll
09:46:12.0578 1804 BITS - ok
09:46:12.0906 1804 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
09:46:12.0921 1804 Bonjour Service - ok
09:46:13.0078 1804 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:46:13.0078 1804 Browser - ok
09:46:13.0265 1804 bvrp_pci - ok
09:46:13.0453 1804 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
09:46:13.0453 1804 cbidf - ok
09:46:14.0843 1804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:46:14.0843 1804 cbidf2k - ok
09:46:15.0078 1804 ccPwdSvc (7109348188ede64d8c7db5df930f94c1) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
09:46:15.0078 1804 ccPwdSvc - ok
09:46:15.0281 1804 ccSetMgr (c5af6ec3dde5f349e4f55a088297c871) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
09:46:15.0281 1804 ccSetMgr - ok
09:46:15.0750 1804 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
09:46:15.0750 1804 cd20xrnt - ok
09:46:16.0125 1804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:46:16.0125 1804 Cdaudio - ok
09:46:16.0343 1804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:46:16.0343 1804 Cdfs - ok
09:46:16.0562 1804 Cdrom (f9aa286ab9bdf6351d15f9449accb680) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:46:16.0562 1804 Cdrom - ok
09:46:16.0781 1804 Changer - ok
09:46:16.0921 1804 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:46:16.0921 1804 CiSvc - ok
09:46:17.0046 1804 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:46:17.0046 1804 ClipSrv - ok
09:46:17.0281 1804 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:46:17.0406 1804 clr_optimization_v2.0.50727_32 - ok
09:46:17.0812 1804 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
09:46:17.0843 1804 CmdIde - ok
09:46:17.0968 1804 COMSysApp - ok
09:46:18.0171 1804 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
09:46:18.0171 1804 Cpqarray - ok
09:46:18.0312 1804 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
09:46:18.0312 1804 Creative Service for CDROM Access - ok
09:46:18.0500 1804 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:46:18.0500 1804 CryptSvc - ok
09:46:18.0812 1804 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
09:46:18.0843 1804 dac2w2k - ok
09:46:19.0093 1804 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
09:46:19.0093 1804 dac960nt - ok
09:46:19.0250 1804 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:46:19.0265 1804 DcomLaunch - ok
09:46:19.0453 1804 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:46:19.0453 1804 Dhcp - ok
09:46:19.0671 1804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:46:19.0671 1804 Disk - ok
09:46:19.0890 1804 dmadmin - ok
09:46:20.0109 1804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:46:20.0140 1804 dmboot - ok
09:46:20.0359 1804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:46:20.0359 1804 dmio - ok
09:46:20.0609 1804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:46:20.0609 1804 dmload - ok
09:46:20.0750 1804 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:46:20.0750 1804 dmserver - ok
09:46:20.0968 1804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:46:20.0968 1804 DMusic - ok
09:46:21.0125 1804 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:46:21.0125 1804 Dnscache - ok
09:46:21.0281 1804 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:46:21.0281 1804 Dot3svc - ok
09:46:21.0531 1804 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
09:46:21.0531 1804 dpti2o - ok
09:46:21.0750 1804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:46:21.0750 1804 drmkaud - ok
09:46:22.0000 1804 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:46:22.0015 1804 drvmcdb - ok
09:46:22.0281 1804 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
09:46:22.0281 1804 drvnddm - ok
09:46:22.0468 1804 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
09:46:22.0484 1804 DSBrokerService - ok
09:46:22.0703 1804 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
09:46:22.0703 1804 DSproct - ok
09:46:22.0890 1804 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
09:46:22.0906 1804 dsunidrv - ok
09:46:23.0156 1804 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:46:23.0156 1804 E100B - ok
09:46:23.0343 1804 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:46:23.0343 1804 EapHost - ok
09:46:24.0140 1804 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
09:46:24.0156 1804 EL90XBC - ok
09:46:24.0296 1804 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:46:24.0296 1804 ERSvc - ok
09:46:24.0453 1804 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:46:24.0468 1804 Eventlog - ok
09:46:24.0656 1804 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:46:24.0656 1804 EventSystem - ok
09:46:24.0875 1804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:46:24.0875 1804 Fastfat - ok
09:46:25.0046 1804 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:46:25.0062 1804 FastUserSwitchingCompatibility - ok
09:46:25.0296 1804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:46:25.0296 1804 Fdc - ok
09:46:25.0515 1804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:46:25.0515 1804 Fips - ok
09:46:25.0734 1804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:46:25.0734 1804 Flpydisk - ok
09:46:25.0968 1804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:46:25.0968 1804 FltMgr - ok
09:46:26.0296 1804 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:46:26.0421 1804 FontCache3.0.0.0 - ok
09:46:26.0609 1804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:46:26.0609 1804 Fs_Rec - ok
09:46:26.0890 1804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:46:27.0015 1804 Ftdisk - ok
09:46:27.0281 1804 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:46:27.0281 1804 gameenum - ok
09:46:27.0515 1804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:46:27.0531 1804 GEARAspiWDM - ok
09:46:27.0750 1804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:46:27.0750 1804 Gpc - ok
09:46:27.0937 1804 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:46:27.0937 1804 gusvc - ok
09:46:28.0156 1804 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:46:28.0171 1804 helpsvc - ok
09:46:28.0359 1804 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:46:28.0390 1804 HidServ - ok
09:46:28.0671 1804 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:46:28.0703 1804 HidUsb - ok
09:46:28.0937 1804 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:46:28.0937 1804 hkmsvc - ok
09:46:29.0281 1804 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
09:46:29.0343 1804 hpn - ok
09:46:29.0890 1804 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:46:29.0890 1804 HSFHWBS2 - ok
09:46:30.0812 1804 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:46:30.0859 1804 HSF_DP - ok
09:46:31.0156 1804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:46:31.0203 1804 HTTP - ok
09:46:31.0750 1804 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:46:31.0828 1804 HTTPFilter - ok
09:46:32.0125 1804 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:46:32.0125 1804 i2omgmt - ok
09:46:32.0578 1804 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
09:46:32.0578 1804 i2omp - ok
09:46:33.0109 1804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:46:33.0203 1804 i8042prt - ok
09:46:34.0640 1804 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
09:46:34.0640 1804 i81x - ok
09:46:34.0937 1804 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
09:46:34.0937 1804 iAimFP0 - ok
09:46:35.0156 1804 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
09:46:35.0156 1804 iAimFP1 - ok
09:46:35.0406 1804 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
09:46:35.0421 1804 iAimFP2 - ok
09:46:35.0640 1804 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
09:46:35.0640 1804 iAimFP3 - ok
09:46:35.0906 1804 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
09:46:35.0921 1804 iAimFP4 - ok
09:46:36.0343 1804 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
09:46:36.0343 1804 iAimTV0 - ok
09:46:36.0718 1804 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
09:46:36.0718 1804 iAimTV1 - ok
09:46:36.0828 1804 iAimTV2 - ok
09:46:37.0031 1804 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
09:46:37.0046 1804 iAimTV3 - ok
09:46:37.0343 1804 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
09:46:37.0375 1804 iAimTV4 - ok
09:46:37.0750 1804 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:46:37.0765 1804 ialm - ok
09:46:38.0156 1804 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:46:38.0546 1804 IDriverT - ok
09:46:39.0265 1804 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:46:39.0375 1804 idsvc - ok
09:46:39.0609 1804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:46:39.0609 1804 Imapi - ok
09:46:39.0765 1804 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
09:46:39.0765 1804 ImapiService - ok
09:46:40.0031 1804 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
09:46:40.0031 1804 ini910u - ok
09:46:40.0281 1804 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
09:46:40.0281 1804 IntelIde - ok
09:46:40.0578 1804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:46:40.0578 1804 intelppm - ok
09:46:40.0843 1804 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:46:40.0859 1804 ip6fw - ok
09:46:41.0390 1804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:46:41.0515 1804 IpFilterDriver - ok
09:46:41.0906 1804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:46:41.0906 1804 IpInIp - ok
09:46:42.0265 1804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:46:42.0343 1804 IpNat - ok
09:46:43.0781 1804 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
09:46:45.0281 1804 iPod Service - ok
09:46:46.0187 1804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:46:46.0234 1804 IPSec - ok
09:46:48.0171 1804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:46:48.0187 1804 IRENUM - ok
09:46:48.0734 1804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:46:48.0734 1804 isapnp - ok
09:46:49.0359 1804 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
09:46:49.0609 1804 JavaQuickStarterService - ok
09:46:51.0625 1804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:46:51.0734 1804 Kbdclass - ok
09:46:52.0234 1804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:46:52.0234 1804 kbdhid - ok
09:46:52.0828 1804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:46:53.0000 1804 kmixer - ok
09:46:54.0031 1804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:46:54.0125 1804 KSecDD - ok
09:46:54.0812 1804 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:46:54.0859 1804 lanmanserver - ok
09:46:55.0250 1804 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:46:55.0250 1804 lanmanworkstation - ok
09:46:55.0796 1804 lbrtfdc - ok
09:46:56.0218 1804 LexBceS (5e3498f3d0146c0e275272b94369e3d2) C:\WINDOWS\system32\LEXBCES.EXE
09:46:56.0218 1804 LexBceS - ok
09:46:56.0453 1804 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:46:56.0453 1804 LmHosts - ok
09:46:56.0859 1804 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:46:56.0859 1804 MBAMSwissArmy - ok
09:46:57.0156 1804 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:46:57.0156 1804 mdmxsdk - ok
09:46:57.0390 1804 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:46:57.0437 1804 Messenger - ok
09:46:57.0781 1804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:46:57.0781 1804 mnmdd - ok
09:46:58.0015 1804 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:46:58.0046 1804 mnmsrvc - ok
09:46:58.0359 1804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:46:58.0390 1804 Modem - ok
09:46:58.0703 1804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:46:58.0703 1804 Mouclass - ok
09:46:59.0343 1804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:46:59.0515 1804 mouhid - ok
09:47:00.0265 1804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:47:00.0343 1804 MountMgr - ok
09:47:01.0875 1804 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
09:47:01.0921 1804 mraid35x - ok
09:47:02.0203 1804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:47:02.0203 1804 MRxDAV - ok
09:47:02.0765 1804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:47:02.0828 1804 MRxSmb - ok
09:47:03.0062 1804 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:47:03.0062 1804 MSDTC - ok
09:47:03.0375 1804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:47:03.0390 1804 Msfs - ok
09:47:05.0093 1804 MSIServer - ok
09:47:05.0796 1804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:47:05.0843 1804 MSKSSRV - ok
09:47:06.0781 1804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:47:06.0890 1804 MSPCLOCK - ok
09:47:07.0546 1804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:47:07.0562 1804 MSPQM - ok
09:47:07.0937 1804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:47:07.0937 1804 mssmbios - ok
09:47:08.0234 1804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:47:08.0281 1804 Mup - ok
09:47:08.0703 1804 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys
09:47:08.0734 1804 MxlW2k - ok
09:47:09.0218 1804 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:47:09.0234 1804 napagent - ok
09:47:09.0890 1804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:47:09.0890 1804 NDIS - ok
09:47:10.0171 1804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:47:10.0171 1804 NdisTapi - ok
09:47:10.0453 1804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:47:10.0500 1804 Ndisuio - ok
09:47:10.0968 1804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:47:10.0968 1804 NdisWan - ok
09:47:11.0140 1804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:47:11.0171 1804 NDProxy - ok
09:47:11.0328 1804 NecUsb3 - ok
09:47:11.0593 1804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:47:11.0593 1804 NetBIOS - ok
09:47:11.0843 1804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:47:11.0890 1804 NetBT - ok
09:47:11.0984 1804 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:47:11.0984 1804 NetDDE - ok
09:47:12.0062 1804 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:47:12.0062 1804 NetDDEdsdm - ok
09:47:12.0171 1804 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:47:12.0171 1804 Netlogon - ok
09:47:12.0265 1804 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:47:12.0281 1804 Netman - ok
09:47:12.0515 1804 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
09:47:12.0656 1804 NetSvc - ok
09:47:12.0937 1804 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:47:12.0937 1804 NetTcpPortSharing - ok
09:47:13.0156 1804 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:47:13.0156 1804 Nla - ok
09:47:13.0328 1804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:47:13.0328 1804 Npfs - ok
09:47:15.0625 1804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:47:15.0671 1804 Ntfs - ok
09:47:15.0812 1804 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:47:15.0828 1804 NtLmSsp - ok
09:47:16.0015 1804 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:47:16.0062 1804 NtmsSvc - ok
09:47:16.0312 1804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:47:16.0312 1804 Null - ok
09:47:16.0625 1804 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:47:16.0703 1804 nv - ok
09:47:16.0984 1804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:47:16.0984 1804 NwlnkFlt - ok
09:47:17.0265 1804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:47:17.0265 1804 NwlnkFwd - ok
09:47:17.0515 1804 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:47:17.0515 1804 omci - ok
09:47:17.0968 1804 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
09:47:18.0046 1804 P16X - ok
09:47:18.0328 1804 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
09:47:18.0328 1804 P3 - ok
09:47:18.0593 1804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:47:18.0593 1804 Parport - ok
09:47:18.0843 1804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:47:18.0859 1804 PartMgr - ok
09:47:19.0125 1804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:47:19.0125 1804 ParVdm - ok
09:47:19.0359 1804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:47:19.0359 1804 PCI - ok
09:47:20.0156 1804 PCIDump - ok
09:47:20.0484 1804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:47:20.0484 1804 PCIIde - ok
09:47:20.0937 1804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:47:20.0937 1804 Pcmcia - ok
09:47:21.0203 1804 PDCOMP - ok
09:47:21.0578 1804 PDFRAME - ok
09:47:21.0875 1804 pdlncbas - ok
09:47:22.0125 1804 PDRELI - ok
09:47:22.0390 1804 PDRFRAME - ok
09:47:22.0687 1804 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
09:47:22.0703 1804 perc2 - ok
09:47:22.0984 1804 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
09:47:22.0984 1804 perc2hib - ok
09:47:23.0296 1804 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
09:47:23.0312 1804 PfModNT - ok
09:47:24.0250 1804 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:47:24.0250 1804 PlugPlay - ok
09:47:24.0390 1804 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:47:24.0390 1804 PolicyAgent - ok
09:47:24.0625 1804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:47:24.0625 1804 PptpMiniport - ok
09:47:24.0921 1804 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:47:24.0921 1804 Processor - ok
09:47:25.0109 1804 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:47:25.0109 1804 ProtectedStorage - ok
09:47:25.0296 1804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:47:25.0296 1804 PSched - ok
09:47:25.0515 1804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:47:25.0515 1804 Ptilink - ok
09:47:25.0734 1804 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:47:25.0750 1804 PxHelp20 - ok
09:47:26.0015 1804 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
09:47:26.0031 1804 ql1080 - ok
09:47:26.0250 1804 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
09:47:26.0250 1804 Ql10wnt - ok
09:47:26.0484 1804 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
09:47:26.0484 1804 ql12160 - ok
09:47:26.0703 1804 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
09:47:26.0703 1804 ql1240 - ok
09:47:26.0921 1804 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
09:47:26.0921 1804 ql1280 - ok
09:47:27.0125 1804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:47:27.0125 1804 RasAcd - ok
09:47:27.0281 1804 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:47:27.0281 1804 RasAuto - ok
09:47:27.0515 1804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:47:27.0515 1804 Rasl2tp - ok
09:47:27.0671 1804 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:47:27.0671 1804 RasMan - ok
09:47:27.0890 1804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:47:27.0890 1804 RasPppoe - ok
09:47:28.0156 1804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:47:28.0156 1804 Raspti - ok
09:47:28.0375 1804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:47:28.0390 1804 Rdbss - ok
09:47:28.0656 1804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:47:28.0656 1804 RDPCDD - ok
09:47:28.0968 1804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:47:28.0968 1804 rdpdr - ok
09:47:29.0250 1804 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:47:29.0250 1804 RDPWD - ok
09:47:29.0468 1804 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:47:29.0468 1804 RDSessMgr - ok
09:47:29.0687 1804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:47:29.0687 1804 redbook - ok
09:47:29.0843 1804 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:47:29.0843 1804 RemoteAccess - ok
09:47:29.0984 1804 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:47:29.0984 1804 RpcLocator - ok
09:47:30.0156 1804 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:47:30.0156 1804 RpcSs - ok
09:47:30.0343 1804 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:47:30.0343 1804 RSVP - ok
09:47:30.0515 1804 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:47:30.0515 1804 SamSs - ok
09:47:30.0671 1804 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:47:30.0671 1804 SCardSvr - ok
09:47:30.0828 1804 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:47:30.0843 1804 Schedule - ok
09:47:31.0343 1804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:47:31.0406 1804 Secdrv - ok
09:47:31.0656 1804 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:47:31.0656 1804 seclogon - ok
09:47:31.0921 1804 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:47:31.0921 1804 SENS - ok
09:47:32.0203 1804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:47:32.0250 1804 serenum - ok
09:47:32.0531 1804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:47:32.0531 1804 Serial - ok
09:47:33.0140 1804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:47:33.0140 1804 Sfloppy - ok
09:47:33.0359 1804 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:47:33.0390 1804 SharedAccess - ok
09:47:35.0062 1804 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:47:35.0078 1804 ShellHWDetection - ok
09:47:35.0250 1804 Simbad - ok
09:47:35.0484 1804 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
09:47:35.0484 1804 sisagp - ok
09:47:35.0734 1804 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
09:47:35.0781 1804 smwdm - ok
09:47:36.0031 1804 SNDSrvc (8abacc93eb3ba11b8b011df4d693637c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
09:47:36.0031 1804 SNDSrvc - ok
09:47:36.0234 1804 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
09:47:36.0234 1804 Sparrow - ok
09:47:36.0437 1804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:47:36.0437 1804 splitter - ok
09:47:36.0609 1804 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:47:36.0625 1804 Spooler - ok
09:47:36.0781 1804 sprtsvc_dellsupportcenter - ok
09:47:37.0015 1804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:47:37.0015 1804 sr - ok
09:47:37.0250 1804 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
09:47:37.0250 1804 srservice - ok
09:47:37.0500 1804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:47:37.0531 1804 Srv - ok
09:47:37.0859 1804 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:47:37.0859 1804 sscdbhk5 - ok
09:47:38.0062 1804 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:47:38.0078 1804 SSDPSRV - ok
09:47:38.0390 1804 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
09:47:38.0390 1804 ssrtln - ok
09:47:38.0625 1804 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:47:38.0640 1804 stisvc - ok
09:47:38.0906 1804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:47:38.0921 1804 swenum - ok
09:47:39.0218 1804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:47:39.0218 1804 swmidi - ok
09:47:39.0421 1804 SwPrv - ok
09:47:39.0890 1804 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
09:47:39.0890 1804 symc810 - ok
09:47:40.0171 1804 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
09:47:40.0187 1804 symc8xx - ok
09:47:40.0531 1804 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
09:47:40.0531 1804 sym_hi - ok
09:47:40.0843 1804 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
09:47:40.0843 1804 sym_u3 - ok
09:47:41.0156 1804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:47:41.0171 1804 sysaudio - ok
09:47:41.0390 1804 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:47:41.0437 1804 SysmonLog - ok
09:47:41.0656 1804 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:47:41.0656 1804 TapiSrv - ok
09:47:41.0953 1804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:47:41.0984 1804 Tcpip - ok
09:47:42.0203 1804 TcUsb - ok
09:47:42.0437 1804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:47:42.0437 1804 TDPIPE - ok
09:47:42.0656 1804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:47:42.0656 1804 TDTCP - ok
09:47:42.0859 1804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:47:42.0859 1804 TermDD - ok
09:47:43.0031 1804 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:47:43.0046 1804 TermService - ok
09:47:43.0296 1804 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
09:47:43.0437 1804 tfsnboio - ok
09:47:44.0484 1804 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
09:47:44.0484 1804 tfsncofs - ok
09:47:44.0718 1804 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
09:47:44.0718 1804 tfsndrct - ok
09:47:44.0968 1804 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
09:47:44.0968 1804 tfsndres - ok
09:47:45.0218 1804 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
09:47:45.0218 1804 tfsnifs - ok
09:47:45.0484 1804 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
09:47:45.0484 1804 tfsnopio - ok
09:47:45.0718 1804 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
09:47:45.0718 1804 tfsnpool - ok
09:47:45.0984 1804 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
09:47:45.0984 1804 tfsnudf - ok
09:47:46.0250 1804 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:47:46.0250 1804 tfsnudfa - ok
09:47:46.0406 1804 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:47:46.0406 1804 Themes - ok
09:47:46.0640 1804 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
09:47:46.0656 1804 TosIde - ok
09:47:46.0843 1804 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:47:46.0843 1804 TrkWks - ok
09:47:47.0062 1804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:47:47.0078 1804 Udfs - ok
09:47:47.0296 1804 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
09:47:47.0296 1804 ultra - ok
09:47:47.0421 1804 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\System32\wdfmgr.exe
09:47:47.0437 1804 UMWdf - ok
09:47:47.0671 1804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:47:47.0687 1804 Update - ok
09:47:47.0968 1804 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:47:47.0968 1804 upnphost - ok
09:47:48.0156 1804 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:47:48.0156 1804 UPS - ok
09:47:48.0390 1804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:47:48.0390 1804 usbccgp - ok
09:47:48.0640 1804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:47:48.0640 1804 usbehci - ok
09:47:48.0859 1804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:47:48.0875 1804 usbhub - ok
09:47:49.0078 1804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:47:49.0078 1804 usbprint - ok
09:47:49.0281 1804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:47:49.0281 1804 usbscan - ok
09:47:49.0515 1804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:47:49.0515 1804 USBSTOR - ok
09:47:49.0734 1804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:47:49.0750 1804 usbuhci - ok
09:47:49.0875 1804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:47:49.0875 1804 VgaSave - ok
09:47:50.0000 1804 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
09:47:50.0000 1804 viaagp - ok
09:47:50.0203 1804 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:47:50.0218 1804 ViaIde - ok
09:47:50.0406 1804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:47:50.0406 1804 VolSnap - ok
09:47:50.0562 1804 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:47:50.0562 1804 VSS - ok
09:47:50.0687 1804 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:47:50.0703 1804 w32time - ok
09:47:50.0921 1804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:47:50.0921 1804 Wanarp - ok
09:47:51.0125 1804 wanatw - ok
09:47:51.0265 1804 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:47:51.0265 1804 WDC_SAM - ok
09:47:51.0390 1804 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
09:47:51.0406 1804 WDDMService - ok
09:47:51.0593 1804 WDICA - ok
09:47:51.0812 1804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:47:51.0812 1804 wdmaud - ok
09:47:51.0953 1804 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
09:47:51.0953 1804 WDSmartWareBackgroundService - ok
09:47:52.0093 1804 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:47:52.0093 1804 WebClient - ok
09:47:52.0375 1804 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:47:52.0421 1804 winachsf - ok
09:47:52.0671 1804 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:47:52.0671 1804 winmgmt - ok
09:47:52.0828 1804 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
09:47:52.0828 1804 WMDM PMSP Service - ok
09:47:52.0968 1804 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
09:47:52.0968 1804 WmdmPmSN - ok
09:47:53.0203 1804 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:47:53.0203 1804 WmiApSrv - ok
09:47:53.0406 1804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:47:53.0406 1804 WS2IFSL - ok
09:47:54.0531 1804 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:47:54.0546 1804 wscsvc - ok
09:47:54.0734 1804 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:47:54.0734 1804 wuauserv - ok
09:47:54.0906 1804 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:47:54.0984 1804 WZCSVC - ok
09:47:55.0171 1804 X4HSX32 (72e8f37e00dcbd7432c7824570a3a7aa) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
09:47:55.0171 1804 X4HSX32 - ok
09:47:55.0328 1804 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:47:55.0328 1804 xmlprov - ok
09:47:55.0562 1804 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
09:47:55.0578 1804 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:47:55.0812 1804 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
09:47:55.0812 1804 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:47:55.0859 1804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:47:56.0140 1804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:47:56.0140 1804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:47:56.0203 1804 Boot (0x1200) (78969424ed1dcaff27b2483dc3d76cb2) \Device\Harddisk0\DR0\Partition0
09:47:56.0203 1804 \Device\Harddisk0\DR0\Partition0 - ok
09:47:56.0218 1804 ============================================================
09:47:56.0218 1804 Scan finished
09:47:56.0218 1804 ============================================================
09:47:56.0234 3664 Detected object count: 2
09:47:56.0234 3664 Actual detected object count: 2
09:48:27.0921 3664 C:\WINDOWS\system32\bwcsrv.dll - copied to quarantine
09:48:27.0921 3664 HKLM\SYSTEM\ControlSet002\services\adsservice - will be deleted on reboot
09:48:28.0390 3664 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
09:48:28.0421 3664 C:\WINDOWS\system32\bwcsrv.dll - will be deleted on reboot
09:48:28.0421 3664 adsservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
09:48:28.0421 3664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:48:28.0421 3664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Here's the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 17:18:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: ec5e7p08.exe; Driver: C:\DOCUME~1\MIKEYB~1\LOCALS~1\Temp\kwlyipob.sys


---- Kernel code sections - GMER 1.0.15 ----

? 72161878.sys The system cannot find the file specified. !
.text cdrom.sys!?OnMutantOriginal@@YGHE]A F8829000 11 Bytes [43, 02, C7, 43, 0C, 00, 00, ...]
.text cdrom.sys!?OnMutantOriginal@@YGHE]A + C F882900C 6 Bytes [45, 0C, 8B, 80, 3C, 01]
.text cdrom.sys!?OnMutantOriginal@@YGHE]A + 13 F8829013 100 Bytes [00, C1, E0, 02, 89, 43, 14, ...]
.text cdrom.sys!?OnMutantOriginal@@YGHE]A + 78 F8829078 20 Bytes JMP F8828F9E \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text cdrom.sys!?OnMutantOriginal@@YGHE]A + 8D F882908D 74 Bytes JMP F8828FAC \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text ...
.text cdrom.sys!?IsSystemOld@@YGGDPAGE]A F882A1CA 23 Bytes JMP F882A336 \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text cdrom.sys!?InstallPointOriginal@@YGPAXPAHEE]A + 4 F882A1E2 30 Bytes [F8, 6A, 3F, FF, 35, 0C, 3F, ...]
.text cdrom.sys!?GenerateSectionEx@@YGXPAEPADG]A + 5 F882A201 34 Bytes [93, 00, 00, 8D, 45, 10, 50, ...]
.text cdrom.sys!?FormatFullNameEx@@YGDPAEPAFPADJ]A F882A224 23 Bytes [FF, 4D, F8, 0F, 84, BC, 00, ...]
.text cdrom.sys!?PutMediaType@@YGPAXIPAIPAK]A + 4 F882A23C 58 Bytes [F8, 02, 74, 22, 8B, 45, 0C, ...]
.text cdrom.sys!?FormatWidthExA@@YGXKPAGPAJPAH]A + 22 F882A278 7 Bytes [8B, 41, 60, C7, 40, E8, 11]
.text cdrom.sys!?FormatWidthExA@@YGXKPAGPAJPAH]A + 2A F882A280 165 Bytes [1B, 00, 89, 70, E0, 83, E8, ...]
.text cdrom.sys!?FormatWidthExA@@YGXKPAGPAJPAH]A + D0 F882A326 39 Bytes [C7, 43, 50, FF, FF, FF, 7F, ...]
.text cdrom.sys!?FormatWidthExA@@YGXKPAGPAJPAH]A + F8 F882A34E 3 Bytes [6A, 00, 56] {PUSH 0x0; PUSH ESI}
.text cdrom.sys!?FormatWidthExA@@YGXKPAGPAJPAH]A + FC F882A352 276 Bytes [D7, 8B, 75, 0C, 8B, 46, 04, ...]
.text ...
? C:\WINDOWS\System32\DRIVERS\cdrom.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2020] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2020] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2020] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2020] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011E5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F52 7 Bytes JMP 02671A30
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B751 7 Bytes JMP 02671A10
.text C:\WINDOWS\System32\ping.exe[3612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\ping.exe[3612] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\ping.exe[3612] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[3612] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\ping.exe[3612] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\ping.exe[3612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\ping.exe[3612] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[4084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\ping.exe[4084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\ping.exe[4084] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[4084] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\ping.exe[4084] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\ping.exe[4084] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\ping.exe[4084] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00A8000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryValueKey] 0000D914
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoSetDeviceInterfaceState] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlAnsiCharToUnicodeChar] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwDeleteKey] 0000DFE0
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObReleaseObjectSecurity] 0000B788
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmAllocateMappingAddress] 0000D88C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwEnumerateValueKey] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCreateDevice] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeSpinLock] 0000E350
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmFlushImageSection] 0000B700
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFindClearRuns] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlLengthRequiredSid] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByPointer] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlSecondsSince1970ToTime] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeDeregisterBugCheckCallback] [F883632C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcPurgeCacheSection] [F8836308] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmUnlockPages] [F88362F4] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlSplay] [F88362D8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCreateSymbolicLink] [F88362C6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] [F88362A8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmIsAddressValid] [F883628E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwPowerInformation] [F883626C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoVerifyVolume] [F883624A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoFreeErrorLogEntry] [F8836230] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlGetCallersAddress] [F883620A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ProbeForWrite] [F88361F0] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitUnicodeString] [F88361D6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoReleaseCancelSpinLock] [F88361B8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmGetSystemRoutineAddress] [F88361A2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlGenerate8dot3Name] [F883618E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!VerSetConditionMask] [F883617A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IofCallDriver] [F8836166] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeReadStateEvent] [F8836152] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeSemaphore] [F8836138] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeLockSubjectContext] [F8836114] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmLockPagableSectionByHandle] [F88360FA] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmQuerySystemSize] [F88360D8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlRandom] [F88360C6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExInitializeResourceLite] [F88360AA] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlLengthSecurityDescriptor] [F8836090] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExReleaseFastMutexUnsafe] [F883606A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetProcessId] [F883604C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetTopLevelIrp] [F8836036] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeFlushQueuedDpcs] [F883601A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsImpersonateClient] [F8836000] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoStartPacket] [F8835FE8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlCreateAcl] [F883633A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlAddAccessAllowedAceEx] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExIsProcessorFeaturePresent] [F8835FD2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlxOemStringToUnicodeSize] [F8835FBE] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlIsTotalDeviceFailure] [F8835FAA] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFreeOemString] [F8835F96] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcUninitializeCacheMap] [F8835F7E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenSection] [F8835F70] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlCopySid] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExQueueWorkItem] [F8835D9C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDeleteController] [F8835DBC] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoInvalidateDeviceState] [F8835DC6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFindLeastSignificantBit] [F8835DE2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeAccessCheck] [F8835DFC] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmFreeNonCachedMemory] [F8835E06] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitializeBitMap] [F8835E22] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoFreeController] [F8835E3E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmFreeMappingAddress] [F8835E4E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInsertDeviceQueue] [F8835E66] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetLowerDeviceObject] [F8835E84] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsLookupThreadByThreadId] [F8835D82] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAcquireCancelSpinLock] [F8835EBE] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [F8835EC8] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAllocateWorkItem] [F8835ED2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeBugCheckEx] [F8835EDC] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] [F8835EEE] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoQueryFileInformation] [F8835F18] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRundownQueue] [F8835F2A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeAppendPrivileges] [F8835F36] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObfDereferenceObject] [F8835F44] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoInvalidateDeviceRelations] [F8835F52] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCreateStreamFileObjectLite] [F8835D62] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateEvent] [F8835D4A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetCurrentThreadId] [F8835D2C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFreeAnsiString] [F8835D22] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlNotifyInitializeSync] [F8835D04] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeAssignSecurity] [F8835CF2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcPinRead] [F8835CDE] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoInitializeTimer] [F8835CD0] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmAdvanceMdl] [F8835CC0] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeResetEvent] [F8835CB2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenKey] [F8835C9E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlCheckLockForReadAccess] [F8835C88] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlCopyLuid] [F8835C70] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObGetObjectSecurity] [F8835C58] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlPrefixUnicodeString] [F8835C40] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetDriverObjectExtension] [F8835C30] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwSetSecurityObject] [F8835C1A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDisconnectInterrupt] [F8835C08] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmIsVerifierEnabled] [F8835BF0] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeQuerySystemTime] [F8835BD6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExFreePoolWithTag] [F8835BBC] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoBuildPartialMdl] [F8835BB2] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetDeviceInterfaceAlias] [F8835BA6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlCreateUnicodeString] [F8835B8E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcSetDirtyPinnedData] [F8835B76] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsIsThreadTerminating] [F8835B66] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRemoveQueue] [F8835B56] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExSetTimerResolution] [F8835B3A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [F8835B2E] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenProcess] [F8835B22] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateSection] [F8835B0A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRemoveDeviceQueue] [F8835AEA] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoInitializeIrp] [F8835AD6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExVerifySuite] [F8835AC6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcSetFileSizes] [F8835AA6] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoVolumeDeviceToDosName] [F8835A8A] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeUnstackDetachProcess] [F8835A72] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlUnicodeStringToOemString] [F8835A56] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!WmiQueryTraceInformation] [F8835A44] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeQueryActiveProcessors] [F8835E9C] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetSystemAffinityThread] [F8835A30] \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwFreeVirtualMemory] 00000000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoIsOperationSynchronous] 6F4901BC
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoSetPartitionInformationEx] 72617453
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmProbeAndLockProcessPages] 78654E74
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsRevertToSelf] 63615074
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcMdlWriteAbort] 0074656B
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmSetAddressRangeModified] 6D5704FE
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlMdlWriteCompleteDev] 61725469
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExReleaseResourceLite] 654D6563
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFindMostSignificantBit] 67617373
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryKey] 04FB0065
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcFastMdlReadWait] 51696D57
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmMapIoSpace] 79726575
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInsertUnicodePrefix] 63617254
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitAnsiString] 666E4965
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlOemStringToUnicodeString] 616D726F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExRaiseStatus] 6E6F6974
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlTimeToSecondsSince1970] 041D0000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] 496C7452
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlVolumeDeviceToDosName] 5574696E
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoRegisterDeviceInterface] 6F63696E
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeDetachProcess] 74536564
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlCompareString] 676E6972
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObQueryNameString] 01D70000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeEnterCriticalRegion] 4D576F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmIsThisAnNtAsSystem] 67655249
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlFastUnlockSingle] 72747369
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeReadStateSemaphore] 6F697461
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwClose] 6E6F436E
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoReportResourceForDetection] 6C6F7274
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetImportanceDpc] 01680000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeLeaveCriticalRegion] 65476F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetCurrentProcess] 6E6F4374
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmUnlockPagableImageSection] 75676966
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCheckEaBufferValidity] 69746172
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeReadStateTimer] 6E496E6F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoFreeIrp] 6D726F66
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmProbeAndLockPages] 6F697461
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeValidSecurityDescriptor] 01E2006E
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlSetAllBits] 43666F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeQueryInformationToken] 446C6C61
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetEvent] 65766972
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExRaiseDatatypeMisalignment] 004E0072
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeReleaseSubjectContext] 72467845
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcUnpinDataForThread] 6F506565
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetKernelStackSwapEnable] 69576C6F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoReadPartitionTable] 61546874
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwUnloadDriver] 012D0067
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmSizeOfMdl] 75426F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInsertHeadQueue] 41646C69
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateKey] 636E7973
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!HalExamineMBR] 6E6F7268
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoVerifyPartitionTable] 4673756F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsChargeProcessPoolQuota] 65526473
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetTimer] 73657571
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeSinglePrivilegeCheck] 00410074
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ProbeForRead] 6C417845
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInt64ToUnicodeString] 61636F6C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlEqualString] 6F506574
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwFlushKey] 69576C6F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetCurrentProcessId] 61546874
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateDirectoryObject] 01610067
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetThreadProcessId] 72466F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeQueryAuthenticationIdToken] 72496565
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExSetResourceOwnerPointer] 01620070
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlStringFromGUID] 72466F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IofCompleteRequest] 644D6565
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExUuidCreate] 0292006C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlDowncaseUnicodeString] 75426D4D
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlGetVersion] 4D646C69
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoWMIWriteEvent] 6F466C64
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitializeSid] 6E6F4E72
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFillMemoryUlong] 65676150
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmResetDriverPaging] 6F6F5064
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmUnsecureVirtualMemory] 0125006C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSynchronizeExecution] 6C416F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoOpenDeviceRegistryKey] 61636F6C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] 644D6574
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlGetNextRange] 0124006C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwMakeTemporaryObject] 6C416F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmIsDriverVerifying] 61636F6C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 72496574
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwLoadDriver] 01510070
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRevertToUserAffinityThread] 65446F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAcquireVpbSpinLock] 6574656C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlEnumerateGenericTable] 626D7953
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoIsSystemThread] 63696C6F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDeviceObjectType] 6B6E694C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwNotifyChangeKey] 01470000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwSetVolumeInformationFile] 72436F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlAllocateFileLock] 65746165
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitString] 626D7953
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!DbgBreakPoint] 63696C6F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExAcquireFastMutexUnsafe] 6B6E694C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmFreeContiguousMemory] 05B90000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCheckShareAccess] 72707773
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlAppendUnicodeToString] 66746E69
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmPageEntireDriver] 050B0000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwReadFile] 6C43775A
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsReturnPoolQuota] 0065736F
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetProcessExitTime] 74520469
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoStopTimer] 6575516C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 65527972
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeReadStateMutex] 74736967
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsTerminateSystemThread] 61567972
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDeleteSymbolicLink] 7365756C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmHighestUserAddress] 01890000
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeQueryInterruptTime] 704F6F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeReleaseSemaphore] 65446E65
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeDeviceQueue] 65636976
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 69676552
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!PoRequestPowerIrp] 79727473
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetDiskDeviceObject] 0079654B
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlValidSid] 745204B2
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoReuseIrp] 6972576C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetAttachedDevice] 65526574
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlUnicodeStringToAnsiString] 74736967
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoFreeWorkItem] 61567972
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlClearBits] 0065756C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAcquireRemoveLockEx] 6F490191
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExGetSharedWaiterCount] 75657551
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeWaitForMultipleObjects] 726F5765
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDetachDevice] 6574496B
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlSplitLargeMcb] 0126006D
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcMdlReadComplete] 6C416F49
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCsqRemoveIrp] 61636F6C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmSecureVirtualMemory] 6F576574
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeFilterToken] 74496B72
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlEqualSid] 00006D65
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoThreadToProcess] 6F4901BE
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoRemoveShareAccess] 72617453
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcMdlRead] 63615074
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwFsControlFile] 0074656B
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoSetHardErrorOrVerifyDevice] 654B0229
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeCaptureSubjectContext] 7661654C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlAppendStringToString] 69724365
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoStartNextPacket] 61636974
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcMapData] 6765526C
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExReinitializeResourceLite] 006E6F69
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!CcGetFileObjectFromBcb] 654B026D

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F7C09000-F7C23000 (106496 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 1732
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3612
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 4084

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\PMC40WBA.txt 6838 bytes
File C:\Documents and Settings\NetworkService\Cookies\VP3LJG0X.txt 119 bytes
File C:\Documents and Settings\NetworkService\Cookies\2VTPE0EH.txt 321 bytes
File C:\Documents and Settings\NetworkService\Cookies\S7DZC0HL.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\8M8NMJPI.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\MFXGOWM6.txt 285 bytes
File C:\Documents and Settings\NetworkService\Cookies\00Z2BLFG.txt 9831 bytes
File C:\Documents and Settings\NetworkService\Cookies\NZZEYICB.txt 6951 bytes
File C:\Documents and Settings\NetworkService\Cookies\G91LZBKG.txt 187 bytes
File C:\Documents and Settings\NetworkService\Cookies\GADPDQU9.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\9GETU04L.txt 7927 bytes
File C:\Documents and Settings\NetworkService\Cookies\F05XJRJO.txt 132 bytes
File C:\Documents and Settings\NetworkService\Cookies\V0WQWGOA.txt 113 bytes
File C:\Documents and Settings\NetworkService\Cookies\V640E6NX.txt 1408 bytes
File C:\Documents and Settings\NetworkService\Cookies\H87GOHR8.txt 2322 bytes
File C:\Documents and Settings\NetworkService\Cookies\HEAF8651.txt 799 bytes
File C:\Documents and Settings\NetworkService\Cookies\HO0HMRN4.txt 157 bytes
File C:\Documents and Settings\NetworkService\Cookies\3BX4RLZ5.txt 4229 bytes
File C:\Documents and Settings\NetworkService\Cookies\MZ3TYW3X.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\N46JDD9D.txt 819 bytes
File C:\Documents and Settings\NetworkService\Cookies\4J3G6PX2.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\vast;sect=vast;type=preroll;sz=5x5;ord=1333477857453[1].asx 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\defaultCA10ET1D.jpg 3616 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\ros;sect=ros;mtfInline=true;sz=160x600,120x600;tile=2;ord=1350169805296742[1].5 270 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\901_US[1].php 1122 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\banner_160_600[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\control[1].xml 27223 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\defaultCAK5502A.jpg 1787 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\get[7] 18 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\httpErrorPagesScripts[1] 8601 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\videoscript[2].js 4368 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\defaultCAOUSJ7X.jpg 3638 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\defaultCAHFW1GE.jpg 4807 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\10PRQK1V\surly[1].js 2078 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WG7ULE1Z\defaultCAMKNOLA.jpg 3691 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WG7ULE1Z\defaultCAPUSTFZ.jpg 3821 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\visit[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\get[1].png 287 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\styles_design[1].css 29730 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\optn=64[1] 6116 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\oscar-interview[1].aspx 6269 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7G9A65LQ\p4909r1333478278895[1].txt 76 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\AC_RunActiveContent[1].js 8029 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\topbg[1].png 322 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\vj[1] 4022 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\vj[2] 4099 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\dref=http%253A%252F%252Fwww.education[1].com%252Fslideshow%252F10-valentines-crafts%252Fvalentine_lollypop_first%252F 1072 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\home-comingsoon2[1].png 4610 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\madagascar3-s[1].jpg 5921 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\leaderboard-home[1].htm 1476 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\blogadsbg[1].png 2850 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\trailerawards[1].jpg 17778 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\jquery.min[5].js 91556 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\rlow[1].gif 105 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\sideblog_org[2].htm 10195 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\slashbg[1].gif 817 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\sprite4-a67f741843ffc4220554c34bd01bb0bb[1].png 21459 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\rsection[1].png 1845 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\rss[1].gif 1176 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\164701-220x220[1].jpg 13666 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\1096-10866-000_EN_S[1].jpg 22293 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\beacon[1].htm 773 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\login_status[1].php 822 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\;position=top;sz=300x250;ord=3293137079832067[1].5 379 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\dfp_ad[1].js 23 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\dfp_pv[1].js 23 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\german[1].png 253 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\menu[1].swf 22156 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\na[1].gif 527 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\7d59df69-e083-4172-8eb5-5c08e4c1fac8[1].jpg 27547 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BGJ45QJ\themuppets-c[1].jpg 6040 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SC8QY5BC\;sz=300x250;tile=2;ord=1113361957[1].htm 503 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3NV2JSGC\1x1pixel[1].gif 42 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3NV2JSGC\ca[1] 5921 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3NV2JSGC\login[1].gif 479 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3NV2JSGC\getInPageJSProcess[1].aspx 651 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\ca[2] 24977 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\ca[3] 23722 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\ca[4] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\ca[5] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\lol[1] 212535 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\lol[2] 323252 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\49062FJQ\results[1].htm 3737 bytes
File C:\WINDOWS\$NtUninstallKB60894$\1216274789 0 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457 0 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\cfg.ini 317 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\L 0 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\L\asobptkf 62976 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\oemid 239 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U 0 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB60894$\342358457\version 863 bytes

---- EOF - GMER 1.0.15 ----

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 17:43:14
-----------------------------
17:43:14.828 OS Version: Windows 5.1.2600 Service Pack 3
17:43:14.828 Number of processors: 1 586 0x209
17:43:14.828 ComputerName: FUDGIE1 UserName:
17:43:24.000 Initialize success
17:44:31.203 AVAST engine defs: 12040201
17:46:03.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:03.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
17:46:03.640 Disk 0 MBR read successfully
17:46:03.640 Disk 0 MBR scan
17:46:12.312 Disk 0 Windows XP default MBR code
17:46:12.406 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
17:46:14.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
17:46:14.640 Disk 0 scanning sectors +156232125
17:46:15.468 Disk 0 scanning C:\WINDOWS\system32\drivers
17:46:39.468 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Hosts-BM [Rtk]
17:47:47.781 Disk 0 trace - called modules:
17:47:47.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x831b0fd0]<<
17:47:47.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833d7ab8]
17:47:47.890 3 CLASSPNP.SYS[f8778fd7] -> nt!IofCallDriver -> [0x83076bd8]
17:47:47.890 \Driver\00001884[0x8314eb10] -> IRP_MJ_CREATE -> 0x831b0fd0
17:47:54.640 AVAST engine scan C:\WINDOWS
17:49:54.734 AVAST engine scan C:\WINDOWS\system32
17:52:20.859 File: C:\WINDOWS\system32\Ipripv32.dll **INFECTED** Win32:Malware-gen
17:52:24.796 File: C:\WINDOWS\system32\Irmonv32.dll **INFECTED** Win32:Malware-gen
17:55:42.171 File: C:\WINDOWS\system32\NWCWov32.dll **INFECTED** Win32:Malware-gen
17:55:43.109 File: C:\WINDOWS\system32\Nwsapv32.dll **INFECTED** Win32:Malware-gen
18:02:30.468 File: C:\WINDOWS\system32\USB3Sw32.dll **INFECTED** Win32:Malware-gen
18:04:35.937 File: C:\WINDOWS\system32\WmdmPv32.dll **INFECTED** Win32:Malware-gen
18:26:42.500 AVAST engine scan C:\WINDOWS\system32\drivers
18:28:20.953 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Hosts-BM [Rtk]
18:31:17.078 AVAST engine scan C:\Documents and Settings\Mikey Bull
19:19:55.671 AVAST engine scan C:\Documents and Settings\All Users
19:20:47.968 Scan finished successfully
22:07:17.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mikey Bull\Desktop\MBR.dat"
22:07:17.546 The log file has been saved successfully to "C:\Documents and Settings\Mikey Bull\Desktop\aswMBR log 04-03-12 (22-07-00).txt"

Edited by hamluis, 04 April 2012 - 12:54 PM.
Moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:50 PM

Posted 08 April 2012 - 08:20 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:50 PM

Posted 13 April 2012 - 07:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users