Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 92 Posts

·
Registered
Joined
·
156 Posts
Discussion Starter · #1 ·
I appear to have gotten some type of malware or virus that wont allow me to run anything type of .exe file. Neither AVG nor Malwarebytes will run, they open up then crash. I installed the latest version of Hijackthis and attempted to run it and same thing, it scans for a few seconds then the program shuts down. When I try to open it back up it says "windows cannot access the specified device, path or file....etc". This is for both normal mode and in safe mode.

Not sure where to go from here since I cant even get a Hijackthis log.

Any help would be appreciated!
 

·
Retired Moderator
Joined
·
84,301 Posts
Try this fix: http://www.kellys-korner-xp.com/regs_edits/exefix.reg

Save the .reg file to your desktop. Double click it to merge it to the registry.

Reboot your computer.

If the fix only opens as a text file, right click it and select Open With > Choose Program... Then select the Registry Editor.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit.
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #9 ·
I tried deleting the all previous versions of Hijack, but I have a desktop icon that wont delete. It has a blank white screen for an icon and not the normal monkey (?) icon. Anyways, I renamed the hijack this .msi file on my flash drive as puppy.msi and installed it on my computer. I could open up Hijack this, but as soon as I clicked scan it shut down again.

Also, I went into my AVG and viewed my scan results. On Friday, Nov 4 (when problems started) it found 18 infections, 17 of which it was able to 'heal'. One of them could not be healed. Is there any way I can copy and paste this result onto here so you can view them (if helpful)?

I appreciate all the help. This thing has me baffled.
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #11 ·
I was able to save the results into an excel fine. I'll attach them below.

I tried to do a system restore when it happened to Nov. 2 (didnt work) and Nov. 1 (didnt work). Havent tried since.
 

Attachments

·
Retired Moderator
Joined
·
84,301 Posts
Try this program:

Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #13 ·
This was the only log (titled exehelperlog) I could find.

exeHelper by Raktor
Build 20100414
Run at 12:40:30 on 11/07/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 

·
Retired Moderator
Joined
·
84,301 Posts
See if you can do this next...

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt


Save them both to your desktop.

Please post the requested logs/reports, as follows:

Copy and paste the contents of the DDS.txt file.
Upload as an attachment the Attach.txt file.
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #15 ·
I didnt disable any script blockers as I am not sure how to. But it appears to have ran fine.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Dan Gentner at 14:18:59 on 2011-11-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.590 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\4066965896:1996920589.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uWinlogon: Shell=c:\documents and settings\dan gentner\local settings\application data\88f968f2\X
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [EPSON Stylus C80 Series] c:\windows\system32\spool\drivers\w32x86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{3B7969DC-9D18-452D-8429-BF3198472869} : NameServer = 68.73.221.13,68.73.221.59
TCP: Interfaces\{D27DA8C6-DE50-4D78-B2C6-5F98C42A0D08} : NameServer = 68.73.221.13,68.73.221.59
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan gentner\application data\mozilla\firefox\profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
.
============= SERVICES / DRIVERS ===============
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-5 15172]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\mpfirewall.sys --> c:\windows\system32\drivers\MpFirewall.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2011-11-07 16:15:42 388096 ----a-r- c:\documents and settings\dan gentner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-05 04:11:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-05 04:10:56 -------- d-----w- c:\program files\Dantana
2011-11-04 17:58:34 -------- d-sh--w- c:\documents and settings\dan gentner\local settings\application data\88f968f2
.
==================== Find3M ====================
.
.
============= FINISH: 14:19:43.92 ===============
 

Attachments

·
Retired Moderator
Joined
·
84,301 Posts
This might be a long shot but try this next...

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #17 ·
I ran Combofix and it found a rootkit that appears to be causing the problems. I was unable to install the recovery console (actually thought I already had it but guess not) due to not having internet connection, which the rootkit appears to be blocking as Im sitting right next to the infected computer using my laptop with no internet problems whatsoever.

ComboFix 11-11-07.03 - Dan Gentner 11/08/2011 0:35.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.593 [GMT -5:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dan Gentner\2gweorjqjutp92vjy9gake
c:\documents and settings\Dan Gentner\Application Data\Adobe\plugs
c:\documents and settings\Dan Gentner\Application Data\Adobe\plugs\mmc20.exe
c:\documents and settings\Dan Gentner\Application Data\Adobe\plugs\mmc50.exe
c:\documents and settings\Dan Gentner\Application Data\Adobe\shed
c:\documents and settings\Dan Gentner\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Dan Gentner\Application Data\Local
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\4.ddi
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\californication.s04e05.hdtv.xvid-asap_ns.avi.ddr
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\californication.s04e05.hdtv.xvid-asap_ns.avi(2).ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\californication.s04e05.hdtv.xvid-asap_ns.avi(3).ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\californication.s04e05.hdtv.xvid-asap_ns.avi.ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\shameless.us.s01e05.hdtv.xvid-fqm_ns.avi(2).ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\shameless.us.s01e05.hdtv.xvid-fqm_ns.avi(3).ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\shameless.us.s01e05.hdtv.xvid-fqm_ns.avi(4).ddp
c:\documents and settings\Dan Gentner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\shameless.us.s01e05.hdtv.xvid-fqm_ns.avi.ddp
c:\documents and settings\Dan Gentner\Application Data\vso_ts_preview.xml
c:\documents and settings\Dan Gentner\Local Settings\Application Data\88f968f2
c:\documents and settings\Dan Gentner\Local Settings\Application Data\88f968f2\@
c:\documents and settings\Dan Gentner\Local Settings\Application Data\88f968f2\U\[email protected]
c:\documents and settings\Dan Gentner\Local Settings\Application Data\88f968f2\U\[email protected]
c:\documents and settings\Dan Gentner\Local Settings\Application Data\88f968f2\X
c:\documents and settings\Dan Gentner\Recent\ANTIGEN.exe
c:\documents and settings\Dan Gentner\Recent\cb.tmp
c:\documents and settings\Dan Gentner\Recent\cid.drv
c:\documents and settings\Dan Gentner\Recent\cid.exe
c:\documents and settings\Dan Gentner\Recent\CLSV.sys
c:\documents and settings\Dan Gentner\Recent\CLSV.tmp
c:\documents and settings\Dan Gentner\Recent\ddv.drv
c:\documents and settings\Dan Gentner\Recent\ddv.tmp
c:\documents and settings\Dan Gentner\Recent\dudl.dll
c:\documents and settings\Dan Gentner\Recent\eb.drv
c:\documents and settings\Dan Gentner\Recent\eb.sys
c:\documents and settings\Dan Gentner\Recent\energy.drv
c:\documents and settings\Dan Gentner\Recent\energy.exe
c:\documents and settings\Dan Gentner\Recent\energy.sys
c:\documents and settings\Dan Gentner\Recent\exec.dll
c:\documents and settings\Dan Gentner\Recent\fix.sys
c:\documents and settings\Dan Gentner\Recent\FS.exe
c:\documents and settings\Dan Gentner\Recent\FW.sys
c:\documents and settings\Dan Gentner\Recent\gid.drv
c:\documents and settings\Dan Gentner\Recent\gid.tmp
c:\documents and settings\Dan Gentner\Recent\kernel32.drv
c:\documents and settings\Dan Gentner\Recent\pal.tmp
c:\documents and settings\Dan Gentner\Recent\PE.exe
c:\documents and settings\Dan Gentner\Recent\PE.sys
c:\documents and settings\Dan Gentner\Recent\PE.tmp
c:\documents and settings\Dan Gentner\Recent\ppal.tmp
c:\documents and settings\Dan Gentner\Recent\runddl.exe
c:\documents and settings\Dan Gentner\Recent\runddl.sys
c:\documents and settings\Dan Gentner\Recent\sld.exe
c:\documents and settings\Dan Gentner\Recent\std.dll
c:\documents and settings\Dan Gentner\Recent\std.tmp
c:\documents and settings\Dan Gentner\Recent\tjd.drv
c:\windows\$NtUninstallKB8180$\1062451700
c:\windows\$NtUninstallKB8180$\2298046706\@
c:\windows\$NtUninstallKB8180$\2298046706\L\ageoanvg
c:\windows\$NtUninstallKB8180$\2298046706\loader.tlb
c:\windows\$NtUninstallKB8180$\2298046706\U\@00000001
c:\windows\$NtUninstallKB8180$\2298046706\U\@000000c0
c:\windows\$NtUninstallKB8180$\2298046706\U\@000000cb
c:\windows\$NtUninstallKB8180$\2298046706\U\@000000cf
c:\windows\$NtUninstallKB8180$\2298046706\U\@80000000
c:\windows\$NtUninstallKB8180$\2298046706\U\@800000c0
c:\windows\$NtUninstallKB8180$\2298046706\U\@800000cb
c:\windows\$NtUninstallKB8180$\2298046706\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\
c:\windows\$NtUninstallKB8180$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4AD8C139-0DCB-42D0-872B-BAC3F3D0F173}\RP642\A0048592.exe
.
Infected copy of c:\program files\AVG\AVG9\avgwdsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4AD8C139-0DCB-42D0-872B-BAC3F3D0F173}\RP644\A0048967.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4AD8C139-0DCB-42D0-872B-BAC3F3D0F173}\RP642\A0048604.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_88f968f2
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 05:44 . 2005-06-01 02:02 368640 ----a-w- c:\windows\system32\Ati2evxx.exe
2011-11-08 05:26 . 2011-11-08 05:26 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\AVG9
2011-11-07 16:15 . 2011-11-07 16:15 388096 ----a-r- c:\documents and settings\Dan Gentner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 05:03 . 2011-11-07 17:26 -------- d-----w- c:\documents and settings\Administrator
2011-11-05 04:11 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-05 04:10 . 2011-11-07 17:26 -------- d-----w- c:\program files\Dantana
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 12:15 . 2009-11-02 04:01 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 787096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-25 2078048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-16 46632]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 913560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 15:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\DivX\\DivX Plus Player\\DivX Plus Player.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 8:00 PM 15172]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2009 11:01 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2009 11:01 PM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 10:19 AM 308136]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 10:06 AM 947528]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 5:52 PM 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{3B7969DC-9D18-452D-8429-BF3198472869}: NameServer = 68.73.221.13,68.73.221.59
TCP: Interfaces\{D27DA8C6-DE50-4D78-B2C6-5F98C42A0D08}: NameServer = 68.73.221.13,68.73.221.59
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Dan Gentner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-08 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-08 00:55:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 05:54
.
Pre-Run: 35,808,202,752 bytes free
Post-Run: 36,151,169,024 bytes free
.
- - End Of File - - BD7AB4154107422BDAB4B702DA3618DA
 

·
Retired Moderator
Joined
·
84,301 Posts
Please run the following:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


  • If an infected file is detected, the default action will be Cure, click on Continue.


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 

·
Registered
Joined
·
156 Posts
Discussion Starter · #19 ·
Two log files were created so I will post both.

10:56:07.0125 2964 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
10:56:07.0156 2964 ============================================================
10:56:07.0156 2964 Current date / time: 2011/11/08 10:56:07.0156
10:56:07.0156 2964 SystemInfo:
10:56:07.0156 2964
10:56:07.0156 2964 OS Version: 5.1.2600 ServicePack: 3.0
10:56:07.0156 2964 Product type: Workstation
10:56:07.0156 2964 ComputerName: DAN
10:56:07.0156 2964 UserName: Dan Gentner
10:56:07.0156 2964 Windows directory: C:\WINDOWS
10:56:07.0156 2964 System windows directory: C:\WINDOWS
10:56:07.0156 2964 Processor architecture: Intel x86
10:56:07.0156 2964 Number of processors: 2
10:56:07.0156 2964 Page size: 0x1000
10:56:07.0156 2964 Boot type: Normal boot
10:56:07.0156 2964 ============================================================
10:56:08.0531 2964 Initialize success
10:56:16.0343 2932 Deinitialize success


10:56:31.0500 3784 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
10:56:31.0515 3784 ============================================================
10:56:31.0515 3784 Current date / time: 2011/11/08 10:56:31.0515
10:56:31.0515 3784 SystemInfo:
10:56:31.0515 3784
10:56:31.0515 3784 OS Version: 5.1.2600 ServicePack: 3.0
10:56:31.0515 3784 Product type: Workstation
10:56:31.0515 3784 ComputerName: DAN
10:56:31.0515 3784 UserName: Dan Gentner
10:56:31.0515 3784 Windows directory: C:\WINDOWS
10:56:31.0515 3784 System windows directory: C:\WINDOWS
10:56:31.0515 3784 Processor architecture: Intel x86
10:56:31.0515 3784 Number of processors: 2
10:56:31.0515 3784 Page size: 0x1000
10:56:31.0515 3784 Boot type: Normal boot
10:56:31.0515 3784 ============================================================
10:56:32.0750 3784 Initialize success
10:56:45.0578 2840 ============================================================
10:56:45.0578 2840 Scan started
10:56:45.0578 2840 Mode: Manual;
10:56:45.0578 2840 ============================================================
10:56:45.0937 2840 Abiosdsk - ok
10:56:45.0968 2840 abp480n5 - ok
10:56:46.0046 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:56:46.0046 2840 ACPI - ok
10:56:46.0093 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:56:46.0093 2840 ACPIEC - ok
10:56:46.0109 2840 adpu160m - ok
10:56:46.0140 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:56:46.0140 2840 aec - ok
10:56:46.0203 2840 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:56:46.0203 2840 AegisP - ok
10:56:46.0265 2840 AFD (4b144988ecac3a2ac46882cd708662a5) C:\WINDOWS\System32\drivers\afd.sys
10:56:46.0265 2840 AFD ( Rootkit.Win32.ZAccess.g ) - infected
10:56:46.0265 2840 AFD - detected Rootkit.Win32.ZAccess.g (0)
10:56:46.0281 2840 Aha154x - ok
10:56:46.0281 2840 aic78u2 - ok
10:56:46.0296 2840 aic78xx - ok
10:56:46.0312 2840 AliIde - ok
10:56:46.0328 2840 amsint - ok
10:56:46.0390 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:56:46.0390 2840 Arp1394 - ok
10:56:46.0390 2840 asc - ok
10:56:46.0406 2840 asc3350p - ok
10:56:46.0406 2840 asc3550 - ok
10:56:46.0437 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:56:46.0437 2840 AsyncMac - ok
10:56:46.0500 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:56:46.0500 2840 atapi - ok
10:56:46.0500 2840 Atdisk - ok
10:56:46.0609 2840 ati2mtag (afb591955258dec2deb6de0137876800) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:56:46.0640 2840 ati2mtag - ok
10:56:46.0687 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:56:46.0687 2840 Atmarpc - ok
10:56:46.0703 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:56:46.0718 2840 audstub - ok
10:56:46.0765 2840 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
10:56:46.0765 2840 AvgLdx86 - ok
10:56:46.0812 2840 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys
10:56:46.0812 2840 AvgMfx86 - ok
10:56:46.0890 2840 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
10:56:46.0890 2840 AvgTdiX - ok
10:56:46.0937 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:56:46.0937 2840 Beep - ok
10:56:46.0953 2840 catchme - ok
10:56:47.0000 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:56:47.0000 2840 cbidf2k - ok
10:56:47.0015 2840 cd20xrnt - ok
10:56:47.0062 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:56:47.0062 2840 Cdaudio - ok
10:56:47.0093 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:56:47.0093 2840 Cdfs - ok
10:56:47.0125 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:56:47.0125 2840 Cdrom - ok
10:56:47.0171 2840 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
10:56:47.0171 2840 cercsr6 - ok
10:56:47.0218 2840 Changer - ok
10:56:47.0234 2840 CmdIde - ok
10:56:47.0250 2840 Cpqarray - ok
10:56:47.0265 2840 dac2w2k - ok
10:56:47.0281 2840 dac960nt - ok
10:56:47.0328 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:56:47.0328 2840 Disk - ok
10:56:47.0437 2840 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:56:47.0437 2840 DLABOIOM - ok
10:56:47.0468 2840 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:56:47.0468 2840 DLACDBHM - ok
10:56:47.0500 2840 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
10:56:47.0500 2840 DLADResN - ok
10:56:47.0515 2840 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:56:47.0515 2840 DLAIFS_M - ok
10:56:47.0531 2840 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:56:47.0531 2840 DLAOPIOM - ok
10:56:47.0546 2840 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:56:47.0546 2840 DLAPoolM - ok
10:56:47.0562 2840 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:56:47.0562 2840 DLARTL_N - ok
10:56:47.0578 2840 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:56:47.0578 2840 DLAUDFAM - ok
10:56:47.0593 2840 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:56:47.0593 2840 DLAUDF_M - ok
10:56:47.0640 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:56:47.0671 2840 dmboot - ok
10:56:47.0687 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:56:47.0687 2840 dmio - ok
10:56:47.0703 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:56:47.0703 2840 dmload - ok
10:56:47.0734 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:56:47.0734 2840 DMusic - ok
10:56:47.0750 2840 dpti2o - ok
10:56:47.0765 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:56:47.0765 2840 drmkaud - ok
10:56:47.0781 2840 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:56:47.0781 2840 DRVMCDB - ok
10:56:47.0781 2840 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:56:47.0781 2840 DRVNDDM - ok
10:56:47.0843 2840 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:56:47.0843 2840 E100B - ok
10:56:47.0875 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:56:47.0875 2840 Fastfat - ok
10:56:47.0890 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:56:47.0890 2840 Fdc - ok
10:56:47.0906 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:56:47.0906 2840 Fips - ok
10:56:47.0906 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:56:47.0906 2840 Flpydisk - ok
10:56:47.0968 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:56:47.0968 2840 FltMgr - ok
10:56:47.0984 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:56:47.0984 2840 Fs_Rec - ok
10:56:48.0000 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:56:48.0015 2840 Ftdisk - ok
10:56:48.0078 2840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:56:48.0078 2840 GEARAspiWDM - ok
10:56:48.0078 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:56:48.0078 2840 Gpc - ok
10:56:48.0109 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:56:48.0109 2840 HDAudBus - ok
10:56:48.0125 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:56:48.0125 2840 hidusb - ok
10:56:48.0156 2840 hpn - ok
10:56:48.0203 2840 HSFHWAZL (14b15d0d803ef4ab9b525b7e2da303ef) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:56:48.0203 2840 HSFHWAZL - ok
10:56:48.0250 2840 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
10:56:48.0296 2840 HSF_DPV - ok
10:56:48.0375 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:56:48.0375 2840 HTTP - ok
10:56:48.0390 2840 i2omgmt - ok
10:56:48.0390 2840 i2omp - ok
10:56:48.0453 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:56:48.0453 2840 i8042prt - ok
10:56:48.0484 2840 iastor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:56:48.0484 2840 iastor - ok
10:56:48.0500 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:56:48.0500 2840 Imapi - ok
10:56:48.0515 2840 ini910u - ok
10:56:48.0531 2840 IntelIde - ok
10:56:48.0546 2840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:56:48.0546 2840 intelppm - ok
10:56:48.0562 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:56:48.0562 2840 Ip6Fw - ok
10:56:48.0593 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:56:48.0593 2840 IpFilterDriver - ok
10:56:48.0609 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:56:48.0609 2840 IpInIp - ok
10:56:48.0656 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:56:48.0656 2840 IpNat - ok
10:56:48.0703 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:56:48.0703 2840 IPSec - ok
10:56:48.0750 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:56:48.0750 2840 IRENUM - ok
10:56:48.0765 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:56:48.0765 2840 isapnp - ok
10:56:48.0796 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:56:48.0812 2840 Kbdclass - ok
10:56:48.0812 2840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:56:48.0812 2840 kbdhid - ok
10:56:48.0828 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:56:48.0843 2840 kmixer - ok
10:56:48.0890 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:56:48.0890 2840 KSecDD - ok
10:56:48.0906 2840 lbrtfdc - ok
10:56:48.0937 2840 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:56:48.0937 2840 mdmxsdk - ok
10:56:49.0000 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:56:49.0000 2840 mnmdd - ok
10:56:49.0062 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:56:49.0062 2840 Modem - ok
10:56:49.0078 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:56:49.0078 2840 Mouclass - ok
10:56:49.0125 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:56:49.0125 2840 mouhid - ok
10:56:49.0140 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:56:49.0140 2840 MountMgr - ok
10:56:49.0156 2840 MPFIREWL - ok
10:56:49.0156 2840 mraid35x - ok
10:56:49.0171 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:56:49.0171 2840 MRxDAV - ok
10:56:49.0250 2840 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:56:49.0250 2840 MRxSmb - ok
10:56:49.0281 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:56:49.0281 2840 Msfs - ok
10:56:49.0312 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:56:49.0312 2840 MSKSSRV - ok
10:56:49.0375 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:56:49.0375 2840 MSPCLOCK - ok
10:56:49.0375 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:56:49.0375 2840 MSPQM - ok
10:56:49.0390 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:56:49.0390 2840 mssmbios - ok
10:56:49.0406 2840 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:56:49.0406 2840 Mup - ok
10:56:49.0421 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:56:49.0421 2840 NDIS - ok
10:56:49.0421 2840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:56:49.0421 2840 NdisTapi - ok
10:56:49.0453 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:56:49.0453 2840 Ndisuio - ok
10:56:49.0484 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:56:49.0484 2840 NdisWan - ok
10:56:49.0515 2840 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:56:49.0515 2840 NDProxy - ok
10:56:49.0515 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:56:49.0515 2840 NetBIOS - ok
10:56:49.0546 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:56:49.0562 2840 NetBT - ok
10:56:49.0593 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:56:49.0593 2840 NIC1394 - ok
10:56:49.0640 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:56:49.0656 2840 Npfs - ok
10:56:49.0671 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:56:49.0671 2840 Ntfs - ok
10:56:49.0703 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:56:49.0703 2840 Null - ok
10:56:49.0718 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:56:49.0718 2840 NwlnkFlt - ok
10:56:49.0734 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:56:49.0750 2840 NwlnkFwd - ok
10:56:49.0781 2840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:56:49.0781 2840 ohci1394 - ok
10:56:49.0796 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:56:49.0812 2840 Parport - ok
10:56:49.0843 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:56:49.0843 2840 PartMgr - ok
10:56:49.0859 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:56:49.0875 2840 ParVdm - ok
10:56:49.0875 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:56:49.0875 2840 PCI - ok
10:56:49.0890 2840 PCIDump - ok
10:56:49.0937 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:56:49.0937 2840 PCIIde - ok
10:56:49.0984 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:56:49.0984 2840 Pcmcia - ok
10:56:50.0000 2840 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
10:56:50.0000 2840 pcouffin - ok
10:56:50.0015 2840 PDCOMP - ok
10:56:50.0015 2840 PDFRAME - ok
10:56:50.0031 2840 PDRELI - ok
10:56:50.0046 2840 PDRFRAME - ok
10:56:50.0046 2840 perc2 - ok
10:56:50.0062 2840 perc2hib - ok
10:56:50.0093 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:56:50.0093 2840 PptpMiniport - ok
10:56:50.0093 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:56:50.0093 2840 PSched - ok
10:56:50.0140 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:56:50.0140 2840 Ptilink - ok
10:56:50.0171 2840 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:56:50.0187 2840 PxHelp20 - ok
10:56:50.0203 2840 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
10:56:50.0203 2840 PzWDM - ok
10:56:50.0234 2840 ql1080 - ok
10:56:50.0250 2840 Ql10wnt - ok
10:56:50.0265 2840 ql12160 - ok
10:56:50.0265 2840 ql1240 - ok
10:56:50.0281 2840 ql1280 - ok
10:56:50.0296 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:56:50.0296 2840 RasAcd - ok
10:56:50.0312 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:56:50.0312 2840 Rasl2tp - ok
10:56:50.0328 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:56:50.0328 2840 RasPppoe - ok
10:56:50.0359 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:56:50.0359 2840 Raspti - ok
10:56:50.0390 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:56:50.0390 2840 Rdbss - ok
10:56:50.0406 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:56:50.0406 2840 RDPCDD - ok
10:56:50.0437 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:56:50.0437 2840 rdpdr - ok
10:56:50.0468 2840 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:56:50.0468 2840 RDPWD - ok
10:56:50.0515 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:56:50.0515 2840 redbook - ok
10:56:50.0578 2840 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
10:56:50.0593 2840 RT73 - ok
10:56:50.0640 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:56:50.0640 2840 Secdrv - ok
10:56:50.0703 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:56:50.0703 2840 Serial - ok
10:56:50.0718 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:56:50.0718 2840 Sfloppy - ok
10:56:50.0734 2840 Simbad - ok
10:56:50.0750 2840 Sparrow - ok
10:56:50.0796 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:56:50.0796 2840 splitter - ok
10:56:50.0812 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:56:50.0812 2840 sr - ok
10:56:50.0859 2840 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
10:56:50.0875 2840 Srv - ok
10:56:50.0937 2840 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
10:56:50.0937 2840 STHDA - ok
10:56:50.0984 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:56:50.0984 2840 swenum - ok
10:56:51.0015 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:56:51.0015 2840 swmidi - ok
10:56:51.0031 2840 symc810 - ok
10:56:51.0031 2840 symc8xx - ok
10:56:51.0046 2840 sym_hi - ok
10:56:51.0046 2840 sym_u3 - ok
10:56:51.0062 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:56:51.0078 2840 sysaudio - ok
10:56:51.0265 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:56:51.0375 2840 Tcpip - ok
10:56:51.0562 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:56:51.0562 2840 TDPIPE - ok
10:56:51.0578 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:56:51.0578 2840 TDTCP - ok
10:56:51.0578 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:56:51.0578 2840 TermDD - ok
10:56:51.0593 2840 TosIde - ok
10:56:51.0625 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:56:51.0625 2840 Udfs - ok
10:56:51.0640 2840 UIUSys - ok
10:56:51.0640 2840 ultra - ok
10:56:51.0703 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:56:51.0718 2840 Update - ok
10:56:51.0781 2840 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:56:51.0781 2840 USBAAPL - ok
10:56:51.0828 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:56:51.0828 2840 usbccgp - ok
10:56:51.0843 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:56:51.0843 2840 usbehci - ok
10:56:51.0859 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:56:51.0859 2840 usbhub - ok
10:56:51.0921 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:56:51.0937 2840 usbprint - ok
10:56:51.0984 2840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:56:51.0984 2840 usbscan - ok
10:56:52.0000 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:56:52.0000 2840 USBSTOR - ok
10:56:52.0015 2840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:56:52.0031 2840 usbuhci - ok
10:56:52.0031 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:56:52.0031 2840 VgaSave - ok
10:56:52.0046 2840 ViaIde - ok
10:56:52.0109 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:56:52.0109 2840 VolSnap - ok
10:56:52.0109 2840 vsdatant - ok
10:56:52.0187 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:56:52.0187 2840 Wanarp - ok
10:56:52.0187 2840 WDICA - ok
10:56:52.0250 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:56:52.0250 2840 wdmaud - ok
10:56:52.0328 2840 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:56:52.0359 2840 winachsf - ok
10:56:52.0406 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:56:52.0406 2840 WS2IFSL - ok
10:56:52.0453 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:56:52.0453 2840 WudfPf - ok
10:56:52.0468 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:56:52.0468 2840 WudfRd - ok
10:56:52.0500 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:56:52.0593 2840 \Device\Harddisk0\DR0 - ok
10:56:52.0593 2840 Boot (0x1200) (fa91ea5d4340c49075df74a279db0650) \Device\Harddisk0\DR0\Partition0
10:56:52.0593 2840 \Device\Harddisk0\DR0\Partition0 - ok
10:56:52.0593 2840 ============================================================
10:56:52.0593 2840 Scan finished
10:56:52.0593 2840 ============================================================
10:56:52.0609 2848 Detected object count: 1
10:56:52.0609 2848 Actual detected object count: 1
10:57:25.0562 2848 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
10:57:27.0140 2848 Backup copy found, using it..
10:57:27.0140 2848 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
10:57:27.0140 2848 AFD ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
10:57:41.0625 0396 Deinitialize success
 
1 - 20 of 92 Posts
Status
Not open for further replies.
Top