Jump to content

I'm infected with TDSS, please help.


Recommended Posts

I have 2 computers. The newer one I use personally, for emails and banking etc. and its infected with TDSS. I'm typing here with the older PC. Would the experts help me please? Both computers use Windows XP. The newer PC, I use AVG 2012 for viruses, and its gonna expire soon. For malware, I use Spybot. I'm usually very careful with the newer PC, and I'm pretty sure I know how I got the TDSS. As soon as I was infected, I was googling around, and came upon this forum. I scan my computers regularly, and this time using the AVG Anti-Rootkit scan, I got 1 threat. C:\WINDOWS\system32\drivers\dvdrm.sys, IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvdrm.sys +0x16C4, Object is hidden. I downloaded the Kaspersky TDSSKiller, used it, and got Unsigned file Service: DVDRM Suspicious object, medium risk, and TDSS File System Physical drive: \Device\Harddisk0\DR0 Suspicious object, medium risk. After the scan, I didn't get a Cure option, only Skip, Copy to quarantine, Delete. I just skip. I then downloaded the ATF_Cleaner, and used that. I was starting to get paranoid, so I did more scans on AVG just a few minutes later, and the TDSSKiller_Quarantine\05.12.2011_04.26.58\tdlfs0000\tsk0003.dta Trojan horse Agent2.CBLO and 6 other of the TDSSKiller_Quarantine was infected. AVG did heal these 7 infected. But the TDSS hasn't been removed. I did a scan just now, using Anti-Rootkit scan, and got 121 potentially dangerous threats. All the files are unknown, the infection is Corrupted section PCIIDEX.SYS, atapi.sys, CLASSPNP.sys. On the results for all of them says Object is hidden. Now I'm very worried. Please help me. I do have the Win XP back up disc that includes Service Pack 3, and a back up copy of the Drivers for that newer PC. A few years back, I got this serious Malicious infection that literally slowed down that computer, and I had no other choice but to reformat and reinstall the OS. The back up copy of the Driver disc, I got it from the shop who sold me the PC. Anyway I need assistance right now. Please help me. I don't have any important data on the newer PC, maybe just like downloadable computer games, but I can always re-download those, it's not important.

Link to post
Share on other sites

:welcome:

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I did turn off the Spybot. I hope I did it right. As for AVG, I didn't see a Quit Control Center, but I did disable the firewall. I tried to download the ComboFix, and right now even though the AVG firewall is disabled. It detected a threat. File name is C:\32788R22FWJFW\HANDLE.3XE Threat name: TR/Crypt.XPACK.Gen I see a Move to Vault option and a Allow. What you want me to do?

Link to post
Share on other sites

ComboFix 11-12-06.02 - Careful Guy 12/08/2011 8:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1503 [GMT -6:00]

Running from: c:\documents and settings\Careful Guy\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b6a2ef92a61b4493.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-12-06 11:54 . 2011-12-06 11:54 -------- d-----w- c:\documents and settings\Careful Guy\Application Data\AVG Secure Search

2011-12-06 11:50 . 2011-12-06 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2011-12-05 10:46 . 2011-12-05 10:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-12-02 04:15 . 2011-12-02 04:15 -------- d-----w- c:\program files\WinAVI

2011-12-02 04:01 . 2011-12-02 04:01 -------- d-----w- c:\documents and settings\Careful Guy\Local Settings\Application Data\WinAVI

2011-12-02 03:51 . 2011-12-02 03:51 -------- d-----w- c:\documents and settings\Careful Guy\Application Data\WinAVI

2011-12-02 02:48 . 2011-12-02 02:48 -------- d-----w- c:\documents and settings\Careful Guy\Application Data\ImTOO

2011-11-30 10:40 . 2011-11-30 10:40 -------- d-----w- c:\windows\Sun

2011-11-30 10:39 . 2011-11-30 10:39 -------- d-----w- c:\documents and settings\Careful Guy\Local Settings\Application Data\PackageAware

2011-11-20 20:30 . 2011-12-02 15:45 -------- d-----w- c:\documents and settings\Careful Guy\Application Data\vlc

2011-11-20 20:30 . 2011-11-20 20:30 -------- d-----w- c:\program files\VideoLAN

2011-11-20 19:57 . 2011-11-20 19:57 -------- d-----w- c:\program files\DVD Region Master

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-20 20:03 . 2011-07-12 22:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2011-07-13 01:07 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 11:23 . 2011-01-07 11:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21 . 2011-02-10 12:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-10-03 10:06 . 2011-07-13 05:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2011-07-13 05:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-08-21 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-08-21 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-08-21 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-14 13:58 . 2011-08-31 07:36 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-09-13 11:30 . 2011-03-16 21:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-12-06 11:50 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-06 1547104]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-06 827232]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"cdloader"="c:\documents and settings\Careful Guy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"igfxhkcmd"=c:\windows\system32\hkcmd.exe

"igfxpers"=c:\windows\system32\igfxpers.exe

"igfxtray"=c:\windows\system32\igfxtray.exe

"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Documents and Settings\\Careful Guy\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]

R0 DVDRM;DVDRM;c:\windows\system32\drivers\DVDRM.sys [10/16/2004 3:19 PM 13152]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [10/24/2011 7:29 PM 2398512]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [12/6/2011 5:50 AM 855904]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [8/31/2011 1:36 AM 225592]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/13/2011 3:38 AM 1025352]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30944]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Save video on Savevid.com

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-08 08:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-08 08:44:42

ComboFix-quarantined-files.txt 2011-12-08 14:44

.

Pre-Run: 227,694,657,536 bytes free

Post-Run: 227,713,269,760 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7BC73EC9555F537BCAE4329AFFD4E84D

Link to post
Share on other sites

Beings you didn't say how it was running now, I'll assume all is good.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

10:59:40.0828 2084 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

10:59:41.0125 2084 ============================================================

10:59:41.0125 2084 Current date / time: 2011/12/08 10:59:41.0125

10:59:41.0125 2084 SystemInfo:

10:59:41.0125 2084

10:59:41.0125 2084 OS Version: 5.1.2600 ServicePack: 3.0

10:59:41.0125 2084 Product type: Workstation

10:59:41.0125 2084 ComputerName: ESRUC-42495E07D

10:59:41.0125 2084 UserName: Careful Guy

10:59:41.0125 2084 Windows directory: C:\WINDOWS

10:59:41.0125 2084 System windows directory: C:\WINDOWS

10:59:41.0125 2084 Processor architecture: Intel x86

10:59:41.0125 2084 Number of processors: 2

10:59:41.0125 2084 Page size: 0x1000

10:59:41.0125 2084 Boot type: Normal boot

10:59:41.0125 2084 ============================================================

10:59:42.0515 2084 Initialize success

10:59:48.0593 0568 ============================================================

10:59:48.0593 0568 Scan started

10:59:48.0593 0568 Mode: Manual; SigCheck; TDLFS;

10:59:48.0593 0568 ============================================================

10:59:49.0046 0568 Abiosdsk - ok

10:59:49.0062 0568 abp480n5 - ok

10:59:49.0109 0568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:59:49.0421 0568 ACPI - ok

10:59:49.0437 0568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:59:49.0562 0568 ACPIEC - ok

10:59:49.0562 0568 adpu160m - ok

10:59:49.0609 0568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:59:49.0750 0568 aec - ok

10:59:49.0781 0568 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:59:49.0796 0568 AFD - ok

10:59:49.0812 0568 Aha154x - ok

10:59:49.0812 0568 aic78u2 - ok

10:59:49.0828 0568 aic78xx - ok

10:59:49.0843 0568 AliIde - ok

10:59:49.0859 0568 amsint - ok

10:59:49.0859 0568 asc - ok

10:59:49.0875 0568 asc3350p - ok

10:59:49.0875 0568 asc3550 - ok

10:59:49.0906 0568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:59:50.0015 0568 AsyncMac - ok

10:59:50.0046 0568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:59:50.0171 0568 atapi - ok

10:59:50.0187 0568 Atdisk - ok

10:59:50.0203 0568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:59:50.0328 0568 Atmarpc - ok

10:59:50.0359 0568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:59:50.0500 0568 audstub - ok

10:59:50.0546 0568 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

10:59:50.0562 0568 Avgfwdx - ok

10:59:50.0578 0568 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

10:59:50.0593 0568 Avgfwfd - ok

10:59:50.0656 0568 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

10:59:50.0703 0568 AVGIDSDriver - ok

10:59:50.0750 0568 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

10:59:50.0750 0568 AVGIDSEH - ok

10:59:50.0765 0568 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

10:59:50.0781 0568 AVGIDSFilter - ok

10:59:50.0828 0568 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

10:59:50.0843 0568 AVGIDSShim - ok

10:59:50.0906 0568 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

10:59:50.0921 0568 Avgldx86 - ok

10:59:50.0953 0568 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

10:59:50.0968 0568 Avgmfx86 - ok

10:59:50.0968 0568 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

10:59:51.0000 0568 Avgrkx86 - ok

10:59:51.0031 0568 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

10:59:51.0046 0568 Avgtdix - ok

10:59:51.0109 0568 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

10:59:51.0140 0568 b57w2k - ok

10:59:51.0187 0568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:59:51.0312 0568 Beep - ok

10:59:51.0437 0568 catchme - ok

10:59:51.0468 0568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:59:51.0593 0568 cbidf2k - ok

10:59:51.0593 0568 cd20xrnt - ok

10:59:51.0625 0568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:59:51.0750 0568 Cdaudio - ok

10:59:51.0796 0568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:59:51.0921 0568 Cdfs - ok

10:59:51.0968 0568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:59:52.0093 0568 Cdrom - ok

10:59:52.0109 0568 Changer - ok

10:59:52.0109 0568 CmdIde - ok

10:59:52.0125 0568 Cpqarray - ok

10:59:52.0140 0568 dac2w2k - ok

10:59:52.0140 0568 dac960nt - ok

10:59:52.0171 0568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:59:52.0296 0568 Disk - ok

10:59:52.0328 0568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:59:52.0484 0568 dmboot - ok

10:59:52.0484 0568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:59:52.0609 0568 dmio - ok

10:59:52.0625 0568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:59:52.0765 0568 dmload - ok

10:59:52.0812 0568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:59:52.0937 0568 DMusic - ok

10:59:52.0953 0568 dpti2o - ok

10:59:52.0953 0568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:59:53.0078 0568 drmkaud - ok

10:59:53.0093 0568 DVDRM (4d72420ccccccb85ee9e2241bc19fe7f) C:\WINDOWS\system32\drivers\dvdrm.sys

10:59:53.0093 0568 DVDRM ( UnsignedFile.Multi.Generic ) - warning

10:59:53.0093 0568 DVDRM - detected UnsignedFile.Multi.Generic (1)

10:59:53.0109 0568 EagleXNt - ok

10:59:53.0171 0568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:59:53.0312 0568 Fastfat - ok

10:59:53.0359 0568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:59:53.0484 0568 Fdc - ok

10:59:53.0500 0568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:59:53.0640 0568 Fips - ok

10:59:53.0640 0568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:59:53.0765 0568 Flpydisk - ok

10:59:53.0796 0568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

10:59:53.0921 0568 FltMgr - ok

10:59:53.0953 0568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:59:54.0078 0568 Fs_Rec - ok

10:59:54.0093 0568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:59:54.0218 0568 Ftdisk - ok

10:59:54.0250 0568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:59:54.0375 0568 Gpc - ok

10:59:54.0437 0568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:59:54.0546 0568 hidusb - ok

10:59:54.0562 0568 hpn - ok

10:59:54.0656 0568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:59:54.0687 0568 HTTP - ok

10:59:54.0703 0568 i2omgmt - ok

10:59:54.0703 0568 i2omp - ok

10:59:54.0734 0568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

10:59:54.0875 0568 i8042prt - ok

10:59:54.0937 0568 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

10:59:55.0000 0568 ialm - ok

10:59:55.0046 0568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:59:55.0187 0568 Imapi - ok

10:59:55.0187 0568 ini910u - ok

10:59:55.0203 0568 IntelIde - ok

10:59:55.0250 0568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:59:55.0375 0568 intelppm - ok

10:59:55.0390 0568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

10:59:55.0515 0568 Ip6Fw - ok

10:59:55.0546 0568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:59:55.0671 0568 IpFilterDriver - ok

10:59:55.0671 0568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:59:55.0796 0568 IpInIp - ok

10:59:55.0828 0568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:59:55.0968 0568 IpNat - ok

10:59:56.0000 0568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:59:56.0109 0568 IPSec - ok

10:59:56.0156 0568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:59:56.0234 0568 IRENUM - ok

10:59:56.0265 0568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:59:56.0390 0568 isapnp - ok

10:59:56.0421 0568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:59:56.0562 0568 Kbdclass - ok

10:59:56.0593 0568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:59:56.0703 0568 kbdhid - ok

10:59:56.0750 0568 KeyScrambler (c719c729ce65aad98d550458220b6d15) C:\WINDOWS\system32\drivers\keyscrambler.sys

10:59:56.0781 0568 KeyScrambler - ok

10:59:56.0859 0568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:59:57.0000 0568 kmixer - ok

10:59:57.0031 0568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:59:57.0078 0568 KSecDD - ok

10:59:57.0078 0568 lbrtfdc - ok

10:59:57.0125 0568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:59:57.0265 0568 mnmdd - ok

10:59:57.0296 0568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:59:57.0421 0568 Modem - ok

10:59:57.0468 0568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:59:57.0578 0568 Mouclass - ok

10:59:57.0609 0568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:59:57.0734 0568 mouhid - ok

10:59:57.0765 0568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:59:57.0875 0568 MountMgr - ok

10:59:57.0890 0568 mraid35x - ok

10:59:57.0890 0568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:59:58.0046 0568 MRxDAV - ok

10:59:58.0078 0568 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:59:58.0140 0568 MRxSmb - ok

10:59:58.0171 0568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:59:58.0296 0568 Msfs - ok

10:59:58.0328 0568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:59:58.0453 0568 MSKSSRV - ok

10:59:58.0468 0568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:59:58.0593 0568 MSPCLOCK - ok

10:59:58.0625 0568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:59:58.0750 0568 MSPQM - ok

10:59:58.0796 0568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:59:58.0921 0568 mssmbios - ok

10:59:58.0968 0568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:59:58.0984 0568 Mup - ok

10:59:59.0031 0568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:59:59.0156 0568 NDIS - ok

10:59:59.0187 0568 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:59:59.0234 0568 NdisTapi - ok

10:59:59.0265 0568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:59:59.0390 0568 Ndisuio - ok

10:59:59.0406 0568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:59:59.0531 0568 NdisWan - ok

10:59:59.0578 0568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:59:59.0593 0568 NDProxy - ok

10:59:59.0625 0568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:59:59.0734 0568 NetBIOS - ok

10:59:59.0750 0568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:59:59.0890 0568 NetBT - ok

10:59:59.0906 0568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:00:00.0031 0568 Npfs - ok

11:00:00.0078 0568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:00:00.0234 0568 Ntfs - ok

11:00:00.0265 0568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:00:00.0406 0568 Null - ok

11:00:00.0437 0568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:00:00.0546 0568 NwlnkFlt - ok

11:00:00.0562 0568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:00:00.0687 0568 NwlnkFwd - ok

11:00:00.0734 0568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:00:00.0875 0568 Parport - ok

11:00:00.0906 0568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:00:01.0046 0568 PartMgr - ok

11:00:01.0078 0568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:00:01.0218 0568 ParVdm - ok

11:00:01.0250 0568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:00:01.0375 0568 PCI - ok

11:00:01.0375 0568 PCIDump - ok

11:00:01.0390 0568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:00:01.0515 0568 PCIIde - ok

11:00:01.0546 0568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:00:01.0671 0568 Pcmcia - ok

11:00:01.0671 0568 PDCOMP - ok

11:00:01.0687 0568 PDFRAME - ok

11:00:01.0687 0568 PDRELI - ok

11:00:01.0703 0568 PDRFRAME - ok

11:00:01.0703 0568 perc2 - ok

11:00:01.0718 0568 perc2hib - ok

11:00:01.0765 0568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:00:01.0875 0568 PptpMiniport - ok

11:00:01.0890 0568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:00:02.0015 0568 PSched - ok

11:00:02.0046 0568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:00:02.0171 0568 Ptilink - ok

11:00:02.0171 0568 ql1080 - ok

11:00:02.0187 0568 Ql10wnt - ok

11:00:02.0187 0568 ql12160 - ok

11:00:02.0203 0568 ql1240 - ok

11:00:02.0203 0568 ql1280 - ok

11:00:02.0234 0568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:00:02.0359 0568 RasAcd - ok

11:00:02.0375 0568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:00:02.0484 0568 Rasl2tp - ok

11:00:02.0500 0568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:00:02.0625 0568 RasPppoe - ok

11:00:02.0640 0568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:00:02.0765 0568 Raspti - ok

11:00:02.0781 0568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:00:02.0921 0568 Rdbss - ok

11:00:02.0937 0568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:00:03.0062 0568 RDPCDD - ok

11:00:03.0109 0568 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:00:03.0234 0568 rdpdr - ok

11:00:03.0250 0568 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:00:03.0281 0568 RDPWD - ok

11:00:03.0296 0568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:00:03.0437 0568 redbook - ok

11:00:03.0484 0568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:00:03.0546 0568 Secdrv - ok

11:00:03.0609 0568 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

11:00:03.0640 0568 senfilt - ok

11:00:03.0671 0568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:00:03.0796 0568 serenum - ok

11:00:03.0796 0568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:00:03.0921 0568 Serial - ok

11:00:03.0953 0568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:00:04.0078 0568 Sfloppy - ok

11:00:04.0093 0568 Simbad - ok

11:00:04.0156 0568 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

11:00:04.0187 0568 smwdm - ok

11:00:04.0234 0568 Sparrow - ok

11:00:04.0265 0568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:00:04.0406 0568 splitter - ok

11:00:04.0437 0568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:00:04.0515 0568 sr - ok

11:00:04.0531 0568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:00:04.0562 0568 Srv - ok

11:00:04.0609 0568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:00:04.0734 0568 swenum - ok

11:00:04.0750 0568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:00:04.0875 0568 swmidi - ok

11:00:04.0890 0568 symc810 - ok

11:00:04.0906 0568 symc8xx - ok

11:00:04.0906 0568 sym_hi - ok

11:00:04.0921 0568 sym_u3 - ok

11:00:04.0937 0568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:00:05.0078 0568 sysaudio - ok

11:00:05.0109 0568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:00:05.0140 0568 Tcpip - ok

11:00:05.0187 0568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:00:05.0312 0568 TDPIPE - ok

11:00:05.0328 0568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:00:05.0453 0568 TDTCP - ok

11:00:05.0484 0568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:00:05.0625 0568 TermDD - ok

11:00:05.0640 0568 TosIde - ok

11:00:05.0671 0568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:00:05.0812 0568 Udfs - ok

11:00:05.0812 0568 ultra - ok

11:00:05.0875 0568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:00:05.0984 0568 Update - ok

11:00:06.0031 0568 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:00:06.0171 0568 usbaudio - ok

11:00:06.0218 0568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:00:06.0328 0568 usbccgp - ok

11:00:06.0390 0568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:00:06.0515 0568 usbehci - ok

11:00:06.0531 0568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:00:06.0671 0568 usbhub - ok

11:00:06.0703 0568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:00:06.0828 0568 usbprint - ok

11:00:06.0875 0568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:00:07.0000 0568 USBSTOR - ok

11:00:07.0031 0568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:00:07.0156 0568 usbuhci - ok

11:00:07.0203 0568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:00:07.0312 0568 VgaSave - ok

11:00:07.0328 0568 ViaIde - ok

11:00:07.0375 0568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:00:07.0515 0568 VolSnap - ok

11:00:07.0546 0568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:00:07.0671 0568 Wanarp - ok

11:00:07.0671 0568 WDICA - ok

11:00:07.0718 0568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:00:07.0859 0568 wdmaud - ok

11:00:07.0921 0568 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:00:07.0937 0568 WudfPf - ok

11:00:07.0968 0568 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:00:07.0984 0568 WudfRd - ok

11:00:08.0015 0568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:00:08.0187 0568 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:00:08.0187 0568 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:00:08.0187 0568 Boot (0x1200) (386148355e6b66b92b9e78cd318faeaf) \Device\Harddisk0\DR0\Partition0

11:00:08.0187 0568 \Device\Harddisk0\DR0\Partition0 - ok

11:00:08.0187 0568 ============================================================

11:00:08.0187 0568 Scan finished

11:00:08.0187 0568 ============================================================

11:00:08.0296 2272 Detected object count: 2

11:00:08.0296 2272 Actual detected object count: 2

11:00:14.0546 2272 DVDRM ( UnsignedFile.Multi.Generic ) - skipped by user

11:00:14.0546 2272 DVDRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

TDSS File System - are remains of infection in the past. They are just garbage you can remove.

ONLY these:

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

OK.

Leave the DVD alone. It is your DVD drive which TDSSKiller can't read the MBR on it because it doesn't have a MBR.

Run the scan and select Delete on

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:00:14.0546 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Or just leave them alone as well. They aren't hurting anything.

Link to post
Share on other sites

Better yet do this:

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
    gmer_zip.gif
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      GMER_thumb.jpg
      Click the image to enlarge it

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

    [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Link to post
Share on other sites

When it finished scanning, it didn't tell me if the scan was done. The image you gave me here, you didn't have Sections unchecked, and you said to have it unchecked. I didn't see a E:\ or J:\ on mine. I had Sections, IAT/EAT, C:\, and Show all unchecked on the scan.

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-12-08 16:14:08

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500AAJS-00B4A0 rev.01.03A01

Running: evgpw1rg.exe; Driver: C:\DOCUME~1\CAREFU~1\LOCALS~1\Temp\awldrkog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA9291F3C]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA9291FE4]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA9292080]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA929211C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvdrm.sys

Device \Driver\atapi \Device\Ide\IdePort0 dvdrm.sys

Device \Driver\atapi \Device\Ide\IdePort1 dvdrm.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e dvdrm.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.