Jump to content

Rootkit.Win32.PMax.gen removal help


fdtora

Recommended Posts

I ran TDSSKiller to try and remove a zeroaccess rootkit I have. It found Rootkit.Win32.PMax.gen and I continued with the reboot to remove it. Every time I reboot, TDSSKiller keeps finding the same malware object. I have a process named 934258800:2404864200.exe that I cannot kill. After TDSSKiller did not work, I decided to post my issue here hoping there is a way to fix this problem. The DDS logs are below. The infected desktop computer shows the wireless connection to the router, but it cannot access the internet. I am uisng a laptop for internet connection and a usb drive to transfer programs to the infected computer. When I run Malwarebytes, it will scan for a couple seconds and then shutdown. When I try and run it again, windows says it cannot access the path, file, etc.

dds.txtattach.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Austin at 19:02:27 on 2011-10-23

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.249 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\934258800:2404864200.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PGPserv.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

D:\programs\net limiter\NetLimiter.exe

D:\programs\belkin\Belkinwcui.exe

D:\programs\ghrone\Ghrone.exe

D:\programs\dcolorxp\dcolor.exe

C:\WINDOWS\system32\ctfmon.exe

D:\programs\coolmon\CoolMon.exe

D:\programs\rainlendar\Rainlendar.exe

D:\programs\Yztoolbar\YzToolBar.exe

C:\WINDOWS\system32\devldr32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://search.yahoo.com/?fr=avantsearch

mWinlogon: System=csolf.exe

mWinlogon: Userinit=userinit.exe,

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\programs\adobe\acrobat6\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programs\java\bin\jp2ssv.dll

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [Ghrone] d:\programs\ghrone\Ghrone.exe

uRun: [D-Color] d:\programs\dcolorxp\dcolor.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

mRun: [NetLimiter] d:\programs\net limiter\NetLimiter.exe /s

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [QuickTime Task] "d:\programs\quicktime\qttask.exe" -atboottime

mRun: [F5D7050v3] d:\programs\belkin\Belkinwcui.exe

mExplorerRun: [wininet.dll]

StartupFolder: c:\docume~1\austin\startm~1\programs\startup\coolmon.lnk - d:\programs\coolmon\CoolMon.exe

StartupFolder: c:\docume~1\austin\startm~1\programs\startup\qnotes.lnk - d:\programs\quick notes\QNotes.exe

StartupFolder: c:\docume~1\austin\startm~1\programs\startup\rainlendar.lnk - d:\programs\rainlendar\Rainlendar.exe

StartupFolder: c:\docume~1\austin\startm~1\programs\startup\winamp.lnk - d:\programs\winamp\winamp.exe

StartupFolder: c:\docume~1\austin\startm~1\programs\startup\yztoolbar.lnk - d:\programs\yztoolbar\YzToolBar.exe

IE: E&xport to Microsoft Excel - d:\programs\microsoft office\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programs\microsoft office\office11\REFIEBAR.DLL

LSP: d:\programs\net limiter\nl_lsp.dll

LSP: mswsock.dll

Trusted Zone: applyyourself.com

Trusted Zone: chase.com

Trusted Zone: chase.com\www

Trusted Zone: comcast.com\customer

Trusted Zone: creditcardsatchase.com\www

Trusted Zone: dealcatcher.com\www

Trusted Zone: ed.gov\dlenote

Trusted Zone: ed.gov\fafsa

Trusted Zone: ed.gov\www.dl

Trusted Zone: eset.com\www

Trusted Zone: espncdn.com

Trusted Zone: espnplayer.com\www

Trusted Zone: eurosport.com\www

Trusted Zone: geico.com\mypolicy

Trusted Zone: gfxoasis.com

Trusted Zone: go.com

Trusted Zone: go.com\espn

Trusted Zone: google.com\mail

Trusted Zone: google.com\maps

Trusted Zone: hrblock.com\taxes

Trusted Zone: hrblock.com \taxeshelp

Trusted Zone: intuit.com\qtwu2.turbotaxonline

Trusted Zone: intuit.com\turbotax

Trusted Zone: intuit.com\turbotaxweb.turbotaxonline

Trusted Zone: live.com\labs

Trusted Zone: magamba.com\www

Trusted Zone: microsoft.com

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\v5.windowsupdate

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: ministryofsound.com

Trusted Zone: movenetworks.com

Trusted Zone: myvirtualmerchant.com\www

Trusted Zone: nelnet.com\secure

Trusted Zone: randstad.com\www.us

Trusted Zone: skillcheck.com\config

Trusted Zone: skillcheck.com\webtest

Trusted Zone: state.fl.us\express.hsmv

Trusted Zone: timewarnercable.com\payxpress

Trusted Zone: trendmicro.com

Trusted Zone: trendmicro.com\housecall

Trusted Zone: ufl.edu

Trusted Zone: ufl.edu\recsports

Trusted Zone: ufl.edu\union

Trusted Zone: ufl.edu\vista.courses

Trusted Zone: utc.edu\bsi

Trusted Zone: vanderbilt.edu\email

Trusted Zone: vanderbilt.edu\email.mc

Trusted Zone: winamp.com\www

Trusted Zone: windowsvista.com

Trusted Zone: windowsvista.com\download

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C6A9B231-9B9A-480A-BC09-1718BB565D1B} : DhcpNameServer = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\austin\application data\mozilla\firefox\profiles\default.sm4\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - prefs.js: browser.startup.homepage - about:mozilla

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - plugin: c:\documents and settings\austin\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\austin\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\windows\system32\photosynth\nppsynth.dll

FF - plugin: d:\programs\adobe\acrobat6\acrobat\browser\nppdf32.dll

FF - plugin: d:\programs\java\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\programs\java\bin\new_plugin\npjp2.dll

FF - plugin: d:\programs\quicktime\plugins\npqtplugin.dll

FF - plugin: d:\programs\quicktime\plugins\npqtplugin2.dll

FF - plugin: d:\programs\quicktime\plugins\npqtplugin3.dll

FF - plugin: d:\programs\veetle\player\npvlc.dll

FF - plugin: d:\programs\veetle\plugins\npVeetle.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\firefox 3.6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com

FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

FF - Ext: Selection Links: selectionlinks@floriangilles.com - %profile%\extensions\selectionlinks@floriangilles.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\austin\application data\Move Networks

.

---- FIREFOX POLICIES ----

// Change to normal Google search:

FF - user.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

============= SERVICES / DRIVERS ===============

.

S2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2004-12-17 267333]

S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-1-26 11776]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-21 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-21 8456]

S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2006-5-13 472644]

S3 StreamSurge;StreamSurge Driver;c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-10-16 228400]

S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S4 McAfeeFramework;McAfee Framework Service;d:\programs\common framework\FrameworkService.exe [2004-12-17 102463]

S4 Wintxr;Wintxr; [x]

.

=============== Created Last 30 ================

.

2011-10-23 21:18:20 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-23 21:09:35 -------- d-----w- c:\program files\PC Tools Security

2011-10-23 21:05:36 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-10-23 20:40:52 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-23 20:40:52 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-09-18 15:20:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-04 22:38:16 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD2000JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe >>UNKNOWN [0x82FCC550]<<

_asm { MOV EAX, 0x82fcc470; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82fd0eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }

1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82F88AB8]

\Driver\Disk[0x82F723A8] -> IRP_MJ_CREATE -> 0x82FCC550

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x82fcc550

user & kernel MBR OK

Warning: possible MBR rootkit infection !

.

============= FINISH: 19:03:05.70 ===============

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

I only use firefox and have it set to delete everything on exit. I didn't use any passwords the day of the infection. For some reason my firewall was off and the infection happened within about 15 mins of browsing. I'm thinking it was done through java because I always get asked by my firewall to allow java when there isn't a reason for it to be open. I have to use java sometimes for blackboard.

I'd like to go ahead with trying to remove it. Internet connection is screwed now anyway so nothing to lose. Also, will a repair install do the job, or does it have to be a format and fresh install?

Thank you.

Link to post
Share on other sites

We need to get rid of the MBR (master boot record) infection first.

Please don't attach the scan results, use Copy/Paste

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

If the tool won't run from the desktop, try running it from the USB device.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I will post the log file later this evening when I get home. I can tell you how the computer behaves now though. It boots and I sign in like everything is normal. I did have the warning from the bios during bootup that there was a virus, but I disabled the warning in the bos becasue I read that the warning was just that a warning, and it was basically useless to me.

The computer functions fine except that I cannot run any scanning software other than TDDSKiller or connect to the internet. The scanning software will shutdown after a few seconds and then when I run it again, I am told windows cannot find the file. There are two processes that are abnormal as well. One has random numbers separated by a colon and uses about 700K, and the other is a svchost process that uses about 200,000K and alot of cpu. I can kill the svchost process, but not the random nuber one. All things other than the internet and scanning stuff appear to be normal. Is there anything special you want me to try to test how the system is behaving?

Thank you for your help.

Link to post
Share on other sites

There was a folder named 70a8af37 in documents and settings\[user name]\local settings\application data. It contained 2 files; one named @ and the other named X. I deleted it to the recycle bin, nad kept it there rather than permanently delete it becasue I didn't know if had any useful info it that could be of help in getting rid of the rootkit. I figured if it was responsible for instructing something to run, deleting it to the recycle bin would stop it from doing anything. The TDSSKiller log file is below.

19:12:02.0312 0204 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

19:12:02.0343 0204 ============================================================

19:12:02.0343 0204 Current date / time: 2011/10/27 19:12:02.0343

19:12:02.0343 0204 SystemInfo:

19:12:02.0343 0204

19:12:02.0343 0204 OS Version: 5.1.2600 ServicePack: 2.0

19:12:02.0343 0204 Product type: Workstation

19:12:02.0343 0204 ComputerName: AUSTIN-48A486D3

19:12:02.0343 0204 UserName: Austin

19:12:02.0343 0204 Windows directory: C:\WINDOWS

19:12:02.0343 0204 System windows directory: C:\WINDOWS

19:12:02.0343 0204 Processor architecture: Intel x86

19:12:02.0343 0204 Number of processors: 1

19:12:02.0343 0204 Page size: 0x1000

19:12:02.0343 0204 Boot type: Normal boot

19:12:02.0343 0204 ============================================================

19:12:03.0546 0204 Initialize success

19:12:06.0093 0356 ============================================================

19:12:06.0093 0356 Scan started

19:12:06.0093 0356 Mode: Manual;

19:12:06.0093 0356 ============================================================

19:12:06.0953 0356 70a8af37 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\934258800:2404864200.exe

19:12:06.0953 0356 Suspicious file (Hidden): C:\WINDOWS\934258800:2404864200.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

19:12:06.0953 0356 70a8af37 ( Rootkit.Win32.PMax.gen ) - infected

19:12:06.0953 0356 70a8af37 - detected Rootkit.Win32.PMax.gen (0)

19:12:07.0000 0356 Abiosdsk - ok

19:12:07.0031 0356 abp480n5 - ok

19:12:07.0078 0356 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:12:07.0078 0356 ACPI - ok

19:12:07.0140 0356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:12:07.0156 0356 ACPIEC - ok

19:12:07.0187 0356 adpu160m - ok

19:12:07.0234 0356 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

19:12:07.0234 0356 aeaudio - ok

19:12:07.0281 0356 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

19:12:07.0281 0356 aec - ok

19:12:07.0328 0356 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

19:12:07.0343 0356 AegisP - ok

19:12:07.0390 0356 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

19:12:07.0406 0356 AFD - ok

19:12:07.0437 0356 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

19:12:07.0437 0356 agp440 - ok

19:12:07.0468 0356 Aha154x - ok

19:12:07.0500 0356 aic78u2 - ok

19:12:07.0531 0356 aic78xx - ok

19:12:07.0578 0356 AliIde - ok

19:12:07.0625 0356 amsint - ok

19:12:07.0671 0356 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:12:07.0687 0356 Arp1394 - ok

19:12:07.0718 0356 asc - ok

19:12:07.0734 0356 asc3350p - ok

19:12:07.0765 0356 asc3550 - ok

19:12:07.0796 0356 aslm75 - ok

19:12:07.0906 0356 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:12:07.0906 0356 AsyncMac - ok

19:12:07.0953 0356 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:12:07.0953 0356 atapi - ok

19:12:07.0984 0356 Atdisk - ok

19:12:08.0031 0356 AteksoftAudio (de2ed56ec4287e68bf2ef446adca26f2) C:\WINDOWS\system32\drivers\ateksoftaudio.sys

19:12:08.0031 0356 AteksoftAudio - ok

19:12:08.0125 0356 ati2mtag (6d820e99cf360fdbb554af72f33c2052) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

19:12:08.0156 0356 ati2mtag - ok

19:12:08.0234 0356 ATITool (5f16fd5640a1eabdcd005573b95c4481) D:\programs\ati tool\ATITool.sys

19:12:08.0234 0356 ATITool - ok

19:12:08.0406 0356 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:12:08.0453 0356 Atmarpc - ok

19:12:08.0578 0356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:12:08.0593 0356 audstub - ok

19:12:08.0640 0356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:12:08.0640 0356 Beep - ok

19:12:08.0703 0356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:12:08.0703 0356 cbidf2k - ok

19:12:08.0765 0356 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:12:08.0765 0356 CCDECODE - ok

19:12:08.0781 0356 cd20xrnt - ok

19:12:08.0828 0356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:12:08.0828 0356 Cdaudio - ok

19:12:08.0875 0356 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

19:12:08.0875 0356 Cdfs - ok

19:12:08.0921 0356 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:12:08.0937 0356 Cdrom - ok

19:12:08.0953 0356 Changer - ok

19:12:09.0015 0356 CmdIde - ok

19:12:09.0078 0356 Cpqarray - ok

19:12:09.0109 0356 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

19:12:09.0109 0356 ctljystk - ok

19:12:09.0203 0356 CVPNDRV (d28cce0c911e6c5f1ebeb41a8603503c) C:\WINDOWS\system32\Drivers\CVPNDRV.sys

19:12:09.0218 0356 CVPNDRV - ok

19:12:09.0265 0356 dac2w2k - ok

19:12:09.0296 0356 dac960nt - ok

19:12:09.0359 0356 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

19:12:09.0359 0356 Disk - ok

19:12:09.0437 0356 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

19:12:09.0453 0356 dmboot - ok

19:12:09.0500 0356 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys

19:12:09.0515 0356 dmio - ok

19:12:09.0546 0356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:12:09.0546 0356 dmload - ok

19:12:09.0593 0356 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

19:12:09.0609 0356 DMusic - ok

19:12:09.0625 0356 dpti2o - ok

19:12:09.0687 0356 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

19:12:09.0687 0356 drmkaud - ok

19:12:09.0718 0356 dtscsi - ok

19:12:09.0765 0356 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:12:09.0765 0356 E100B - ok

19:12:09.0828 0356 Edspport (ac68016a4ece9eeb4dee7e77598c0a0f) C:\WINDOWS\system32\DRIVERS\es56tpi.sys

19:12:09.0843 0356 Edspport - ok

19:12:09.0890 0356 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys

19:12:09.0906 0356 emu10k - ok

19:12:09.0953 0356 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys

19:12:09.0953 0356 emu10k1 - ok

19:12:10.0000 0356 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

19:12:10.0000 0356 epmntdrv - ok

19:12:10.0031 0356 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

19:12:10.0031 0356 EuGdiDrv - ok

19:12:10.0093 0356 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

19:12:10.0109 0356 Fastfat - ok

19:12:10.0156 0356 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:12:10.0156 0356 Fdc - ok

19:12:10.0187 0356 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

19:12:10.0187 0356 Fips - ok

19:12:10.0250 0356 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:12:10.0250 0356 Flpydisk - ok

19:12:10.0296 0356 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:\WINDOWS\system32\drivers\fltmgr.sys

19:12:10.0296 0356 FltMgr - ok

19:12:10.0328 0356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:12:10.0328 0356 Fs_Rec - ok

19:12:10.0359 0356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:12:10.0375 0356 Ftdisk - ok

19:12:10.0437 0356 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys

19:12:10.0437 0356 gameenum - ok

19:12:10.0468 0356 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:12:10.0468 0356 Gpc - ok

19:12:10.0546 0356 HCWBT8XX (e4aef0daacbe59b048be0224a6d0e601) C:\WINDOWS\system32\drivers\HCWBT8XX.sys

19:12:10.0562 0356 HCWBT8XX - ok

19:12:10.0640 0356 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:12:10.0640 0356 HidUsb - ok

19:12:10.0671 0356 hpn - ok

19:12:10.0734 0356 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

19:12:10.0750 0356 HTTP - ok

19:12:10.0796 0356 i2omgmt - ok

19:12:10.0812 0356 i2omp - ok

19:12:10.0859 0356 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:12:10.0859 0356 i8042prt - ok

19:12:10.0890 0356 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:12:10.0906 0356 Imapi - ok

19:12:10.0953 0356 ini910u - ok

19:12:11.0000 0356 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:12:11.0000 0356 IntelIde - ok

19:12:11.0031 0356 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:12:11.0031 0356 intelppm - ok

19:12:11.0062 0356 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

19:12:11.0062 0356 Ip6Fw - ok

19:12:11.0093 0356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:12:11.0093 0356 IpFilterDriver - ok

19:12:11.0140 0356 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:12:11.0140 0356 IpInIp - ok

19:12:11.0203 0356 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:12:11.0218 0356 IpNat - ok

19:12:11.0265 0356 IPSec (1c74c8c196c4d20d96570da870f6e86e) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:12:11.0265 0356 IPSec - ok

19:12:11.0296 0356 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:12:11.0296 0356 IRENUM - ok

19:12:11.0359 0356 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:12:11.0359 0356 isapnp - ok

19:12:11.0390 0356 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:12:11.0390 0356 Kbdclass - ok

19:12:11.0437 0356 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:12:11.0437 0356 kbdhid - ok

19:12:11.0484 0356 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

19:12:11.0500 0356 kmixer - ok

19:12:11.0531 0356 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

19:12:11.0546 0356 KSecDD - ok

19:12:11.0593 0356 lbrtfdc - ok

19:12:11.0671 0356 MidiSyn - ok

19:12:11.0718 0356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:12:11.0734 0356 mnmdd - ok

19:12:11.0765 0356 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

19:12:11.0781 0356 Modem - ok

19:12:11.0812 0356 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:12:11.0812 0356 Mouclass - ok

19:12:11.0859 0356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:12:11.0859 0356 mouhid - ok

19:12:11.0890 0356 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

19:12:11.0890 0356 MountMgr - ok

19:12:11.0953 0356 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys

19:12:11.0953 0356 MPE - ok

19:12:11.0984 0356 mraid35x - ok

19:12:12.0031 0356 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:12:12.0031 0356 MRxDAV - ok

19:12:12.0093 0356 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:12:12.0109 0356 MRxSmb - ok

19:12:12.0187 0356 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

19:12:12.0187 0356 Msfs - ok

19:12:12.0234 0356 msgame (082a950191dde602bbea8ef4e5900251) C:\WINDOWS\system32\DRIVERS\msgame.sys

19:12:12.0234 0356 msgame - ok

19:12:12.0296 0356 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:12:12.0296 0356 MSKSSRV - ok

19:12:12.0343 0356 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:12:12.0359 0356 MSPCLOCK - ok

19:12:12.0406 0356 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

19:12:12.0406 0356 MSPQM - ok

19:12:12.0453 0356 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:12:12.0453 0356 mssmbios - ok

19:12:12.0500 0356 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

19:12:12.0500 0356 MSTEE - ok

19:12:12.0546 0356 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

19:12:12.0546 0356 Mup - ok

19:12:12.0593 0356 MxlW2k (d37a535bbe77a16c232969c6882b524b) C:\WINDOWS\system32\drivers\MxlW2k.sys

19:12:12.0593 0356 MxlW2k - ok

19:12:12.0625 0356 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:12:12.0640 0356 NABTSFEC - ok

19:12:12.0687 0356 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

19:12:12.0687 0356 NDIS - ok

19:12:12.0750 0356 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:12:12.0750 0356 NdisIP - ok

19:12:12.0796 0356 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:12:12.0796 0356 NdisTapi - ok

19:12:12.0843 0356 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:12:12.0843 0356 Ndisuio - ok

19:12:12.0890 0356 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:12:12.0890 0356 NdisWan - ok

19:12:12.0937 0356 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

19:12:12.0937 0356 NDProxy - ok

19:12:12.0984 0356 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:12:12.0984 0356 NetBIOS - ok

19:12:13.0031 0356 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:12:13.0031 0356 NetBT - ok

19:12:13.0125 0356 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:12:13.0140 0356 NIC1394 - ok

19:12:13.0171 0356 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

19:12:13.0171 0356 Npfs - ok

19:12:13.0234 0356 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

19:12:13.0250 0356 Ntfs - ok

19:12:13.0312 0356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:12:13.0312 0356 Null - ok

19:12:13.0359 0356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:12:13.0359 0356 NwlnkFlt - ok

19:12:13.0375 0356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:12:13.0390 0356 NwlnkFwd - ok

19:12:13.0421 0356 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:12:13.0437 0356 ohci1394 - ok

19:12:13.0500 0356 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

19:12:13.0500 0356 Parport - ok

19:12:13.0546 0356 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

19:12:13.0546 0356 PartMgr - ok

19:12:13.0578 0356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:12:13.0578 0356 ParVdm - ok

19:12:13.0609 0356 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

19:12:13.0609 0356 PCI - ok

19:12:13.0640 0356 PCIDump - ok

19:12:13.0671 0356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:12:13.0671 0356 PCIIde - ok

19:12:13.0718 0356 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:12:13.0734 0356 Pcmcia - ok

19:12:13.0750 0356 PDCOMP - ok

19:12:13.0781 0356 PDFRAME - ok

19:12:13.0812 0356 PDRELI - ok

19:12:13.0843 0356 PDRFRAME - ok

19:12:13.0875 0356 perc2 - ok

19:12:13.0906 0356 perc2hib - ok

19:12:14.0000 0356 PGPdisk (a8ecca4e0c1a80c9ec2fe149f7ce213b) C:\WINDOWS\system32\drivers\PGPdisk.sys

19:12:14.0015 0356 PGPdisk - ok

19:12:14.0046 0356 PGPsdkDriver (cd84151e36c5f6882f622f6f333a3654) C:\WINDOWS\system32\Drivers\PGPsdk.sys

19:12:14.0046 0356 PGPsdkDriver - ok

19:12:14.0125 0356 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:12:14.0125 0356 PptpMiniport - ok

19:12:14.0156 0356 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

19:12:14.0156 0356 Processor - ok

19:12:14.0218 0356 prodrv06 (09921a58b4278bc16efa91a8fe480c50) C:\WINDOWS\System32\drivers\prodrv06.sys

19:12:14.0218 0356 prodrv06 - ok

19:12:14.0250 0356 prohlp02 (97184f49aa0733f6eea28ada265ba8da) C:\WINDOWS\system32\drivers\prohlp02.sys

19:12:14.0250 0356 prohlp02 - ok

19:12:14.0296 0356 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys

19:12:14.0296 0356 prosync1 - ok

19:12:14.0359 0356 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

19:12:14.0359 0356 PSched - ok

19:12:14.0406 0356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:12:14.0406 0356 Ptilink - ok

19:12:14.0453 0356 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

19:12:14.0453 0356 PxHelp20 - ok

19:12:14.0468 0356 ql1080 - ok

19:12:14.0515 0356 Ql10wnt - ok

19:12:14.0546 0356 ql12160 - ok

19:12:14.0562 0356 ql1240 - ok

19:12:14.0593 0356 ql1280 - ok

19:12:14.0640 0356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:12:14.0656 0356 RasAcd - ok

19:12:14.0703 0356 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:12:14.0703 0356 Rasl2tp - ok

19:12:14.0781 0356 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:12:14.0781 0356 RasPppoe - ok

19:12:14.0812 0356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:12:14.0812 0356 Raspti - ok

19:12:14.0859 0356 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:12:14.0875 0356 Rdbss - ok

19:12:14.0906 0356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:12:14.0906 0356 RDPCDD - ok

19:12:14.0968 0356 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:12:14.0968 0356 rdpdr - ok

19:12:15.0046 0356 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

19:12:15.0062 0356 RDPWD - ok

19:12:15.0093 0356 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:12:15.0109 0356 redbook - ok

19:12:15.0203 0356 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys

19:12:15.0218 0356 RT73 - ok

19:12:15.0328 0356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:12:15.0328 0356 Secdrv - ok

19:12:15.0390 0356 SECYPUSB (31ebbe9241807295a7c8d224ca329a75) C:\WINDOWS\system32\Drivers\SECYPUSB.sys

19:12:15.0390 0356 SECYPUSB - ok

19:12:15.0421 0356 senfilt - ok

19:12:15.0484 0356 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:12:15.0484 0356 serenum - ok

19:12:15.0531 0356 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

19:12:15.0531 0356 Serial - ok

19:12:15.0609 0356 sf (8da9c7feedba52cfd91ee2e2113df6a9) C:\WINDOWS\system32\drivers\sf.sys

19:12:15.0609 0356 sf - ok

19:12:15.0656 0356 sfdrv01 (fca5dd901ed19b56b7ffca6fe1627edc) C:\WINDOWS\system32\drivers\sfdrv01.sys

19:12:15.0656 0356 sfdrv01 - ok

19:12:15.0703 0356 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys

19:12:15.0703 0356 sfhlp01 - ok

19:12:15.0734 0356 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys

19:12:15.0734 0356 sfhlp02 - ok

19:12:15.0781 0356 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:12:15.0781 0356 Sfloppy - ok

19:12:15.0828 0356 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys

19:12:15.0828 0356 sfman - ok

19:12:15.0859 0356 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys

19:12:15.0859 0356 sfsync02 - ok

19:12:15.0921 0356 Simbad - ok

19:12:15.0953 0356 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

19:12:15.0953 0356 sisagp - ok

19:12:16.0000 0356 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys

19:12:16.0000 0356 SISNIC - ok

19:12:16.0046 0356 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:12:16.0046 0356 SLIP - ok

19:12:16.0140 0356 smwdm (3c8c1c6485a4a7e79a24ec688f1c4646) C:\WINDOWS\system32\drivers\smwdm.sys

19:12:16.0156 0356 smwdm - ok

19:12:16.0187 0356 Sparrow - ok

19:12:16.0234 0356 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

19:12:16.0234 0356 splitter - ok

19:12:16.0343 0356 sptd (4a5a0d976b1230e90991e6961bf12e30) C:\WINDOWS\system32\Drivers\sptd.sys

19:12:16.0343 0356 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4a5a0d976b1230e90991e6961bf12e30

19:12:16.0343 0356 sptd ( LockedFile.Multi.Generic ) - warning

19:12:16.0343 0356 sptd - detected LockedFile.Multi.Generic (1)

19:12:16.0390 0356 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

19:12:16.0390 0356 sr - ok

19:12:16.0468 0356 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys

19:12:16.0468 0356 Srv - ok

19:12:16.0546 0356 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:12:16.0546 0356 streamip - ok

19:12:16.0593 0356 StreamSurge - ok

19:12:16.0640 0356 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:12:16.0640 0356 swenum - ok

19:12:16.0671 0356 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

19:12:16.0671 0356 swmidi - ok

19:12:16.0718 0356 symc810 - ok

19:12:16.0750 0356 symc8xx - ok

19:12:16.0781 0356 sym_hi - ok

19:12:16.0812 0356 sym_u3 - ok

19:12:16.0859 0356 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

19:12:16.0875 0356 sysaudio - ok

19:12:16.0953 0356 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:12:16.0968 0356 Tcpip - ok

19:12:17.0015 0356 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:12:17.0015 0356 TDPIPE - ok

19:12:17.0062 0356 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

19:12:17.0062 0356 TDTCP - ok

19:12:17.0109 0356 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:12:17.0109 0356 TermDD - ok

19:12:17.0171 0356 TosIde - ok

19:12:17.0234 0356 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

19:12:17.0234 0356 Udfs - ok

19:12:17.0281 0356 ultra - ok

19:12:17.0328 0356 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

19:12:17.0328 0356 Update - ok

19:12:17.0437 0356 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys

19:12:17.0437 0356 USB28xxBGA - ok

19:12:17.0484 0356 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys

19:12:17.0484 0356 USB28xxOEM - ok

19:12:17.0531 0356 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:12:17.0531 0356 usbccgp - ok

19:12:17.0578 0356 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:12:17.0593 0356 usbehci - ok

19:12:17.0625 0356 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:12:17.0625 0356 usbhub - ok

19:12:17.0656 0356 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:12:17.0656 0356 usbohci - ok

19:12:17.0703 0356 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:12:17.0703 0356 usbprint - ok

19:12:17.0765 0356 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:12:17.0765 0356 usbscan - ok

19:12:17.0828 0356 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:12:17.0828 0356 USBSTOR - ok

19:12:17.0875 0356 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:12:17.0875 0356 usbuhci - ok

19:12:17.0906 0356 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

19:12:17.0906 0356 VgaSave - ok

19:12:17.0937 0356 ViaIde - ok

19:12:17.0984 0356 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

19:12:18.0000 0356 VolSnap - ok

19:12:18.0062 0356 vsdatant (9e44b165ec6ae333ee9c4875ac73fb52) C:\WINDOWS\system32\vsdatant.sys

19:12:18.0078 0356 vsdatant - ok

19:12:18.0156 0356 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:12:18.0171 0356 Wanarp - ok

19:12:18.0203 0356 WDICA - ok

19:12:18.0234 0356 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

19:12:18.0250 0356 wdmaud - ok

19:12:18.0406 0356 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:12:18.0406 0356 WS2IFSL - ok

19:12:18.0453 0356 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:12:18.0453 0356 WSTCODEC - ok

19:12:18.0515 0356 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:12:18.0515 0356 WudfPf - ok

19:12:18.0546 0356 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:12:18.0562 0356 WudfRd - ok

19:12:18.0687 0356 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

19:12:18.0765 0356 \Device\Harddisk0\DR0 - ok

19:12:18.0781 0356 Boot (0x1200) (77917953e5ee8b9b434552e0fffb8848) \Device\Harddisk0\DR0\Partition0

19:12:18.0781 0356 \Device\Harddisk0\DR0\Partition0 - ok

19:12:18.0812 0356 Boot (0x1200) (c0130986453c576fadc3e454f230037f) \Device\Harddisk0\DR0\Partition1

19:12:18.0812 0356 \Device\Harddisk0\DR0\Partition1 - ok

19:12:18.0828 0356 ============================================================

19:12:18.0828 0356 Scan finished

19:12:18.0828 0356 ============================================================

19:12:18.0859 1528 Detected object count: 2

19:12:18.0859 1528 Actual detected object count: 2

19:12:23.0609 1528 HKLM\SYSTEM\ControlSet003\services\70a8af37 - will be deleted on reboot

19:12:23.0609 1528 HKLM\SYSTEM\ControlSet004\services\70a8af37 - will be deleted on reboot

19:12:23.0625 1528 C:\WINDOWS\934258800:2404864200.exe - will be deleted on reboot

19:12:23.0625 1528 70a8af37 ( Rootkit.Win32.PMax.gen ) - User select action: Delete

19:12:23.0640 1528 sptd ( LockedFile.Multi.Generic ) - skipped by user

19:12:23.0640 1528 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

19:12:27.0750 2044 Deinitialize success

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.