1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Mebroot/ Torpig - desktop

Discussion in 'Malware and Virus Removal Archive' started by duub, 2011/11/19.

Thread Status:
Not open for further replies.
Page 1 of 3
  1. 2011/11/19
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    [Inactive] Mebroot/ Torpig - desktop

    (This is thread no.2 for this infection; second system)

    Besides my laptop also my desktop is infected, as my ISP informs me :(
    So, as advised, I start this new thread to see if it can be cleaned.
    system: Windows XP Pro SP2 Pentium 4 1.70 GHZ, 512Mb (a very old ex-office pc which, though very very slow still does the job for internet and mail) Avira guard active

    I've done the scans, however;
    - MBAM couldn't update
    - GMBR at first caused the system to halt, ultimately leaving only a blue screen, after a reboot with the powerswitch it finally scanned
    - aswMBR finished in less than a second downloading AVAST defintions
    - DDS started up, (after severeal tries downloading it, once it was labeled an AutoCADscript ?), but then it simply popped away, without doing anything (visually) or leaving any report.

    I'm sorry, the scanreports are partly in my native language, dutch. I suppose the software automatically detects the language my Windows is set to.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-19 21:20:51
    Windows 5.1.2600 Service Pack 2
    Running: bnqk76n3.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT F8B50AB4 ZwClose
    SSDT F8B50A6E ZwCreateKey
    SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com)) ZwCreateProcess [0xF849A3CE]
    SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com)) ZwCreateProcessEx [0xF849A56E]
    SSDT F8B50ABE ZwCreateSection
    SSDT F8B50A64 ZwCreateThread
    SSDT F8B50A73 ZwDeleteKey
    SSDT F8B50A7D ZwDeleteValueKey
    SSDT F8B50AAF ZwDuplicateObject
    SSDT F8B50A82 ZwLoadKey
    SSDT F8B50A50 ZwOpenProcess
    SSDT F8B50A55 ZwOpenThread
    SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com)) ZwRenameKey [0xF849900A]
    SSDT F8B50A8C ZwReplaceKey
    SSDT F8B50A87 ZwRestoreKey
    SSDT F8B50AC3 ZwSetContextThread
    SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com)) ZwSetInformationKey [0xF84991DA]
    SSDT F8B50A78 ZwSetValueKey
    SSDT F8B50A5F ZwTerminateProcess

    INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F866316D
    INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F8662FC2

    ---- Kernel code sections - GMER 1.0.15 ----

    ? zWVp[]wA @J@ De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !
    ? system32\drivers\xpsec.sys Het systeem kan het opgegeven pad niet vinden. !
    ? system32\drivers\xcpip.sys Het systeem kan het opgegeven pad niet vinden. !
    .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xF1146400, 0x7960C, 0xE8000020]
    .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF11E8420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF11E8420]
    .protectÿÿÿÿhardlockunknown last code section [0xF11E8200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xF11E8200, 0x5049, 0xE0000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!DisplayExitWindowsWarnings 7E3D9D61 5 Bytes JMP 015D2A93
    .text C:\WINDOWS\Explorer.EXE[296] WS2_32.dll!send 71A3428A 5 Bytes JMP 013A98A2
    .text C:\WINDOWS\Explorer.EXE[296] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 013A9C28
    .text C:\WINDOWS\Explorer.EXE[296] WS2_32.dll!recv 71A3615A 5 Bytes JMP 013A99F4
    .text C:\WINDOWS\Explorer.EXE[296] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 013A9AC7
    .text C:\WINDOWS\Explorer.EXE[296] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 013A9D76
    .text C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe[440] WS2_32.dll!send 71A3428A 5 Bytes JMP 00DA98A2
    .text C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe[440] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 00DA9C28
    .text C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe[440] WS2_32.dll!recv 71A3615A 5 Bytes JMP 00DA99F4
    .text C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe[440] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 00DA9AC7
    .text C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe[440] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 00DA9D76
    .text C:\WINDOWS\system32\winlogon.exe[532] Secur32.dll!LsaLogonUser 77F133F1 5 Bytes JMP 011B2C81
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1200] WS2_32.dll!send 71A3428A 5 Bytes JMP 015B98A2
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1200] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 015B9C28
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1200] WS2_32.dll!recv 71A3615A 5 Bytes JMP 015B99F4
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1200] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 015B9AC7
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1200] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 015B9D76
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1380] WS2_32.dll!send 71A3428A 5 Bytes JMP 00D198A2
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1380] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 00D19C28
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1380] WS2_32.dll!recv 71A3615A 5 Bytes JMP 00D199F4
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1380] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 00D19AC7
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1380] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 00D19D76
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1420] WS2_32.dll!send 71A3428A 5 Bytes JMP 007E98A2
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1420] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 007E9C28
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1420] WS2_32.dll!recv 71A3615A 5 Bytes JMP 007E99F4
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1420] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 007E9AC7
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1420] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 007E9D76
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] WS2_32.dll!send 71A3428A 5 Bytes JMP 00DF98A2
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 00DF9C28
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] WS2_32.dll!recv 71A3615A 5 Bytes JMP 00DF99F4
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 00DF9AC7
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 00DF9D76
    .text C:\Program Files\iTunes\iTunesHelper.exe[2248] WS2_32.dll!send 71A3428A 5 Bytes JMP 052B98A2
    .text C:\Program Files\iTunes\iTunesHelper.exe[2248] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 052B9C28
    .text C:\Program Files\iTunes\iTunesHelper.exe[2248] WS2_32.dll!recv 71A3615A 5 Bytes JMP 052B99F4
    .text C:\Program Files\iTunes\iTunesHelper.exe[2248] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 052B9AC7
    .text C:\Program Files\iTunes\iTunesHelper.exe[2248] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 052B9D76

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com))
    Device \Driver\Tcpip \Device\Tcp SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com))
    Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 zWVp[]wA @J@
    Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 zWVp[]wA @J@
    Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 zWVp[]wA @J@
    Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 zWVp[]wA @J@
    Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 zWVp[]wA @J@
    Device \Driver\Tcpip \Device\Udp SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com))
    Device \Driver\Tcpip \Device\RawIp SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com))
    Device \Driver\Tcpip \Device\IPMULTICAST SSI.SYS (SpySweeper SSI Driver/Webroot Software (www.webroot.com))

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)



    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-19 23:39:19
    -----------------------------
    23:39:19.000 OS Version: Windows 5.1.2600 Service Pack 2
    23:39:19.000 Number of processors: 1 586 0x102
    23:39:19.000 ComputerName: XP-18 UserName:
    23:39:19.875 Initialize success
    23:39:31.906 AVAST engine download error: 0
    23:39:44.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
    23:39:44.359 Disk 0 Vendor: MAXTOR_6 A93. Size: 19595MB BusType: 3
    23:39:46.453 Disk 0 MBR read successfully
    23:39:46.453 Disk 0 MBR scan
    23:39:46.453 Disk 0 Windows XP default MBR code
    23:39:46.453 Disk 0 scanning sectors +40114305
    23:39:46.781 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:40:13.890 Service scanning
    23:40:15.937 Modules scanning
    23:40:30.093 Disk 0 trace - called modules:
    23:40:30.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82396000]<<
    23:40:30.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82392030]
    23:40:30.109 3 CLASSPNP.SYS[f859105b] -> nt!IofCallDriver -> \Device\00000062[0x823d1f18]
    23:40:30.609 5 ACPI.sys[f8506620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x823d1030]
    23:40:30.609 Scan finished successfully
    23:40:52.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat "
    23:40:52.671 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR.txt "


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-20 00:06:08
    -----------------------------
    00:06:08.390 OS Version: Windows 5.1.2600 Service Pack 2
    00:06:08.390 Number of processors: 1 586 0x102
    00:06:08.390 ComputerName: XP-18 UserName:
    00:06:09.375 Initialize success
    00:06:19.000 AVAST engine download error: 0
    00:06:24.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
    00:06:24.890 Disk 0 Vendor: MAXTOR_6 A93. Size: 19595MB BusType: 3
    00:06:26.906 Disk 0 MBR read successfully
    00:06:26.906 Disk 0 MBR scan
    00:06:26.906 Disk 0 Windows XP default MBR code
    00:06:27.000 Disk 0 scanning sectors +40114305
    00:06:27.328 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:07:06.359 Service scanning
    00:07:12.671 Modules scanning
    00:07:27.906 Disk 0 trace - called modules:
    00:07:27.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82396000]<<
    00:07:27.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82392030]
    00:07:27.906 3 CLASSPNP.SYS[f859105b] -> nt!IofCallDriver -> \Device\00000062[0x823d1f18]
    00:07:27.984 5 ACPI.sys[f8506620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x823d1030]
    00:07:27.984 Scan finished successfully
    00:07:46.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat "
    00:07:46.015 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR.txt "




    Databaseversie: 7622

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    17-11-2011 0:24:41
    mbam-log-2011-11-17 (00-24-24).txt

    Scantype: Volledige scan (C:\|)
    Objecten gescand: 328406
    Verstreken tijd: 2 uur/uren, 40 minuut/minuten, 7 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\program files\mozilla firefox\0.5865460677769775.exe (Exploit.Dropper) -> No action taken.
     
    duub,
    #1
  2. 2011/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================================

    Your MBAM log says "No action taken ".
    Re-run it, FIX all issues and post new log.

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/11/20
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    below the reports, again in Dutch :eek:

    Once again, MBAM could not update its virusdefinitions;
    PROGRAM_ERROR_UPDATING (2,0, connection refused) used database id from date 8/31/2011, version 7622
    At the end it reported Scan completed/ no malicious objects detected/ log saved.

    During scanning my Avira active guard popped up, reporting three, later (when TDSSkiller had run) four viruses or unwanted programs, i.e.
    78a7dab_6el47443 JAVA/Dldr.Scuds.C with proposed action: move to quarantaine. I ignored this and continued as you instructed.

    TDSSKiller reported one infection :mad: and succesful removel :D

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 7622

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    20-11-2011 13:12:28
    mbam-log-2011-11-20 (13-12-28).txt

    Scantype: Volledige scan (C:\|)
    Objecten gescand: 328390
    Verstreken tijd: 2 uur/uren, 28 minuut/minuten, 29 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    17:15:11.0406 3584 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    17:15:12.0937 3584 ============================================================
    17:15:12.0937 3584 Current date / time: 2011/11/20 17:15:12.0937
    17:15:12.0937 3584 SystemInfo:
    17:15:12.0937 3584
    17:15:12.0937 3584 OS Version: 5.1.2600 ServicePack: 2.0
    17:15:12.0968 3584 Product type: Workstation
    17:15:12.0968 3584 ComputerName: XP-18
    17:15:12.0968 3584 UserName: Administrator
    17:15:12.0968 3584 Windows directory: C:\WINDOWS
    17:15:12.0984 3584 System windows directory: C:\WINDOWS
    17:15:12.0984 3584 Processor architecture: Intel x86
    17:15:12.0984 3584 Number of processors: 1
    17:15:12.0984 3584 Page size: 0x1000
    17:15:12.0984 3584 Boot type: Normal boot
    17:15:12.0984 3584 ============================================================
    17:15:15.0093 3584 Initialize success
    17:16:16.0046 0524 ============================================================
    17:16:16.0046 0524 Scan started
    17:16:16.0046 0524 Mode: Manual;
    17:16:16.0046 0524 ============================================================
    17:16:16.0546 0524 Abiosdsk - ok
    17:16:16.0687 0524 abp480n5 - ok
    17:16:16.0890 0524 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    17:16:16.0906 0524 ac97intc - ok
    17:16:17.0093 0524 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:16:17.0109 0524 ACPI - ok
    17:16:17.0265 0524 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:16:17.0296 0524 ACPIEC - ok
    17:16:17.0421 0524 adpu160m - ok
    17:16:17.0609 0524 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    17:16:17.0609 0524 aec - ok
    17:16:17.0781 0524 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    17:16:17.0796 0524 AFD - ok
    17:16:17.0953 0524 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    17:16:17.0953 0524 agp440 - ok
    17:16:18.0078 0524 Aha154x - ok
    17:16:18.0203 0524 aic78u2 - ok
    17:16:18.0328 0524 aic78xx - ok
    17:16:18.0515 0524 AliIde - ok
    17:16:18.0656 0524 amsint - ok
    17:16:18.0812 0524 asc - ok
    17:16:18.0937 0524 asc3350p - ok
    17:16:19.0062 0524 asc3550 - ok
    17:16:19.0250 0524 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    17:16:19.0312 0524 Aspi32 - ok
    17:16:19.0500 0524 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:16:19.0500 0524 AsyncMac - ok
    17:16:19.0656 0524 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:16:19.0671 0524 atapi - ok
    17:16:19.0812 0524 Atdisk - ok
    17:16:19.0968 0524 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:16:19.0968 0524 Atmarpc - ok
    17:16:20.0140 0524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:16:20.0140 0524 audstub - ok
    17:16:20.0234 0524 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    17:16:20.0234 0524 avgio - ok
    17:16:20.0421 0524 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    17:16:20.0421 0524 avgntflt - ok
    17:16:20.0562 0524 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    17:16:20.0562 0524 avipbb - ok
    17:16:20.0703 0524 Beep - ok
    17:16:20.0875 0524 C-Dilla (894ffbfc41be336443bee9c33010419a) C:\WINDOWS\System32\drivers\CDANT.SYS
    17:16:20.0906 0524 C-Dilla - ok
    17:16:21.0093 0524 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
    17:16:21.0109 0524 Camav - ok
    17:16:21.0250 0524 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
    17:16:21.0265 0524 camflt - ok
    17:16:21.0421 0524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:16:21.0453 0524 cbidf2k - ok
    17:16:21.0609 0524 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:16:21.0609 0524 CCDECODE - ok
    17:16:21.0734 0524 cd20xrnt - ok
    17:16:21.0859 0524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:16:21.0890 0524 Cdaudio - ok
    17:16:22.0046 0524 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:16:22.0078 0524 Cdfs - ok
    17:16:22.0250 0524 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:16:22.0250 0524 Cdrom - ok
    17:16:22.0390 0524 Changer - ok
    17:16:22.0578 0524 CmdIde - ok
    17:16:22.0734 0524 Cpqarray - ok
    17:16:22.0875 0524 dac2w2k - ok
    17:16:23.0000 0524 dac960nt - ok
    17:16:23.0187 0524 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:16:23.0187 0524 Disk - ok
    17:16:23.0390 0524 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
    17:16:23.0437 0524 dmboot - ok
    17:16:23.0609 0524 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
    17:16:23.0625 0524 dmio - ok
    17:16:23.0781 0524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:16:23.0796 0524 dmload - ok
    17:16:23.0953 0524 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    17:16:23.0953 0524 DMusic - ok
    17:16:24.0078 0524 dpti2o - ok
    17:16:24.0234 0524 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:16:24.0234 0524 drmkaud - ok
    17:16:24.0375 0524 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    17:16:24.0390 0524 EL90XBC - ok
    17:16:24.0609 0524 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:16:24.0609 0524 Fastfat - ok
    17:16:24.0796 0524 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:16:24.0796 0524 Fdc - ok
    17:16:24.0953 0524 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
    17:16:24.0984 0524 Fips - ok
    17:16:25.0140 0524 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:16:25.0140 0524 Flpydisk - ok
    17:16:25.0296 0524 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    17:16:25.0312 0524 FltMgr - ok
    17:16:25.0500 0524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:16:25.0531 0524 Fs_Rec - ok
    17:16:25.0703 0524 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:16:25.0718 0524 Ftdisk - ok
    17:16:25.0906 0524 G550DH (ef4b332994d2513d9419ddf98a07c243) C:\WINDOWS\system32\DRIVERS\g550dhm.sys
    17:16:25.0906 0524 G550DH - ok
    17:16:26.0078 0524 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    17:16:26.0078 0524 gameenum - ok
    17:16:26.0218 0524 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    17:16:26.0234 0524 GearAspiWDM - ok
    17:16:26.0390 0524 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:16:26.0390 0524 Gpc - ok
    17:16:26.0625 0524 hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    17:16:26.0906 0524 hardlock - ok
    17:16:27.0078 0524 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\System32\drivers\Haspnt.sys
    17:16:27.0109 0524 Haspnt - ok
    17:16:27.0296 0524 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:16:27.0296 0524 HidUsb - ok
    17:16:27.0437 0524 hpn - ok
    17:16:27.0562 0524 hpt3xx - ok
    17:16:27.0765 0524 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:16:27.0796 0524 HTTP - ok
    17:16:27.0937 0524 i2omgmt - ok
    17:16:28.0062 0524 i2omp - ok
    17:16:28.0187 0524 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:16:28.0203 0524 i8042prt - ok
    17:16:28.0328 0524 IdeBusDr (f6e7a36bf20e2f6fd36e021aadf76444) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
    17:16:28.0328 0524 IdeBusDr - ok
    17:16:28.0500 0524 IdeChnDr (7a3b21a7dccc5ef29fe7df0cc6692da1) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
    17:16:28.0500 0524 IdeChnDr - ok
    17:16:28.0718 0524 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:16:28.0734 0524 Imapi - ok
    17:16:28.0921 0524 ini910u - ok
    17:16:29.0062 0524 IntelIde (133b243ee5ccc607686a5648b807542d) C:\WINDOWS\system32\DRIVERS\intelide.sys
    17:16:29.0062 0524 IntelIde - ok
    17:16:29.0234 0524 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    17:16:29.0234 0524 Ip6Fw - ok
    17:16:29.0421 0524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:16:29.0421 0524 IpFilterDriver - ok
    17:16:29.0546 0524 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:16:29.0546 0524 IpInIp - ok
    17:16:29.0718 0524 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:16:29.0718 0524 IpNat - ok
    17:16:29.0906 0524 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:16:29.0921 0524 IPSec - ok
    17:16:30.0046 0524 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:16:30.0046 0524 IRENUM - ok
    17:16:30.0203 0524 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:16:30.0203 0524 isapnp - ok
    17:16:30.0359 0524 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:16:30.0359 0524 Kbdclass - ok
    17:16:30.0484 0524 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:16:30.0484 0524 kbdhid - ok
    17:16:30.0687 0524 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    17:16:30.0687 0524 kmixer - ok
    17:16:30.0843 0524 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:16:30.0859 0524 KSecDD - ok
    17:16:31.0015 0524 Lbd - ok
    17:16:31.0140 0524 lbrtfdc - ok
    17:16:31.0343 0524 mgabg (83467e439b58429b295ec7b69f04c200) C:\WINDOWS\system32\drivers\mgabg.sys
    17:16:31.0359 0524 mgabg - ok
    17:16:31.0546 0524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:16:31.0562 0524 mnmdd - ok
    17:16:31.0703 0524 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
    17:16:31.0734 0524 Modem - ok
    17:16:31.0890 0524 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:16:31.0890 0524 Mouclass - ok
    17:16:32.0062 0524 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:16:32.0062 0524 mouhid - ok
    17:16:32.0187 0524 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:16:32.0218 0524 MountMgr - ok
    17:16:32.0343 0524 mraid35x - ok
    17:16:32.0515 0524 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:16:32.0515 0524 MRxDAV - ok
    17:16:32.0718 0524 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:16:32.0734 0524 MRxSmb - ok
    17:16:32.0921 0524 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    17:16:32.0937 0524 Msfs - ok
    17:16:33.0093 0524 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:16:33.0093 0524 MSKSSRV - ok
    17:16:33.0265 0524 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:16:33.0265 0524 MSPCLOCK - ok
    17:16:33.0421 0524 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:16:33.0421 0524 MSPQM - ok
    17:16:33.0562 0524 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:16:33.0578 0524 mssmbios - ok
    17:16:33.0718 0524 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    17:16:33.0718 0524 MSTEE - ok
    17:16:33.0890 0524 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    17:16:33.0890 0524 Mup - ok
    17:16:34.0046 0524 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:16:34.0046 0524 NABTSFEC - ok
    17:16:34.0203 0524 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    17:16:34.0218 0524 NDIS - ok
    17:16:34.0406 0524 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:16:34.0406 0524 NdisIP - ok
    17:16:34.0593 0524 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:16:34.0593 0524 NdisTapi - ok
    17:16:34.0734 0524 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:16:34.0750 0524 Ndisuio - ok
    17:16:34.0937 0524 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:16:34.0953 0524 NdisWan - ok
    17:16:35.0093 0524 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:16:35.0140 0524 NDProxy - ok
    17:16:35.0281 0524 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:16:35.0281 0524 NetBIOS - ok
    17:16:35.0468 0524 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:16:35.0468 0524 NetBT - ok
    17:16:35.0703 0524 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    17:16:35.0703 0524 Npfs - ok
    17:16:35.0875 0524 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:16:35.0906 0524 Ntfs - ok
    17:16:36.0062 0524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:16:36.0078 0524 Null - ok
    17:16:36.0218 0524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:16:36.0234 0524 NwlnkFlt - ok
    17:16:36.0406 0524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:16:36.0421 0524 NwlnkFwd - ok
    17:16:36.0593 0524 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:16:36.0609 0524 Parport - ok
    17:16:36.0765 0524 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:16:36.0796 0524 PartMgr - ok
    17:16:36.0984 0524 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:16:37.0000 0524 ParVdm - ok
    17:16:37.0171 0524 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:16:37.0171 0524 PCI - ok
    17:16:37.0296 0524 PCIDump - ok
    17:16:37.0421 0524 PCIIde - ok
    17:16:37.0593 0524 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:16:37.0640 0524 Pcmcia - ok
    17:16:37.0781 0524 PDCOMP - ok
    17:16:37.0921 0524 PDFRAME - ok
    17:16:38.0078 0524 PDRELI - ok
    17:16:38.0234 0524 PDRFRAME - ok
    17:16:38.0390 0524 perc2 - ok
    17:16:38.0531 0524 perc2hib - ok
    17:16:38.0734 0524 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    17:16:38.0734 0524 pfc - ok
    17:16:38.0921 0524 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:16:38.0921 0524 PptpMiniport - ok
    17:16:39.0046 0524 Processor (7eb2687f1fc3134eeb072878c48d91ac) C:\WINDOWS\system32\DRIVERS\processr.sys
    17:16:39.0046 0524 Processor - ok
    17:16:39.0218 0524 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:16:39.0218 0524 PSched - ok
    17:16:39.0359 0524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:16:39.0359 0524 Ptilink - ok
    17:16:39.0562 0524 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:16:39.0578 0524 PxHelp20 - ok
    17:16:39.0718 0524 ql1080 - ok
    17:16:39.0859 0524 Ql10wnt - ok
    17:16:40.0015 0524 ql12160 - ok
    17:16:40.0156 0524 ql1240 - ok
    17:16:40.0296 0524 ql1280 - ok
    17:16:40.0453 0524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:16:40.0453 0524 RasAcd - ok
    17:16:40.0671 0524 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:16:40.0671 0524 Rasl2tp - ok
    17:16:40.0828 0524 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:16:40.0828 0524 RasPppoe - ok
    17:16:41.0140 0524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:16:41.0140 0524 Raspti - ok
    17:16:41.0312 0524 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:16:41.0343 0524 Rdbss - ok
    17:16:41.0484 0524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:16:41.0484 0524 RDPCDD - ok
    17:16:41.0687 0524 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:16:41.0703 0524 rdpdr - ok
    17:16:41.0890 0524 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:16:41.0953 0524 RDPWD - ok
    17:16:42.0140 0524 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:16:42.0140 0524 redbook - ok
    17:16:42.0437 0524 Secdrv (f376a1580204e47f37a721e1cbc5582a) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:16:42.0437 0524 Secdrv - ok
    17:16:42.0609 0524 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:16:42.0609 0524 serenum - ok
    17:16:42.0781 0524 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:16:42.0796 0524 Serial - ok
    17:16:43.0093 0524 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    17:16:43.0093 0524 Sfloppy - ok
    17:16:43.0265 0524 Simbad - ok
    17:16:43.0453 0524 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:16:43.0453 0524 SLIP - ok
    17:16:43.0625 0524 Sparrow - ok
    17:16:43.0781 0524 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    17:16:43.0781 0524 splitter - ok
    17:16:43.0984 0524 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:16:43.0984 0524 sr - ok
    17:16:44.0203 0524 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:16:44.0218 0524 Srv - ok
    17:16:44.0421 0524 SSI (9910b19fed16e3e073d48efc4422f29c) C:\WINDOWS\system32\Drivers\SSI.SYS
    17:16:44.0437 0524 SSI - ok
    17:16:44.0625 0524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    17:16:44.0625 0524 ssmdrv - ok
    17:16:44.0796 0524 Stltrk2k (12ab16135e1c02d5878a9957e4c99e7d) C:\WINDOWS\system32\drivers\Stltrk2k.sys
    17:16:44.0828 0524 Stltrk2k - ok
    17:16:45.0000 0524 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:16:45.0015 0524 streamip - ok
    17:16:45.0156 0524 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:16:45.0156 0524 swenum - ok
    17:16:45.0343 0524 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    17:16:45.0343 0524 swmidi - ok
    17:16:45.0515 0524 symc810 - ok
    17:16:45.0656 0524 symc8xx - ok
    17:16:45.0812 0524 sym_hi - ok
    17:16:45.0968 0524 sym_u3 - ok
    17:16:46.0156 0524 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:16:46.0156 0524 sysaudio - ok
    17:16:46.0375 0524 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:16:46.0421 0524 Tcpip - ok
    17:16:46.0593 0524 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:16:46.0625 0524 TDPIPE - ok
    17:16:46.0796 0524 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:16:46.0828 0524 TDTCP - ok
    17:16:47.0000 0524 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:16:47.0000 0524 TermDD - ok
    17:16:47.0187 0524 TosIde - ok
    17:16:47.0390 0524 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    17:16:47.0437 0524 Udfs - ok
    17:16:47.0578 0524 ultra - ok
    17:16:47.0765 0524 UPATC (dcf812e04e90d5e07cc09795d1dfe92a) C:\WINDOWS\system32\DRIVERS\upatc.sys
    17:16:47.0796 0524 UPATC - ok
    17:16:47.0984 0524 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    17:16:48.0031 0524 Update - ok
    17:16:48.0265 0524 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    17:16:48.0281 0524 USBAAPL - ok
    17:16:48.0453 0524 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    17:16:48.0484 0524 usbaudio - ok
    17:16:48.0671 0524 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:16:48.0703 0524 usbccgp - ok
    17:16:48.0953 0524 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:16:48.0968 0524 usbhub - ok
    17:16:49.0140 0524 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:16:49.0156 0524 usbprint - ok
    17:16:49.0296 0524 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:16:49.0296 0524 usbscan - ok
    17:16:49.0437 0524 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:16:49.0437 0524 USBSTOR - ok
    17:16:49.0593 0524 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:16:49.0593 0524 usbuhci - ok
    17:16:49.0765 0524 UtilNT (9111ddfded7d6c10e9c6b6369e49cf1e) C:\WINDOWS\system32\drivers\UtilNT.sys
    17:16:49.0812 0524 UtilNT - ok
    17:16:49.0984 0524 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    17:16:49.0984 0524 VgaSave - ok
    17:16:50.0109 0524 ViaIde - ok
    17:16:50.0265 0524 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:16:50.0265 0524 VolSnap - ok
    17:16:50.0453 0524 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys
    17:16:50.0468 0524 w800bus - ok
    17:16:50.0609 0524 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys
    17:16:50.0609 0524 w800mdfl - ok
    17:16:50.0734 0524 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys
    17:16:50.0750 0524 w800mdm - ok
    17:16:50.0906 0524 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys
    17:16:50.0921 0524 w800mgmt - ok
    17:16:51.0078 0524 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys
    17:16:51.0078 0524 w800obex - ok
    17:16:51.0234 0524 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:16:51.0234 0524 Wanarp - ok
    17:16:51.0359 0524 WDICA - ok
    17:16:51.0609 0524 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:16:51.0609 0524 wdmaud - ok
    17:16:51.0890 0524 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:16:51.0890 0524 WSTCODEC - ok
    17:16:52.0062 0524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:16:52.0078 0524 WudfPf - ok
    17:16:52.0250 0524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:16:52.0250 0524 WudfRd - ok
    17:16:52.0406 0524 xcpip - ok
    17:16:52.0546 0524 xpsec - ok
    17:16:52.0609 0524 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0
    17:16:52.0609 0524 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
    17:16:52.0609 0524 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
    17:16:52.0625 0524 Boot (0x1200) (bd5675b1a69f111464fed05d7dc2a235) \Device\Harddisk0\DR0\Partition0
    17:16:52.0625 0524 \Device\Harddisk0\DR0\Partition0 - ok
    17:16:52.0640 0524 ============================================================
    17:16:52.0640 0524 Scan finished
    17:16:52.0640 0524 ============================================================
    17:16:52.0687 3472 Detected object count: 1
    17:16:52.0687 3472 Actual detected object count: 1
    17:17:13.0890 3472 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
    17:17:13.0906 3472 \Device\Harddisk0\DR0 - ok
    17:17:13.0906 3472 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
    17:17:18.0000 3568 Deinitialize success
     
    duub,
    #3
  5. 2011/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please re-run TDSSKiller one more time so we can see it's clean.
     
    broni,
    #4
  6. 2011/11/20
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    21:50:00.0828 2788 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    21:50:01.0906 2788 ============================================================
    21:50:01.0906 2788 Current date / time: 2011/11/20 21:50:01.0906
    21:50:01.0906 2788 SystemInfo:
    21:50:01.0906 2788
    21:50:01.0906 2788 OS Version: 5.1.2600 ServicePack: 2.0
    21:50:01.0906 2788 Product type: Workstation
    21:50:01.0906 2788 ComputerName: XP-18
    21:50:01.0906 2788 UserName: Administrator
    21:50:01.0906 2788 Windows directory: C:\WINDOWS
    21:50:01.0906 2788 System windows directory: C:\WINDOWS
    21:50:01.0906 2788 Processor architecture: Intel x86
    21:50:01.0906 2788 Number of processors: 1
    21:50:01.0906 2788 Page size: 0x1000
    21:50:01.0906 2788 Boot type: Normal boot
    21:50:01.0906 2788 ============================================================
    21:50:02.0765 2788 Initialize success
    21:50:07.0781 2832 ============================================================
    21:50:07.0781 2832 Scan started
    21:50:07.0781 2832 Mode: Manual;
    21:50:07.0781 2832 ============================================================
    21:50:08.0062 2832 Abiosdsk - ok
    21:50:08.0187 2832 abp480n5 - ok
    21:50:08.0375 2832 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    21:50:08.0375 2832 ac97intc - ok
    21:50:08.0562 2832 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:50:08.0578 2832 ACPI - ok
    21:50:08.0734 2832 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:50:08.0781 2832 ACPIEC - ok
    21:50:08.0921 2832 adpu160m - ok
    21:50:09.0078 2832 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    21:50:09.0156 2832 aec - ok
    21:50:09.0328 2832 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    21:50:09.0406 2832 AFD - ok
    21:50:09.0593 2832 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:50:09.0593 2832 agp440 - ok
    21:50:09.0718 2832 Aha154x - ok
    21:50:09.0843 2832 aic78u2 - ok
    21:50:09.0953 2832 aic78xx - ok
    21:50:10.0109 2832 AliIde - ok
    21:50:10.0234 2832 amsint - ok
    21:50:10.0406 2832 asc - ok
    21:50:10.0531 2832 asc3350p - ok
    21:50:10.0656 2832 asc3550 - ok
    21:50:10.0843 2832 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    21:50:10.0921 2832 Aspi32 - ok
    21:50:11.0093 2832 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:50:11.0125 2832 AsyncMac - ok
    21:50:11.0312 2832 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:50:11.0343 2832 atapi - ok
    21:50:11.0515 2832 Atdisk - ok
    21:50:11.0671 2832 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:50:11.0718 2832 Atmarpc - ok
    21:50:11.0890 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:50:11.0921 2832 audstub - ok
    21:50:12.0046 2832 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    21:50:12.0078 2832 avgio - ok
    21:50:12.0265 2832 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    21:50:12.0265 2832 avgntflt - ok
    21:50:12.0437 2832 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    21:50:12.0484 2832 avipbb - ok
    21:50:12.0656 2832 Beep - ok
    21:50:12.0875 2832 C-Dilla (894ffbfc41be336443bee9c33010419a) C:\WINDOWS\System32\drivers\CDANT.SYS
    21:50:12.0953 2832 C-Dilla - ok
    21:50:13.0125 2832 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
    21:50:13.0203 2832 Camav - ok
    21:50:13.0359 2832 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
    21:50:13.0390 2832 camflt - ok
    21:50:13.0562 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:50:13.0593 2832 cbidf2k - ok
    21:50:13.0750 2832 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:50:13.0781 2832 CCDECODE - ok
    21:50:13.0921 2832 cd20xrnt - ok
    21:50:14.0078 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:50:14.0125 2832 Cdaudio - ok
    21:50:14.0281 2832 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:50:14.0296 2832 Cdfs - ok
    21:50:14.0484 2832 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:50:14.0515 2832 Cdrom - ok
    21:50:14.0656 2832 Changer - ok
    21:50:14.0812 2832 CmdIde - ok
    21:50:14.0968 2832 Cpqarray - ok
    21:50:15.0109 2832 dac2w2k - ok
    21:50:15.0234 2832 dac960nt - ok
    21:50:15.0421 2832 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:50:15.0421 2832 Disk - ok
    21:50:15.0609 2832 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
    21:50:15.0703 2832 dmboot - ok
    21:50:15.0890 2832 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
    21:50:15.0890 2832 dmio - ok
    21:50:16.0046 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:50:16.0046 2832 dmload - ok
    21:50:16.0187 2832 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    21:50:16.0218 2832 DMusic - ok
    21:50:16.0359 2832 dpti2o - ok
    21:50:16.0515 2832 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:50:16.0562 2832 drmkaud - ok
    21:50:16.0734 2832 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    21:50:16.0750 2832 EL90XBC - ok
    21:50:16.0953 2832 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:50:16.0953 2832 Fastfat - ok
    21:50:17.0125 2832 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:50:17.0171 2832 Fdc - ok
    21:50:17.0312 2832 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
    21:50:17.0343 2832 Fips - ok
    21:50:17.0515 2832 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:50:17.0531 2832 Flpydisk - ok
    21:50:17.0703 2832 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:50:17.0718 2832 FltMgr - ok
    21:50:17.0890 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:50:17.0921 2832 Fs_Rec - ok
    21:50:18.0093 2832 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:50:18.0109 2832 Ftdisk - ok
    21:50:18.0312 2832 G550DH (ef4b332994d2513d9419ddf98a07c243) C:\WINDOWS\system32\DRIVERS\g550dhm.sys
    21:50:18.0359 2832 G550DH - ok
    21:50:18.0531 2832 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    21:50:18.0562 2832 gameenum - ok
    21:50:18.0734 2832 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    21:50:18.0750 2832 GearAspiWDM - ok
    21:50:18.0921 2832 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:50:18.0937 2832 Gpc - ok
    21:50:19.0187 2832 hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    21:50:19.0640 2832 hardlock - ok
    21:50:19.0812 2832 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\System32\drivers\Haspnt.sys
    21:50:19.0859 2832 Haspnt - ok
    21:50:20.0046 2832 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:50:20.0078 2832 HidUsb - ok
    21:50:20.0218 2832 hpn - ok
    21:50:20.0359 2832 hpt3xx - ok
    21:50:20.0562 2832 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:50:20.0578 2832 HTTP - ok
    21:50:20.0718 2832 i2omgmt - ok
    21:50:20.0859 2832 i2omp - ok
    21:50:20.0984 2832 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:50:21.0000 2832 i8042prt - ok
    21:50:21.0156 2832 IdeBusDr (f6e7a36bf20e2f6fd36e021aadf76444) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
    21:50:21.0156 2832 IdeBusDr - ok
    21:50:21.0296 2832 IdeChnDr (7a3b21a7dccc5ef29fe7df0cc6692da1) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
    21:50:21.0296 2832 IdeChnDr - ok
    21:50:21.0468 2832 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:50:21.0500 2832 Imapi - ok
    21:50:21.0640 2832 ini910u - ok
    21:50:21.0781 2832 IntelIde (133b243ee5ccc607686a5648b807542d) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:50:21.0781 2832 IntelIde - ok
    21:50:21.0953 2832 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:50:21.0968 2832 Ip6Fw - ok
    21:50:22.0140 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:50:22.0187 2832 IpFilterDriver - ok
    21:50:22.0312 2832 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:50:22.0343 2832 IpInIp - ok
    21:50:22.0515 2832 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:50:22.0531 2832 IpNat - ok
    21:50:22.0687 2832 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:50:22.0734 2832 IPSec - ok
    21:50:22.0875 2832 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:50:22.0890 2832 IRENUM - ok
    21:50:23.0031 2832 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:50:23.0046 2832 isapnp - ok
    21:50:23.0187 2832 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:50:23.0203 2832 Kbdclass - ok
    21:50:23.0359 2832 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:50:23.0375 2832 kbdhid - ok
    21:50:23.0546 2832 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    21:50:23.0578 2832 kmixer - ok
    21:50:23.0750 2832 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:50:23.0765 2832 KSecDD - ok
    21:50:23.0921 2832 Lbd - ok
    21:50:24.0046 2832 lbrtfdc - ok
    21:50:24.0234 2832 mgabg (83467e439b58429b295ec7b69f04c200) C:\WINDOWS\system32\drivers\mgabg.sys
    21:50:24.0250 2832 mgabg - ok
    21:50:24.0406 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:50:24.0421 2832 mnmdd - ok
    21:50:24.0578 2832 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
    21:50:24.0609 2832 Modem - ok
    21:50:24.0750 2832 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:50:24.0781 2832 Mouclass - ok
    21:50:24.0937 2832 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:50:24.0968 2832 mouhid - ok
    21:50:25.0125 2832 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:50:25.0125 2832 MountMgr - ok
    21:50:25.0281 2832 mraid35x - ok
    21:50:25.0453 2832 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:50:25.0453 2832 MRxDAV - ok
    21:50:25.0640 2832 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:50:25.0671 2832 MRxSmb - ok
    21:50:25.0843 2832 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    21:50:25.0843 2832 Msfs - ok
    21:50:26.0000 2832 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:50:26.0031 2832 MSKSSRV - ok
    21:50:26.0187 2832 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:50:26.0218 2832 MSPCLOCK - ok
    21:50:26.0421 2832 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:50:26.0453 2832 MSPQM - ok
    21:50:26.0656 2832 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:50:26.0656 2832 mssmbios - ok
    21:50:26.0828 2832 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:50:26.0859 2832 MSTEE - ok
    21:50:27.0062 2832 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    21:50:27.0062 2832 Mup - ok
    21:50:27.0250 2832 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:50:27.0281 2832 NABTSFEC - ok
    21:50:27.0484 2832 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    21:50:27.0484 2832 NDIS - ok
    21:50:27.0656 2832 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:50:27.0687 2832 NdisIP - ok
    21:50:27.0859 2832 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:50:27.0875 2832 NdisTapi - ok
    21:50:28.0046 2832 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:50:28.0078 2832 Ndisuio - ok
    21:50:28.0265 2832 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:50:28.0296 2832 NdisWan - ok
    21:50:28.0468 2832 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:50:28.0500 2832 NDProxy - ok
    21:50:28.0687 2832 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:50:28.0687 2832 NetBIOS - ok
    21:50:28.0875 2832 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:50:28.0921 2832 NetBT - ok
    21:50:29.0140 2832 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    21:50:29.0140 2832 Npfs - ok
    21:50:29.0328 2832 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:50:29.0343 2832 Ntfs - ok
    21:50:29.0484 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:50:29.0515 2832 Null - ok
    21:50:29.0656 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:50:29.0687 2832 NwlnkFlt - ok
    21:50:29.0859 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:50:29.0875 2832 NwlnkFwd - ok
    21:50:30.0046 2832 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:50:30.0078 2832 Parport - ok
    21:50:30.0234 2832 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:50:30.0234 2832 PartMgr - ok
    21:50:30.0421 2832 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:50:30.0453 2832 ParVdm - ok
    21:50:30.0640 2832 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:50:30.0640 2832 PCI - ok
    21:50:30.0781 2832 PCIDump - ok
    21:50:30.0921 2832 PCIIde - ok
    21:50:31.0125 2832 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:50:31.0171 2832 Pcmcia - ok
    21:50:31.0312 2832 PDCOMP - ok
    21:50:31.0468 2832 PDFRAME - ok
    21:50:31.0609 2832 PDRELI - ok
    21:50:31.0765 2832 PDRFRAME - ok
    21:50:31.0921 2832 perc2 - ok
    21:50:32.0078 2832 perc2hib - ok
    21:50:32.0312 2832 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    21:50:32.0343 2832 pfc - ok
    21:50:32.0703 2832 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:50:32.0765 2832 PptpMiniport - ok
    21:50:33.0187 2832 Processor (7eb2687f1fc3134eeb072878c48d91ac) C:\WINDOWS\system32\DRIVERS\processr.sys
    21:50:33.0296 2832 Processor - ok
    21:50:33.0671 2832 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:50:33.0734 2832 PSched - ok
    21:50:34.0140 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:50:34.0187 2832 Ptilink - ok
    21:50:34.0640 2832 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:50:34.0656 2832 PxHelp20 - ok
    21:50:35.0000 2832 ql1080 - ok
    21:50:35.0390 2832 Ql10wnt - ok
    21:50:35.0765 2832 ql12160 - ok
    21:50:36.0218 2832 ql1240 - ok
    21:50:36.0406 2832 ql1280 - ok
    21:50:36.0562 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:50:36.0578 2832 RasAcd - ok
    21:50:36.0765 2832 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:50:36.0781 2832 Rasl2tp - ok
    21:50:37.0078 2832 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:50:37.0140 2832 RasPppoe - ok
    21:50:37.0578 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:50:37.0609 2832 Raspti - ok
    21:50:37.0781 2832 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:50:37.0796 2832 Rdbss - ok
    21:50:37.0937 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:50:37.0968 2832 RDPCDD - ok
    21:50:38.0156 2832 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:50:38.0203 2832 rdpdr - ok
    21:50:38.0375 2832 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:50:38.0437 2832 RDPWD - ok
    21:50:38.0609 2832 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:50:38.0640 2832 redbook - ok
    21:50:38.0921 2832 Secdrv (f376a1580204e47f37a721e1cbc5582a) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:50:38.0953 2832 Secdrv - ok
    21:50:39.0125 2832 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:50:39.0171 2832 serenum - ok
    21:50:39.0312 2832 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:50:39.0390 2832 Serial - ok
    21:50:39.0734 2832 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    21:50:39.0765 2832 Sfloppy - ok
    21:50:39.0953 2832 Simbad - ok
    21:50:40.0125 2832 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:50:40.0156 2832 SLIP - ok
    21:50:40.0296 2832 Sparrow - ok
    21:50:40.0453 2832 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    21:50:40.0468 2832 splitter - ok
    21:50:40.0656 2832 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:50:40.0656 2832 sr - ok
    21:50:40.0843 2832 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:50:40.0859 2832 Srv - ok
    21:50:41.0046 2832 SSI (9910b19fed16e3e073d48efc4422f29c) C:\WINDOWS\system32\Drivers\SSI.SYS
    21:50:41.0062 2832 SSI - ok
    21:50:41.0250 2832 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    21:50:41.0265 2832 ssmdrv - ok
    21:50:41.0437 2832 Stltrk2k (12ab16135e1c02d5878a9957e4c99e7d) C:\WINDOWS\system32\drivers\Stltrk2k.sys
    21:50:41.0453 2832 Stltrk2k - ok
    21:50:41.0609 2832 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:50:41.0625 2832 streamip - ok
    21:50:41.0781 2832 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:50:41.0812 2832 swenum - ok
    21:50:42.0046 2832 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    21:50:42.0078 2832 swmidi - ok
    21:50:42.0406 2832 symc810 - ok
    21:50:42.0546 2832 symc8xx - ok
    21:50:42.0671 2832 sym_hi - ok
    21:50:42.0796 2832 sym_u3 - ok
    21:50:42.0953 2832 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:50:42.0984 2832 sysaudio - ok
    21:50:43.0218 2832 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:50:43.0296 2832 Tcpip - ok
    21:50:43.0468 2832 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:50:43.0484 2832 TDPIPE - ok
    21:50:43.0625 2832 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:50:43.0656 2832 TDTCP - ok
    21:50:43.0828 2832 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:50:43.0843 2832 TermDD - ok
    21:50:44.0031 2832 TosIde - ok
    21:50:44.0218 2832 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    21:50:44.0250 2832 Udfs - ok
    21:50:44.0390 2832 ultra - ok
    21:50:44.0640 2832 UPATC (dcf812e04e90d5e07cc09795d1dfe92a) C:\WINDOWS\system32\DRIVERS\upatc.sys
    21:50:44.0671 2832 UPATC - ok
    21:50:44.0859 2832 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    21:50:44.0921 2832 Update - ok
    21:50:45.0125 2832 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:50:45.0140 2832 USBAAPL - ok
    21:50:45.0312 2832 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    21:50:45.0359 2832 usbaudio - ok
    21:50:45.0531 2832 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:50:45.0578 2832 usbccgp - ok
    21:50:45.0750 2832 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:50:45.0781 2832 usbhub - ok
    21:50:46.0046 2832 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:50:46.0062 2832 usbprint - ok
    21:50:46.0265 2832 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:50:46.0281 2832 usbscan - ok
    21:50:46.0437 2832 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:50:46.0453 2832 USBSTOR - ok
    21:50:46.0609 2832 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:50:46.0640 2832 usbuhci - ok
    21:50:46.0984 2832 UtilNT (9111ddfded7d6c10e9c6b6369e49cf1e) C:\WINDOWS\system32\drivers\UtilNT.sys
    21:50:47.0046 2832 UtilNT - ok
    21:50:47.0328 2832 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    21:50:47.0359 2832 VgaSave - ok
    21:50:47.0500 2832 ViaIde - ok
    21:50:47.0671 2832 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:50:47.0671 2832 VolSnap - ok
    21:50:47.0875 2832 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys
    21:50:47.0906 2832 w800bus - ok
    21:50:48.0062 2832 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys
    21:50:48.0093 2832 w800mdfl - ok
    21:50:48.0265 2832 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys
    21:50:48.0296 2832 w800mdm - ok
    21:50:48.0484 2832 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys
    21:50:48.0531 2832 w800mgmt - ok
    21:50:48.0671 2832 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys
    21:50:48.0703 2832 w800obex - ok
    21:50:48.0875 2832 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:50:48.0906 2832 Wanarp - ok
    21:50:49.0031 2832 WDICA - ok
    21:50:49.0203 2832 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:50:49.0234 2832 wdmaud - ok
    21:50:49.0703 2832 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:50:49.0765 2832 WSTCODEC - ok
    21:50:50.0062 2832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:50:50.0125 2832 WudfPf - ok
    21:50:50.0328 2832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:50:50.0359 2832 WudfRd - ok
    21:50:50.0515 2832 xcpip - ok
    21:50:50.0656 2832 xpsec - ok
    21:50:50.0718 2832 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    21:50:50.0812 2832 \Device\Harddisk0\DR0 - ok
    21:50:50.0875 2832 Boot (0x1200) (bd5675b1a69f111464fed05d7dc2a235) \Device\Harddisk0\DR0\Partition0
    21:50:50.0875 2832 \Device\Harddisk0\DR0\Partition0 - ok
    21:50:50.0875 2832 ============================================================
    21:50:50.0875 2832 Scan finished
    21:50:50.0875 2832 ============================================================
    21:50:50.0921 2816 Detected object count: 0
    21:50:50.0921 2816 Actual detected object count: 0
     
    duub,
    #5
  7. 2011/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2011/11/21
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Broni,

    Combofix ran for some time, first proposed to install Recovery Console, but then stated that there was ni internet connection (which I suppose CF itself disconnected, because before and after running there WAS/ IS connection. Then it did all it's 50 parts,
    reported erasing files and folders, rebooted the computer, stated it would make a report, closed after some time and forced the pc to reboot again after that.
    but I cannot find the report :confused:
    I DID find some textdocuments in the C:\Combofix\ directory that WERE made at or about that time;

    ComboFix 11-11-20.02 - Administrator 21-11-2011 22:44:52.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.512.131 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    (recovery console not installed on this system!!!!)

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: MAXTOR_6 rev.A93. -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0

    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.512.131 [GMT 1:00]

    .:\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\)
    C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\)
    C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\)
    C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\)
    C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\)
    C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\)
    C:\\boot.ini\\\(0!\|0\\0\)
    C:\\ntdetect.com\\\(0!\|0\\0\)
    C:\\ntldr\\\(0!\|0\\0\)
    C:\\WINDOWS\\\(\\\|0!\|0\\0\)
    C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\)

    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
     
    duub,
    #7
  9. 2011/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run it please.
     
    broni,
    #8
  10. 2011/11/21
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    I re-ran it.
    It made a reset-point, or how is it called?
    Then it again reported no internet-connection, and failed to install recovery console. I was away for some minutes, expecteing it to scan for some time again, when my pc had rebooted, awaiting my password.
    After this I checked C:\ -no log, and the C:\Combofix folder contains again my A: C: D: and E: drive...?

    btw, when CF stated no internetconnection I started Firefox, just to know if... It just connected. May this have something to do with me having to connect via ProxyServer?
     
    duub,
    #9
  11. 2011/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run it from Safe Mode and skip recovery console installation (you can't do it anyway since in safe mode you won't have any connection.
     
    broni,
    #10
  12. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Broni, just help me out; for safe mode I start up with F7 pressed down, right?
     
    duub,
    #11
  13. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    could find that on the internet, of course F8 :)
    CF running in safe mode now
     
    duub,
    #12
  14. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Combofix ran ok, it seems to me
    proposed the Recovery Console -I skipped that
    it ran until Nr. 50
    said it would prepare a log, quit and rebooted the system -into normal mode

    and again:
    no CF-log in C:
    a lot of .dat files under C:\Combofix
    and one Combofix.txt

    ComboFix 11-11-20.02 - Administrator 22-11-2011 20:12:31.2.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.512.249 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! (not installed on this system)
     
    duub,
    #13
  15. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Is this relevant information?
    Windows -for quite some time already- cannot install all the updates it finds

    The system IS significantly less slow since some time, which is nice :)
     
    Last edited: 2011/11/22
    duub,
    #14
  16. 2011/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete your Combofix file, download fresh one and try to run it again (in safe mode if needed).
     
    broni,
    #15
  17. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Combofix won't run, either in normal or in safe mode.
    system crashes before CF started first of 50 scans, errormessage window only one second shown.
    should I try RKill?
     
    duub,
    #16
  18. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Combofix won't run, neither in normal nor in safe mode...
    system crashes and reboots

    should I try RKill + CF renamed?

    sorry, twice
     
    duub,
    #17
  19. 2011/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can try that.
     
    broni,
    #18
  20. 2011/11/22
    duub

    duub Inactive Thread Starter

    Joined:
    2011/11/15
    Messages:
    102
    Likes Received:
    0
    Broni,

    CF won't work this way either,
    again, both in normal and in safe mode
    RKill functioned both times, with the black DOSbox.
    CF stalled after initiating, after trying to install Rec Cons
    heard my hard disk muttering for a long time, then stay silent for a while, then again muttering and again crash :mad:
    with messages after reboot that my system recovered from a serious crash

    what's next? :confused:

    (I'll go to sleep now, hope to see your answer in the morning!)
     
    duub,
    #19
  21. 2011/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #20
Page 1 of 3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...