Author Topic: [Resolved] Redirected searches, unexpected shutdowns, and Internet locked  (Read 8591 times)

0 Members and 1 Guest are viewing this topic.

Offline E310

  • Bronze Member
  • Posts: 75
Sure thing, Bear. That's this one:


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-B7YW4-YHWJT-F49DF
Windows Product Key Hash: hYnLoZkPt/zjwV3LyWy70xtJa04=
Windows Product ID: 89576-OEM-7205446-77551
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.0.6001.2.00010100.1.0.006
ID: {775C0D67-AFEE-4B84-9788-7B2B7CE36524}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Business
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Users\Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{775C0D67-AFEE-4B84-9788-7B2B7CE36524}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010100.1.0.006</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-F49DF</PKey><PID>89576-OEM-7205446-77551</PID><PIDType>8</PIDType><SID>S-1-5-21-959352362-581761041-2300734415</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 420 Series </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.3</Version><SMBIOSVersion major="2" minor="5"/><Date>20081024000000.000000+000</Date></BIOS><HWID>00323507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, Business edition
Description: Windows Operating System - Vista, OEM_COA_SLP channel
Activation ID: f758e09b-7c7c-492c-b78c-aba5bd4e3f5b
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89576-00144-054-477551-02-1033-6001.0000-0582012
Installation ID: 016242145033558356873052898630443665370073204561572835
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: F49DF
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEAJJQK46QFpGPqaqp/CIWQfNaW8vQa7Ph3rFb3PExY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name   OEMID Value   OEMTableID Value
  APIC         102408      APIC1017
  FACP         102408      FACP1017
  HPET         102408      OEMHPET
  MCFG         102408      OEMMCFG
  OEMB         102408      OEMB1017
  GSCI         102408      GMCHSCI
  SSDT         DpgPmm      CpuPm

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie

The DDS looks good.  Let's take another look at RogueKiller.

Quit all running programs.  Double click RogueKiller.exe to run it.  For Vista/Seven, right click and select run as administrator, for XP simply run RogueKiller.exe.   When prompted, type 1 and hit Enter.
A RKreport.txt should appear on your desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
Please post the contents of the RKreport.txt in your next Reply.

If this shows up OK we will install SP2 to see if we can correct some of the update errors in DDS.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Bear ... I wasn't prompted to hit 1, but the scan completed. (Better than what we were getting last time!) Also, Windows Update downloaded 13 more updates. Should I go ahead and run them?

Here's the RK log:

RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Adriana [Admin rights]
Mode: Scan -- Date: 02/28/2012 23:05:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] aecdeb89f2e5def9e1c102e0f949e20b
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie

Yes, this one is much better.  RogueKiller was fine.

1.  Let's try installing SP2.  Download and install VistaSP2.

Let me know if you have any problems. 

2.  Please download VEW by Vino Rosso from HERE and save it to your Desktop.
    3.  Double-click VEW.exe. to start, Vista and Windows 7 users Right Click and select Run as Administrator.

    4.  Under Select log to query check the boxes for both Application and System.  Under Select type to list select both Error and Critical.

    5.  Click the radio button for Number of events...Type 10 in the 1 to 20 box.
    Click the Run button.

    Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

    Please post the Output log in your next reply.


Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Bear ... I keep forgetting to mention that I am connected to the internet "wirelessly". The ethernet adapter is not working (shows up with the exclamation mark under Device Manager).

Here is the log you requested:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/02/2012 9:09:45 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/02/2012 2:04:46 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (1020) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 29/02/2012 1:47:40 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/02/2012 1:47:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/02/2012 1:14:05 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/02/2012 12:37:49 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/02/2012 12:24:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/02/2012 3:48:04 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/02/2012 1:07:09 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/02/2012 12:37:52 PM
Type: Error Category: 3
Event: 3024 Source: Microsoft-Windows-Search
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog


Log: 'Application' Date/Time: 27/02/2012 12:37:52 PM
Type: Error Category: 3
Event: 3024 Source: Microsoft-Windows-Search
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/02/2012 1:40:20 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/02/2012 1:12:31 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Log: 'System' Date/Time: 29/02/2012 12:52:43 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/02/2012 12:37:36 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Log: 'System' Date/Time: 29/02/2012 12:29:15 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/02/2012 12:23:17 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Log: 'System' Date/Time: 29/02/2012 4:12:07 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/02/2012 3:46:29 AM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Log: 'System' Date/Time: 28/02/2012 3:10:09 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 27/02/2012 1:05:37 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie
I suspect when you reimaged you lost your lan drivers.  Let's see if we can get them back through Windows update, if not we will have to look for them.

Go to Start/Windows Update and install all recommended updates.  Also look at all optional updates to see if there is a lan driver available.  If you are not sure post the names and I will look at them.  You may have to do this more than once to get your operating system and Internet Explorer up to date.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Bear ... right on the money. Ethernet is up. Last one is an SM Bus Controller. Other than that ... how are we? Does this PC get a clean bill of health yet?

And how about the two "Windows.old" and "Windows.old.000" files?

Eddie

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie

Not too concerned about those files as they look like they were part of an update.  But just to be double safe:

1.  Open Notepad and click File/Save As, name the file windowsold.bat and Save it to your desktop.  Copy the code in the code box below and paste it into that Notepad window.  Click File/Save and close the window.

Now double click on the windowsold.bat icon.


Code: [Select]


attrib -r -a -s -h "C:\Windows.old.000" /s  /d
attrib -r -a -s -h "C:\Windows.old" /s /d
dir C:\Windows.old.000 /a /s > "C:\Users\ashley 2\Desktop\windowsold.txt"
dir C:\Windows.old /a /s >> "C:\Users\ashley 2\Desktop\windowsold.txt" | notepad




2.  Now close the open notepad on your desktop.  Open windowsold.txt and post the results.

If we don't see anything suspicious, we will proceed to hardening your PC against future infection.


Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Bear ... the log is 12 MB. I tried pasting 25% at a time and I still get an error.

ZIP and attach? What's the move?

Eddie

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie
If the log is 12 MB, that tells me all I need to know.  Just delete the log.  Let's do a couple of good malware scans on your PC and then if all is well move on to finalizing it.

1.  Please download Malwarebytes Anti-Malware and save it to your desktop.  Be sure to refuse the trial offer.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes. Make sure you are connected to the Internet.   Double-click on mbam-setup.exe to install the application.
•   When the installation begins, follow the prompts and do not make any changes to default settings.
•   When installation has finished, make sure you leave both of these checked:
o   Update Malwarebytes' Anti-Malware
o   Launch Malwarebytes' Anti-Malware
•   Then click Finish.
•   MBAM will automatically start and you will be asked to update the program before performing a scan.
•   If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
•   If you encounter any problems while downloading the definition updates, manually download them from updates  and just double-click on mbam-rules.exe to install.

2.  On the Scanner tab:
•   Make sure the "Perform Full Scan" option is selected.
•   Then click on the Scan button.
•   If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
•   The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
•   When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
•   Click OK to close the message box and continue with the removal process.

3.  Back at the main Scanner screen:
•   Click on the Show Results button to see a list of any malware that was found.
•   Make sure that everything is checked, and click Remove Selected.
•   When removal is completed, a log report will open in Notepad.
•   The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
•   Exit MBAM when done.
•   
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

4.  Download ESET Online Scanner ESET Online Scanner and save it to your desktop.

5.  Double-click on esetsmartinstaller and then click Run.  Click Yes on the license and then Start.

6.  Be sure that ONLY the following items are checked:
   Remove found threats
   Scan for potentially unwanted applications
   Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish.  Do not click on the interface, download or install anything until the scan completes.  When the scan completes click Finish.

7.  Navigate to the following file path, C:\Program Files\ESET\ESET Online Scanner and Double-click on the log.txt file.  Click File/Save As and name the file ESETLog.txt and save it to your desktop.

Please post the mbam-log-(date) and ESETLog.txt.



Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Here we go, Bear:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Adriana :: ADRIANA-PC [administrator]

3/2/2012 6:29:50 PM
mbam-log-2012-03-02 (18-29-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436102
Time elapsed: 1 hour(s), 46 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 28
C:\Windows.old\Users\ashley 2\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup1025957200.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup117681792.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup1772416648.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2136772384.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2266980928.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\control.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup613372752.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup658408424.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup735471456.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup3199154992.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup3232233232.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup3507165608.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup3684556096.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup393492864.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup4006715080.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup4008178352.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup4118481680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup4226579152.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup444968384.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup786946976.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2298272816.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2353101248.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2459530972.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2482078624.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2606435360.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows.old\Users\ashley 2\Desktop\RK_Quarantine\ZooskMessenger.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Guest\Downloads\MightyMagooSetup.exe (PUP.Dropper.Gen) -> Quarantined and deleted successfully.

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2fef94bba1e5f740af0a8c672720d3c8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-03 02:28:51
# local_time=2012-03-02 09:28:51 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 0 167345634 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=264508
# found=11
# cleaned=11
# scan_time=3599
C:\Windows.old\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll   Win32/Adware.Bandoo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll   Win32/Adware.Bandoo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js   Win32/Adware.Bandoo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp:winupd.exe   a variant of Win32/Kryptik.ZIK trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\Av-test.txt   Eicar test file (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\bing.exe   Win32/Toolbar.Zugo application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\ooVooTBing.exe   Win32/Toolbar.Zugo application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup1493594240.exe   a variant of Win32/Olmarik.AWG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup2445319600.exe   a variant of Win32/Olmarik.AWG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup4281785408.exe   a variant of Win32/Olmarik.AWG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows.old\Users\ashley 2\AppData\Local\Temp\setup857397152.exe   a variant of Win32/Olmarik.AWG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2670
Hi Eddie

Well, so much for the simple fix.  Where did all that come from?  Had no indications of it in the earlier scans.  We're definitely going to have to run some additional tools.

1.  Before we begin, let's create a system restore point.  Click on start and right click on Computer and select Properties.  Click on System Protection and click Create. Name the restore point "Before TDSSKiller" and create the point.

Please read carefully and follow these steps:

2.  Download TDSSKiller and save it to your Desktop.   

3.  Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

4.  Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

5.  If an infected file is detected, the default action will be Cure, click on Continue.  If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

6.  If reboot is NOT required, click on Report.   Please copy that file.  If a reboot IS required, the report can also be found in your root directory (usually C:\ folder).   It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

Please read carefully and follow these steps:

7.  Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

8.  Disable all of your Anti-Virus, Anti-Spyware programs.  If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

9.  Double click combofix.exe.  For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

Note:  This site has size limits on posts.  Please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
TDSSKiller log
ComboFix.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well



Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline E310

  • Bronze Member
  • Posts: 75
Here's one log, BEar:

08:59:05.0730 1268   TDSS rootkit removing tool 2.7.18.0 Mar  2 2012 09:40:07
08:59:05.0980 1268   ============================================================
08:59:05.0980 1268   Current date / time: 2012/03/03 08:59:05.0980
08:59:05.0980 1268   SystemInfo:
08:59:05.0980 1268   
08:59:05.0980 1268   OS Version: 6.0.6002 ServicePack: 2.0
08:59:05.0980 1268   Product type: Workstation
08:59:05.0980 1268   ComputerName: ADRIANA-PC
08:59:05.0980 1268   UserName: Adriana
08:59:05.0980 1268   Windows directory: C:\Windows
08:59:05.0980 1268   System windows directory: C:\Windows
08:59:05.0980 1268   Processor architecture: Intel x86
08:59:05.0980 1268   Number of processors: 4
08:59:05.0980 1268   Page size: 0x1000
08:59:05.0980 1268   Boot type: Normal boot
08:59:05.0980 1268   ============================================================
08:59:06.0885 1268   Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:59:06.0885 1268   \Device\Harddisk0\DR0:
08:59:06.0885 1268   MBR used
08:59:06.0885 1268   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D194CA2
08:59:06.0900 1268   Initialize success
08:59:06.0900 1268   ============================================================
08:59:48.0240 2120   ============================================================
08:59:48.0240 2120   Scan started
08:59:48.0240 2120   Mode: Manual; SigCheck; TDLFS;
08:59:48.0240 2120   ============================================================
08:59:49.0972 2120   ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:59:50.0081 2120   ACPI - ok
08:59:50.0222 2120   adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:59:50.0237 2120   adp94xx - ok
08:59:50.0315 2120   adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:59:50.0331 2120   adpahci - ok
08:59:50.0362 2120   adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:59:50.0362 2120   adpu160m - ok
08:59:50.0378 2120   adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:59:50.0393 2120   adpu320 - ok
08:59:50.0456 2120   AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:59:50.0534 2120   AFD - ok
08:59:50.0658 2120   agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:59:50.0658 2120   agp440 - ok
08:59:50.0690 2120   aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:59:50.0690 2120   aic78xx - ok
08:59:50.0721 2120   aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:59:50.0721 2120   aliide - ok
08:59:50.0768 2120   amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:59:50.0768 2120   amdagp - ok
08:59:50.0814 2120   amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:59:50.0814 2120   amdide - ok
08:59:50.0846 2120   AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:59:50.0892 2120   AmdK7 - ok
08:59:51.0064 2120   AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:59:51.0095 2120   AmdK8 - ok
08:59:51.0407 2120   amdkmdag        (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
08:59:51.0719 2120   amdkmdag - ok
08:59:51.0875 2120   amdkmdap        (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
08:59:51.0906 2120   amdkmdap - ok
08:59:52.0062 2120   arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:59:52.0062 2120   arc - ok
08:59:52.0094 2120   arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:59:52.0109 2120   arcsas - ok
08:59:52.0140 2120   AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:59:52.0187 2120   AsyncMac - ok
08:59:52.0218 2120   atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:59:52.0218 2120   atapi - ok
08:59:52.0281 2120   Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:59:52.0328 2120   Beep - ok
08:59:52.0374 2120   blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:59:52.0421 2120   blbdrive - ok
08:59:52.0499 2120   bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:59:52.0546 2120   bowser - ok
08:59:52.0655 2120   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:59:52.0749 2120   BrFiltLo - ok
08:59:52.0936 2120   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:59:52.0983 2120   BrFiltUp - ok
08:59:53.0061 2120   Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:59:53.0186 2120   Brserid - ok
08:59:53.0388 2120   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:59:53.0435 2120   BrSerWdm - ok
08:59:53.0513 2120   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:59:53.0576 2120   BrUsbMdm - ok
08:59:53.0591 2120   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:59:53.0654 2120   BrUsbSer - ok
08:59:53.0763 2120   BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:59:53.0810 2120   BTHMODEM - ok
08:59:53.0950 2120   cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:59:53.0981 2120   cdfs - ok
08:59:54.0028 2120   cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:59:54.0059 2120   cdrom - ok
08:59:54.0106 2120   circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:59:54.0137 2120   circlass - ok
08:59:54.0168 2120   CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:59:54.0184 2120   CLFS - ok
08:59:54.0262 2120   cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:59:54.0262 2120   cmdide - ok
08:59:54.0278 2120   Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
08:59:54.0293 2120   Compbatt - ok
08:59:54.0324 2120   crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:59:54.0340 2120   crcdisk - ok
08:59:54.0387 2120   Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:59:54.0402 2120   Crusoe - ok
08:59:54.0449 2120   CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
08:59:54.0512 2120   CSC - ok
08:59:54.0792 2120   DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:59:54.0855 2120   DfsC - ok
08:59:54.0980 2120   disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:59:54.0995 2120   disk - ok
08:59:55.0042 2120   DNIMp50         (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
08:59:55.0058 2120   DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
08:59:55.0058 2120   DNIMp50 - detected UnsignedFile.Multi.Generic (1)
08:59:55.0104 2120   DNISp50         (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
08:59:55.0120 2120   DNISp50 ( UnsignedFile.Multi.Generic ) - warning
08:59:55.0120 2120   DNISp50 - detected UnsignedFile.Multi.Generic (1)
08:59:55.0245 2120   drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:59:55.0276 2120   drmkaud - ok
08:59:55.0354 2120   DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:59:55.0370 2120   DXGKrnl - ok
08:59:55.0416 2120   E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:59:55.0479 2120   E1G60 - ok
08:59:55.0557 2120   Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:59:55.0588 2120   Ecache - ok
08:59:55.0682 2120   elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:59:55.0713 2120   elxstor - ok
08:59:55.0822 2120   ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:59:55.0869 2120   ErrDev - ok
08:59:56.0025 2120   exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:59:56.0056 2120   exfat - ok
08:59:56.0150 2120   fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:59:56.0243 2120   fastfat - ok
08:59:56.0290 2120   fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:59:56.0337 2120   fdc - ok
08:59:56.0462 2120   FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:59:56.0477 2120   FileInfo - ok
08:59:56.0649 2120   Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:59:56.0696 2120   Filetrace - ok
08:59:56.0898 2120   flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:59:56.0930 2120   flpydisk - ok
08:59:57.0242 2120   FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:59:57.0257 2120   FltMgr - ok
08:59:57.0444 2120   Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:59:57.0491 2120   Fs_Rec - ok
08:59:57.0756 2120   gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:59:57.0772 2120   gagp30kx - ok
08:59:58.0193 2120   HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
08:59:58.0287 2120   HdAudAddService - ok
08:59:58.0895 2120   HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:59:59.0363 2120   HDAudBus - ok
08:59:59.0738 2120   HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:59:59.0862 2120   HidBth - ok
09:00:00.0190 2120   HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:00:00.0268 2120   HidIr - ok
09:00:00.0471 2120   HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:00:00.0518 2120   HidUsb - ok
09:00:00.0642 2120   HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:00:00.0658 2120   HpCISSs - ok
09:00:00.0720 2120   HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:00:00.0783 2120   HTTP - ok
09:00:01.0048 2120   i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:00:01.0079 2120   i2omp - ok
09:00:01.0454 2120   i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:00:01.0485 2120   i8042prt - ok
09:00:01.0828 2120   iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:00:01.0859 2120   iaStorV - ok
09:00:02.0078 2120   iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:00:02.0093 2120   iirsp - ok
09:00:02.0312 2120   intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:00:02.0312 2120   intelide - ok
09:00:02.0390 2120   intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:00:02.0421 2120   intelppm - ok
09:00:02.0780 2120   IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:00:02.0842 2120   IpFilterDriver - ok
09:00:03.0154 2120   IpInIp - ok
09:00:03.0497 2120   IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:00:03.0544 2120   IPMIDRV - ok
09:00:03.0887 2120   IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:00:03.0950 2120   IPNAT - ok
09:00:04.0308 2120   IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:00:04.0371 2120   IRENUM - ok
09:00:04.0667 2120   isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:00:04.0698 2120   isapnp - ok
09:00:05.0088 2120   iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:00:05.0104 2120   iScsiPrt - ok
09:00:05.0338 2120   iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:00:05.0400 2120   iteatapi - ok
09:00:05.0728 2120   iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:00:05.0759 2120   iteraid - ok
09:00:06.0071 2120   kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:00:06.0087 2120   kbdclass - ok
09:00:06.0352 2120   kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:00:06.0368 2120   kbdhid - ok
09:00:06.0570 2120   KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:00:06.0695 2120   KSecDD - ok
09:00:07.0023 2120   lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:00:07.0085 2120   lltdio - ok
09:00:07.0397 2120   LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:00:07.0428 2120   LSI_FC - ok
09:00:07.0522 2120   LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:00:07.0553 2120   LSI_SAS - ok
09:00:07.0740 2120   LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:00:07.0756 2120   LSI_SCSI - ok
09:00:07.0803 2120   luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:00:07.0834 2120   luafv - ok
09:00:07.0928 2120   megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:00:07.0943 2120   megasas - ok
09:00:08.0364 2120   MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:00:08.0427 2120   MegaSR - ok
09:00:08.0536 2120   Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:00:08.0583 2120   Modem - ok
09:00:08.0910 2120   monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:00:08.0973 2120   monitor - ok
09:00:09.0144 2120   mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:00:09.0160 2120   mouclass - ok
09:00:09.0410 2120   mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:00:09.0503 2120   mouhid - ok
09:00:09.0722 2120   MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:00:09.0722 2120   MountMgr - ok
09:00:09.0987 2120   MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
09:00:10.0002 2120   MpFilter - ok
09:00:10.0158 2120   mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:00:10.0174 2120   mpio - ok
09:00:10.0299 2120   MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:00:10.0330 2120   MpNWMon - ok
09:00:10.0486 2120   mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:00:10.0517 2120   mpsdrv - ok
09:00:10.0564 2120   Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:00:10.0564 2120   Mraid35x - ok
09:00:10.0767 2120   MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:00:10.0814 2120   MRxDAV - ok
09:00:11.0016 2120   mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:00:11.0079 2120   mrxsmb - ok
09:00:11.0266 2120   mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:00:11.0282 2120   mrxsmb10 - ok
09:00:11.0562 2120   mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:00:11.0594 2120   mrxsmb20 - ok
09:00:11.0968 2120   msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
09:00:11.0984 2120   msahci - ok
09:00:12.0030 2120   msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:00:12.0046 2120   msdsm - ok
09:00:12.0233 2120   Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:00:12.0264 2120   Msfs - ok
09:00:12.0467 2120   msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:00:12.0483 2120   msisadrv - ok
09:00:12.0608 2120   MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:00:12.0670 2120   MSKSSRV - ok
09:00:12.0842 2120   MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:00:12.0888 2120   MSPCLOCK - ok
09:00:13.0232 2120   MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:00:13.0294 2120   MSPQM - ok
09:00:13.0497 2120   MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:00:13.0559 2120   MsRPC - ok
09:00:13.0840 2120   mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:00:13.0856 2120   mssmbios - ok
09:00:14.0183 2120   MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:00:14.0230 2120   MSTEE - ok
09:00:14.0480 2120   Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:00:14.0511 2120   Mup - ok
09:00:14.0792 2120   NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:00:14.0838 2120   NativeWifiP - ok
09:00:15.0135 2120   NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:00:15.0260 2120   NDIS - ok
09:00:15.0681 2120   NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:00:15.0759 2120   NdisTapi - ok
09:00:15.0946 2120   Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:00:16.0008 2120   Ndisuio - ok
09:00:16.0352 2120   NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:00:16.0414 2120   NdisWan - ok
09:00:16.0710 2120   NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:00:16.0773 2120   NDProxy - ok
09:00:17.0007 2120   NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:00:17.0054 2120   NetBIOS - ok
09:00:17.0210 2120   netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:00:17.0288 2120   netbt - ok
09:00:17.0537 2120   nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:00:17.0568 2120   nfrd960 - ok
09:00:17.0771 2120   NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:00:17.0787 2120   NisDrv - ok
09:00:18.0005 2120   Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:00:18.0068 2120   Npfs - ok
09:00:18.0270 2120   nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:00:18.0333 2120   nsiproxy - ok
09:00:18.0723 2120   Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:00:19.0097 2120   Ntfs - ok
09:00:19.0503 2120   ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:00:19.0581 2120   ntrigdigi - ok
09:00:19.0752 2120   Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:00:19.0799 2120   Null - ok
09:00:19.0971 2120   nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:00:19.0986 2120   nvraid - ok
09:00:20.0158 2120   nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:00:20.0174 2120   nvstor - ok
09:00:20.0345 2120   nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:00:20.0392 2120   nv_agp - ok
09:00:20.0626 2120   NwlnkFlt - ok
09:00:20.0735 2120   NwlnkFwd - ok
09:00:20.0891 2120   ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:00:20.0969 2120   ohci1394 - ok
09:00:21.0110 2120   Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:00:21.0172 2120   Parport - ok
09:00:21.0468 2120   partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:00:21.0484 2120   partmgr - ok
09:00:21.0656 2120   Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:00:21.0687 2120   Parvdm - ok
09:00:21.0890 2120   pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:00:21.0952 2120   pci - ok
09:00:22.0248 2120   pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:00:22.0248 2120   pciide - ok
09:00:22.0514 2120   pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:00:22.0545 2120   pcmcia - ok
09:00:22.0841 2120   PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:00:23.0044 2120   PEAUTH - ok
09:00:23.0325 2120   PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:00:23.0403 2120   PptpMiniport - ok
09:00:23.0606 2120   Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:00:23.0668 2120   Processor - ok
09:00:23.0964 2120   PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:00:24.0058 2120   PSched - ok
09:00:24.0542 2120   ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:00:24.0916 2120   ql2300 - ok
09:00:25.0337 2120   ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:00:25.0368 2120   ql40xx - ok
09:00:25.0524 2120   QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:00:25.0649 2120   QWAVEdrv - ok
09:00:25.0836 2120   RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:00:25.0883 2120   RasAcd - ok
09:00:26.0055 2120   Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:00:26.0133 2120   Rasl2tp - ok
09:00:26.0367 2120   RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:00:26.0429 2120   RasPppoe - ok
09:00:26.0616 2120   RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:00:26.0632 2120   RasSstp - ok
09:00:26.0882 2120   rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:00:26.0991 2120   rdbss - ok
09:00:27.0194 2120   RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:00:27.0272 2120   RDPCDD - ok
09:00:27.0537 2120   rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
09:00:27.0552 2120   rdpdr - ok
09:00:27.0646 2120   RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:00:27.0662 2120   RDPENCDD - ok
09:00:27.0771 2120   RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:00:27.0818 2120   RDPWD - ok
09:00:28.0067 2120   rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:00:28.0114 2120   rspndr - ok
09:00:28.0192 2120   RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:00:28.0223 2120   RTL8169 - ok
09:00:28.0270 2120   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:00:28.0286 2120   sbp2port - ok
09:00:28.0442 2120   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:00:28.0504 2120   secdrv - ok
09:00:28.0598 2120   Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
09:00:28.0629 2120   Serenum - ok
09:00:28.0738 2120   Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
09:00:28.0754 2120   Serial - ok
09:00:28.0785 2120   sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:00:28.0816 2120   sermouse - ok
09:00:28.0847 2120   sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:00:28.0878 2120   sffdisk - ok
09:00:28.0894 2120   sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:00:28.0925 2120   sffp_mmc - ok
09:00:28.0988 2120   sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:00:29.0034 2120   sffp_sd - ok
09:00:29.0066 2120   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:00:29.0097 2120   sfloppy - ok
09:00:29.0144 2120   sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:00:29.0159 2120   sisagp - ok
09:00:29.0175 2120   SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:00:29.0190 2120   SiSRaid2 - ok
09:00:29.0222 2120   SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:00:29.0237 2120   SiSRaid4 - ok
09:00:29.0268 2120   Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:00:29.0315 2120   Smb - ok
09:00:29.0378 2120   spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:00:29.0393 2120   spldr - ok
09:00:29.0440 2120   srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:00:29.0487 2120   srv - ok
09:00:29.0518 2120   srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:00:29.0549 2120   srv2 - ok
09:00:29.0612 2120   srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:00:29.0612 2120   srvnet - ok
09:00:29.0690 2120   swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:00:29.0705 2120   swenum - ok
09:00:29.0721 2120   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:00:29.0721 2120   Symc8xx - ok
09:00:29.0752 2120   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:00:29.0752 2120   Sym_hi - ok
09:00:29.0799 2120   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:00:29.0799 2120   Sym_u3 - ok
09:00:29.0955 2120   Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
09:00:30.0017 2120   Tcpip - ok
09:00:30.0080 2120   Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
09:00:30.0095 2120   Tcpip6 - ok
09:00:30.0126 2120   tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
09:00:30.0158 2120   tcpipreg - ok
09:00:30.0189 2120   TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:00:30.0236 2120   TDPIPE - ok
09:00:30.0251 2120   TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:00:30.0282 2120   TDTCP - ok
09:00:30.0329 2120   tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:00:30.0360 2120   tdx - ok
09:00:30.0407 2120   TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:00:30.0423 2120   TermDD - ok
09:00:30.0610 2120   tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:00:30.0672 2120   tssecsrv - ok
09:00:30.0922 2120   tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:00:30.0938 2120   tunmp - ok
09:00:30.0984 2120   tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
09:00:31.0000 2120   tunnel - ok
09:00:31.0031 2120   uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:00:31.0047 2120   uagp35 - ok
09:00:31.0094 2120   udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:00:31.0109 2120   udfs - ok
09:00:31.0156 2120   uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:00:31.0172 2120   uliagpkx - ok
09:00:31.0187 2120   uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:00:31.0203 2120   uliahci - ok
09:00:31.0218 2120   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:00:31.0234 2120   UlSata - ok
09:00:31.0265 2120   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:00:31.0281 2120   ulsata2 - ok
09:00:31.0312 2120   umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:00:31.0343 2120   umbus - ok
09:00:31.0468 2120   usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:00:31.0484 2120   usbccgp - ok
09:00:31.0530 2120   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:00:31.0577 2120   usbcir - ok
09:00:31.0624 2120   usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:00:31.0640 2120   usbehci - ok
09:00:31.0686 2120   usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:00:31.0733 2120   usbhub - ok
09:00:31.0811 2120   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:00:31.0858 2120   usbohci - ok
09:00:31.0889 2120   usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:00:31.0920 2120   usbprint - ok
09:00:32.0045 2120   USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:00:32.0076 2120   USBSTOR - ok
09:00:32.0139 2120   usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:00:32.0170 2120   usbuhci - ok
09:00:32.0217 2120   vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:00:32.0248 2120   vga - ok
09:00:32.0373 2120   VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:00:32.0435 2120   VgaSave - ok
09:00:32.0763 2120   viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:00:32.0794 2120   viaagp - ok
09:00:33.0122 2120   ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:00:33.0200 2120   ViaC7 - ok
09:00:33.0371 2120   viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:00:33.0371 2120   viaide - ok
09:00:33.0590 2120   volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:00:33.0605 2120   volmgr - ok
09:00:33.0714 2120   volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:00:33.0746 2120   volmgrx - ok
09:00:33.0886 2120   volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:00:33.0933 2120   volsnap - ok
09:00:34.0120 2120   vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:00:34.0136 2120   vsmraid - ok
09:00:34.0198 2120   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:00:34.0292 2120   WacomPen - ok
09:00:34.0479 2120   Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:34.0510 2120   Wanarp - ok
09:00:34.0526 2120   Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:34.0541 2120   Wanarpv6 - ok
09:00:34.0869 2120   Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:00:34.0900 2120   Wd - ok
09:00:35.0259 2120   Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:00:35.0368 2120   Wdf01000 - ok
09:00:35.0789 2120   WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
09:00:35.0820 2120   WmiAcpi - ok
09:00:36.0086 2120   WN111v2 - ok
09:00:36.0210 2120   ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:00:36.0273 2120   ws2ifsl - ok
09:00:36.0554 2120   WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:00:36.0616 2120   WUDFRd - ok
09:00:36.0678 2120   MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:00:36.0990 2120   \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:00:36.0990 2120   \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:00:37.0006 2120   Boot (0x1200)   (e5bf9032daa7adf28883308e8f78bf9c) \Device\Harddisk0\DR0\Partition0
09:00:37.0022 2120   \Device\Harddisk0\DR0\Partition0 - ok
09:00:37.0022 2120   ============================================================
09:00:37.0022 2120   Scan finished
09:00:37.0022 2120   ============================================================
09:00:37.0037 3668   Detected object count: 3
09:00:37.0037 3668   Actual detected object count: 3
09:01:16.0599 3668   DNIMp50 ( UnsignedFile.Multi.Generic ) - skipped by user
09:01:16.0599 3668   DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:01:16.0599 3668   DNISp50 ( UnsignedFile.Multi.Generic ) - skipped by user
09:01:16.0599 3668   DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:01:16.0599 3668   \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:01:16.0599 3668   \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Offline E310

  • Bronze Member
  • Posts: 75
CF log:


ComboFix 12-03-02.01 - Adriana 03/03/2012   9:09.1.4 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2046.1167 [GMT -5:00]
Running from: c:\users\Adriana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\windeploy.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-03 to 2012-03-03  )))))))))))))))))))))))))))))))
.
.
2012-03-03 01:26 . 2012-03-03 01:26   --------   d-----w-   c:\program files\ESET
2012-03-02 12:41 . 2012-03-02 12:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-03-02 12:41 . 2012-03-02 12:41   --------   d-----w-   c:\programdata\Malwarebytes
2012-03-02 12:41 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-02 03:15 . 2012-03-02 03:15   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 03:15 . 2012-03-02 03:15   --------   d-----w-   c:\windows\system32\Macromed
2012-03-02 03:14 . 2012-03-02 03:14   --------   d-----w-   c:\program files\Common Files\WebM Project
2012-03-02 03:14 . 2012-03-02 03:14   --------   d-----w-   c:\program files\Google
2012-03-02 02:49 . 2011-03-12 21:55   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
2012-03-01 01:17 . 2012-03-01 01:17   --------   d-----w-   c:\program files\Windows Portable Devices
2012-03-01 01:12 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2012-03-01 01:12 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2012-03-01 01:12 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2012-03-01 00:51 . 2011-10-27 08:01   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-03-01 00:50 . 2011-12-14 16:17   680448   ----a-w-   c:\windows\system32\msvcrt.dll
2012-03-01 00:47 . 2010-05-04 19:13   231424   ----a-w-   c:\windows\system32\msshsq.dll
2012-03-01 00:42 . 2012-03-01 01:18   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-03-01 00:41 . 2009-06-03 23:56   675152   ----a-w-   c:\windows\system32\gpprefcl.dll
2012-02-29 13:43 . 2012-02-29 13:43   --------   d-----w-   c:\windows\system32\ca-ES
2012-02-29 13:43 . 2012-02-29 13:43   --------   d-----w-   c:\windows\system32\eu-ES
2012-02-29 13:43 . 2012-02-29 13:43   --------   d-----w-   c:\windows\system32\vi-VN
2012-02-29 13:40 . 2012-02-29 13:40   --------   d-----w-   c:\windows\system32\SPReview
2012-02-29 13:28 . 2009-04-11 04:28   97792   ----a-w-   c:\windows\system32\oleprn.dll
2012-02-29 13:27 . 2009-04-11 04:28   507904   ----a-w-   c:\windows\system32\vdsdyn.dll
2012-02-29 13:25 . 2012-02-29 13:25   --------   d-----w-   c:\windows\system32\EventProviders
2012-02-29 04:05 . 2012-02-08 03:03   6552120   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-29 03:53 . 2010-09-06 16:20   125952   ----a-w-   c:\windows\system32\srvsvc.dll
2012-02-29 03:53 . 2010-09-06 16:19   17920   ----a-w-   c:\windows\system32\netevent.dll
2012-02-27 13:21 . 2012-02-27 13:21   --------   d-----w-   c:\program files\Microsoft.NET
2012-02-27 13:20 . 2009-11-08 15:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2012-02-27 13:20 . 2009-11-08 15:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2012-02-27 13:20 . 2009-11-08 15:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2012-02-27 13:20 . 2009-11-08 15:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2012-02-27 13:20 . 2009-11-08 15:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2012-02-27 09:06 . 2012-02-27 08:17   --------   d-----w-   c:\windows\Debug
2012-02-27 08:52 . 2012-02-27 09:02   --------   d-----w-   c:\windows\Panther
2012-02-27 08:51 . 2012-02-27 08:51   --------   d-----w-   c:\windows\system32\OEM
2012-02-27 08:32 . 2012-02-27 08:32   --------   d-----w-   C:\Windows.old
2012-02-27 08:03 . 2008-05-27 04:59   18904   ----a-w-   c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-02-27 07:35 . 2010-02-20 23:06   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2012-02-27 07:35 . 2010-02-20 23:05   30720   ----a-w-   c:\windows\system32\httpapi.dll
2012-02-27 07:35 . 2010-02-20 20:53   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2012-02-27 07:30 . 2009-07-17 13:54   71680   ----a-w-   c:\windows\system32\atl.dll
2012-02-27 07:28 . 2008-02-29 06:35   6656   ----a-w-   c:\windows\system32\kbd106n.dll
2012-02-27 07:26 . 2010-08-17 14:11   128000   ----a-w-   c:\windows\system32\spoolsv.exe
2012-02-27 07:25 . 2011-02-12 08:39   191488   ----a-w-   c:\windows\system32\FXSCOVER.exe
2012-02-27 07:25 . 2009-04-11 06:28   840704   ----a-w-   c:\windows\system32\WFS.exe
2012-02-27 07:25 . 2011-02-22 13:23   69632   ----a-w-   c:\windows\system32\drivers\bowser.sys
2012-02-27 07:25 . 2010-12-29 18:28   322560   ----a-w-   c:\windows\system32\sbe.dll
2012-02-27 07:25 . 2010-12-29 18:28   153088   ----a-w-   c:\windows\system32\sbeio.dll
2012-02-27 07:25 . 2010-12-29 18:26   177664   ----a-w-   c:\windows\system32\mpg2splt.ax
2012-02-27 07:25 . 2010-10-18 13:37   81920   ----a-w-   c:\windows\system32\consent.exe
2012-02-27 07:25 . 2010-04-05 17:02   317952   ----a-w-   c:\windows\system32\MP4SDECD.DLL
2012-02-27 07:25 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-02-27 07:17 . 2009-09-10 14:58   1418752   ----a-w-   c:\program files\Windows Media Player\setup_wm.exe
2012-02-27 07:17 . 2009-09-10 14:58   310784   ----a-w-   c:\windows\system32\unregmp2.exe
2012-02-27 07:15 . 2009-12-04 18:30   12288   ----a-w-   c:\windows\system32\tsbyuv.dll
2012-02-27 07:15 . 2009-12-04 18:28   22528   ----a-w-   c:\windows\system32\msyuv.dll
2012-02-27 07:15 . 2009-12-04 18:28   31744   ----a-w-   c:\windows\system32\msvidc32.dll
2012-02-27 07:15 . 2009-12-04 18:28   123904   ----a-w-   c:\windows\system32\msvfw32.dll
2012-02-27 07:15 . 2009-12-04 18:28   13312   ----a-w-   c:\windows\system32\msrle32.dll
2012-02-27 07:15 . 2009-12-04 18:28   82944   ----a-w-   c:\windows\system32\mciavi32.dll
2012-02-27 07:15 . 2009-12-04 18:28   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
2012-02-27 07:15 . 2009-12-04 18:27   91136   ----a-w-   c:\windows\system32\avifil32.dll
2012-02-27 07:12 . 2009-05-08 12:53   604672   ----a-w-   c:\windows\system32\WMSPDMOD.DLL
2012-02-27 07:06 . 2012-02-27 07:06   0   ----a-w-   c:\windows\ativpsrm.bin
2012-02-27 07:00 . 2009-12-23 11:33   172032   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-27 07:00 . 2010-01-13 17:34   98304   ----a-w-   c:\windows\system32\cabview.dll
2012-02-27 07:00 . 2012-02-27 07:00   --------   d-----w-   c:\programdata\Office Genuine Advantage
2012-02-27 06:56 . 2012-02-27 06:56   713784   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8E6DE80-694A-4F49-A466-90DDA6D7384B}\gapaengine.dll
2012-02-27 06:56 . 2012-01-31 12:44   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-27 06:52 . 2012-02-27 06:52   --------   d-----w-   c:\program files\Microsoft Security Client
2012-02-27 06:51 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-02-27 06:50 . 2009-08-07 02:24   44768   ----a-w-   c:\windows\system32\wups2.dll
2012-02-27 06:50 . 2009-08-07 02:24   53472   ----a-w-   c:\windows\system32\wuauclt.exe
2012-02-27 06:50 . 2009-08-07 02:23   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-02-27 06:50 . 2009-08-07 01:45   2421760   ----a-w-   c:\windows\system32\wucltux.dll
2012-02-27 06:50 . 2009-08-07 02:24   35552   ----a-w-   c:\windows\system32\wups.dll
2012-02-27 06:50 . 2009-08-07 02:23   575704   ----a-w-   c:\windows\system32\wuapi.dll
2012-02-27 06:50 . 2009-08-07 01:44   87552   ----a-w-   c:\windows\system32\wudriver.dll
2012-02-27 06:50 . 2009-08-07 00:23   171608   ----a-w-   c:\windows\system32\wuwebv.dll
2012-02-27 06:50 . 2009-08-06 23:44   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-02-27 06:37 . 2012-03-01 01:27   --------   d-----w-   c:\program files\installshield installation information
2012-02-27 06:37 . 2012-02-27 06:37   --------   d-----w-   c:\program files\NETGEAR
2012-02-27 06:37 . 2012-02-27 06:37   --------   d-----w-   c:\programdata\NETGEAR
2012-02-27 06:37 . 2012-03-02 03:14   --------   d-sh--w-   c:\windows\Installer
2012-02-27 06:37 . 2012-02-27 06:37   --------   d-----w-   c:\windows\Downloaded Installations
2012-02-27 06:18 . 2012-03-01 00:43   --------   d-----w-   c:\users\Adriana
2012-02-27 06:15 . 2012-02-27 06:15   --------   d-----w-   c:\users\ashleyxoxjoshua
2012-02-25 00:36 . 2012-02-27 23:45   --------   d-----w-   C:\MGADiagToolOutput
2012-02-19 13:07 . 2012-02-20 01:44   --------   d-----w-   C:\notepad
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 55775525
*Deregistered* - 55775525
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-02 06:56]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-02 06:56]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959352362-581761041-2300734415-1001Core.job
- c:\users\Adriana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 06:56]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-959352362-581761041-2300734415-1001UA.job
- c:\users\Adriana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 06:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 09:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-03  09:16:23
ComboFix-quarantined-files.txt  2012-03-03 14:16
.
Pre-Run: 168,524,013,568 bytes free
Post-Run: 167,816,663,040 bytes free
.
- - End Of File - - BCE4B49585C33EAFE5EFCB1AD2DEAA6F

Offline E310

  • Bronze Member
  • Posts: 75
Bear ... CF didn't restart the computer this time. Is that good? Seems to be running fine.

I have a new icon on the desktop called "The Internet" with an old IE logo.

Eddie