Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

BIOS Hack?

This is a discussion on BIOS Hack? within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I'm running XP Pro with SP3. I don't know what evil genius is after me, but I have a trojan


Reply
 
Thread Tools Search this Thread
Old 11-23-2011, 08:06 PM   #1
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



I'm running XP Pro with SP3. I don't know what evil genius is after me, but I have a trojan that is relentless. I have wiped my hard drive with DBN and reloaded several times. With a complete clean install and without ever connecting to the internet, I have had my administrator account hijacked and password protected and user password changed. I have the dell XP Pro disk with SP2, I burned an ISO of SP3 and use that. Ctfmon loads immediately as a trojan according to SB S&D. I have completely removed it. My machine is completely under control of this "thing." I found this:
** clients hxxp://127.0.0.1:21332/clients Text Doc integrity-local
hxxp://127.0.0.1:21322/integrity-local
hxxp://127.0.0.1:21321/integrity-local 40b cache name integrity-local[1],txt *** (xx added by me)
in IE temp internet file. A search of this site brings up a page with a line of letters and nothing else. I cleaned all IE temps and it just comes right back. I cleaned every IE temp account and had it cleared out, and then I wiped the drive. When I turned my computer back on, my broadcom wireless was all disabled, all kinds of changes were made - it was not connected to the internet. I never know what new thing will be messed up every time I turn on my computer. When I loaded the OS this time I password protected the Supervisor and User passwords in the BIOS. I think this has stopped this "thing" from taking over the Admin account. Scotty keeps "it" from modifying c:\windows\system32\drivers\etc\hosts to a notepad file that reads: 127.0.0.1 localhost.
I've scanned this computer with everything, Avira, Comodo, Malwarbytes, on and on and nothing is ever found. Trend micro rootkit found the rootkits but can not remove them. I had Trend Micro Housecall and rubotted, they disappeared after a reboot. This "thing" has complete control over task manager. I've run a combofix and it always removes two Vostro files. This vostro is the BIOS drive. I have an ISO copy of the Dell drivers. I don't know if it's possible to corrupt a SP3 downloaded from microsoft or the Dell drivers, downloaded from Dell. This "thing" is just unreal! How can it make changes even before a clean install has ever connected to the internet??
Here are the logs. I didn't zip attach.txt or ark.txt because they are so small - I assume they are usually very large and that is why they are zipped? Hope that's ok.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:16:54 on 2011-11-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.577 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
.
============== Pseudo HJT Report ===============
.
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\bok3zs1f.default\
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-22 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-22 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-22 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-22 74640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-23 05:36:22 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-22 20:54:07 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 20:29:39 -------- d-----w- c:\documents and settings\owner\application data\Avira
2011-11-22 20:23:52 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-22 20:23:52 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-22 20:23:51 -------- d-----w- c:\program files\Avira
2011-11-22 20:23:51 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-22 13:29:59 -------- d-sha-r- C:\cmdcons
2011-11-22 13:28:16 98816 ----a-w- c:\windows\sed.exe
2011-11-22 13:28:16 518144 ----a-w- c:\windows\SWREG.exe
2011-11-22 13:28:16 256000 ----a-w- c:\windows\PEV.exe
2011-11-22 13:28:16 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 13:08:26 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth
2011-11-22 13:04:35 -------- d-----w- C:\d09abc78b87bd6cf02
2011-11-22 12:54:58 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-22 11:16:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-22 09:40:09 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-22 04:26:09 -------- d-----w- c:\program files\Trend Micro
2011-11-21 18:04:54 -------- d-----w- c:\windows\system32\appmgmt
2011-11-21 17:50:13 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-21 08:54:02 -------- d-----w- c:\documents and settings\owner\application data\GlarySoft
2011-11-21 03:16:28 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-21 03:16:28 -------- d-----w- c:\program files\common files\PC Tools
2011-11-21 03:16:27 -------- d-----w- c:\program files\PC Tools
2011-11-21 03:13:11 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-21 03:12:46 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2011-11-20 06:35:40 -------- d-----w- c:\program files\Webroot
2011-11-20 06:23:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-20 06:18:36 -------- d-----w- c:\documents and settings\owner\application data\WinPatrol
2011-11-20 06:18:13 -------- d-----w- c:\program files\BillP Studios
2011-11-20 06:18:12 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-11-20 05:19:31 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-20 04:17:05 -------- d-----w- c:\documents and settings\owner\application data\QFX Software
2011-11-20 04:17:05 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2011-11-20 03:47:37 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-11-20 03:47:37 -------- d-----w- c:\windows\system32\winrm
2011-11-20 03:47:31 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-11-20 03:14:32 -------- d-----w- c:\documents and settings\owner\local settings\application data\ApplicationHistory
2011-11-20 03:11:48 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2011-11-20 03:11:46 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2011-11-20 03:11:45 265728 -c----w- c:\windows\system32\dllcache\http.sys
2011-11-20 03:11:45 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2011-11-20 00:59:31 -------- d-----w- c:\windows\system32\PreInstall
2011-11-20 00:56:44 -------- d-----w- c:\windows\system32\URTTEMP
2011-11-20 00:55:50 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-11-20 00:54:50 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-20 00:44:14 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-20 00:43:58 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-20 00:43:31 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-11-20 00:42:54 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-11-20 00:42:50 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-11-20 00:42:50 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-11-20 00:42:50 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2011-11-20 00:42:50 149504 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2011-11-20 00:41:44 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-11-20 00:41:43 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-11-20 00:41:32 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-11-20 00:41:32 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-11-20 00:40:20 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-20 00:40:16 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2011-11-20 00:40:16 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2011-11-20 00:40:16 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2011-11-20 00:40:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-11-20 00:40:10 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2011-11-20 00:40:10 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2011-11-20 00:40:10 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2011-11-20 00:40:10 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2011-11-20 00:40:10 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2011-11-20 00:39:22 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-11-19 22:53:35 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-11-19 22:52:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-19 22:52:39 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-19 22:51:27 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2011-11-19 22:49:53 -------- d-----w- c:\program files\Glary Utilities
2011-11-19 22:49:17 -------- d-----w- c:\program files\CCleaner
2011-11-19 22:44:59 82016 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-11-19 22:39:47 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-19 22:18:20 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-11-19 21:59:44 -------- d-----w- c:\windows\ie8updates
2011-11-19 21:55:59 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2011-11-19 21:48:24 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-19 21:48:03 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-19 21:47:52 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-19 21:47:52 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-19 21:47:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-19 21:47:52 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-19 21:47:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-19 21:47:52 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-19 21:47:52 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-19 21:47:52 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-19 21:47:52 -------- d-----w- C:\a45514b98559813237f47e1c15
2011-11-19 21:42:35 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-11-19 21:39:51 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-19 21:38:56 -------- d-----w- c:\windows\system32\LogFiles
2011-11-19 21:38:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-11-19 21:38:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-11-19 21:38:15 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-11-19 21:38:15 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-11-19 21:38:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-11-19 21:36:38 -------- dc-h--w- c:\windows\ie8
2011-11-19 21:27:01 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-11-19 20:57:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\SupportSoft
2011-11-19 20:57:34 -------- d-----w- c:\program files\Dell Support Center
2011-11-19 20:51:32 45568 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
2011-11-19 20:50:26 -------- d-----w- c:\program files\Digital Line Detect
2011-11-19 20:49:17 217088 ----a-r- c:\windows\system32\UCI32M21.dll
2011-11-19 20:44:35 -------- d-----w- c:\documents and settings\owner\application data\Dell
2011-11-19 20:44:18 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2011-11-19 20:41:55 416 ----a-w- c:\windows\system32\vcredist_x86.bat
2011-11-19 20:41:55 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2011-11-19 20:41:53 143360 ----a-w- c:\windows\system32\bcmwlapi.dll
2011-11-19 20:33:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\ATI
2011-11-19 20:18:22 989952 ----a-r- c:\windows\system32\drivers\HSF_DPV.sys
2011-11-19 20:18:22 211200 ----a-r- c:\windows\system32\drivers\HSFHWAZL.sys
2011-11-19 20:18:22 172032 ----a-r- c:\windows\system32\Uci32114.dll
2011-11-19 20:18:22 -------- d-----w- c:\program files\CONEXANT
2011-11-19 20:18:21 731136 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2011-11-19 20:02:19 -------- d-----w- c:\program files\Broadcom
2011-11-19 20:01:06 -------- d-----w- c:\windows\Downloaded Installations
2011-11-19 19:53:07 202912 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-11-19 19:53:07 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2011-11-19 19:53:07 163840 ----a-w- c:\windows\system32\SynCOM.dll
2011-11-19 19:53:07 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-11-19 19:53:07 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-11-19 19:53:06 -------- d-----w- c:\program files\Synaptics
2011-11-19 19:50:10 -------- d-----w- c:\program files\ATI Technologies
2011-11-19 19:49:51 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-11-19 19:49:51 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-11-19 19:49:51 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-11-19 19:49:51 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-11-19 19:49:50 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-11-19 19:49:35 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-11-19 19:20:51 45056 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-11-19 18:58:05 666 ----a-w- c:\windows\speed.reg
2011-11-19 18:58:05 -------- d-----w- c:\program files\Dell
2011-11-19 18:47:39 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-11-19 05:09:13 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-11-19 05:09:12 79872 ------w- c:\windows\system32\msxml6r.dll
2011-11-19 05:09:12 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-11-19 05:09:12 1372672 ------w- c:\windows\system32\msxml6.dll
2011-11-19 05:07:12 -------- d-----w- c:\windows\ServicePackFiles
2011-11-19 0557 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-11-19 0553 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-11-19 05:03:41 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-11-19 05:03:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 0750 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:17:50.34 ===============


GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-23 19:52:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVS-75RST0 rev.04.01G04
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxliakob.sys


---- System - GMER 1.0.15 ----

SSDT F7B2891C ZwClose
SSDT F7B288D6 ZwCreateKey
SSDT F7B28926 ZwCreateSection
SSDT F7B288CC ZwCreateThread
SSDT F7B288DB ZwDeleteKey
SSDT F7B288E5 ZwDeleteValueKey
SSDT F7B28917 ZwDuplicateObject
SSDT F7B288EA ZwLoadKey
SSDT F7B288B8 ZwOpenProcess
SSDT F7B288BD ZwOpenThread
SSDT F7B2893F ZwQueryValueKey
SSDT F7B288F4 ZwReplaceKey
SSDT F7B28930 ZwRequestWaitReplyPort
SSDT F7B288EF ZwRestoreKey
SSDT F7B2892B ZwSetContextThread
SSDT F7B28935 ZwSetSecurityObject
SSDT F7B288E0 ZwSetValueKey
SSDT F7B2893A ZwSystemDebugControl
SSDT F7B288C7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes [EA, 88, B2, F7]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2011 9:51:23 PM
System Uptime: 11/23/2011 6:10:07 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WY383
Processor: Mobile AMD Sempron(tm) Processor 3600+ | Socket M2/S1G1 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 65.679 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1395 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&232B014&0&0030
Manufacturer: Broadcom
Name: Dell Wireless 1395 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&232B014&0&0030
Service: BCM43XX
.
==== System Restore Points ===================
.
RP1: 11/22/2011 6:28:22 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Glary Utilities 2.39.0.1310
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0 (x86 en-US)
QuickSet
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
SigmaTel Audio
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/21/2011 10:55:30 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WLTRAY.exe. Reference error message: The operation completed successfully. .
11/21/2011 10:55:25 AM, error: Service Control Manager [7022] - The Dell Wireless WLAN Tray Service service hung on starting.
11/21/2011 10:54:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\System32\BCMLogon.dll. Reference error message: The operation completed successfully. .
11/21/2011 10:54:01 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
11/21/2011 10:54:01 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\System32\bcmwltry.exe. Reference error message: The operation completed successfully. .
11/21/2011 10:54:01 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
11/21/2011 10:42:34 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000166, parameter2 00000002, parameter3 00000000, parameter4 804faada.
11/20/2011 9:00:55 PM, error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2011 8:57:49 PM, error: PCTCore [280] -
11/20/2011 12:08:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/20/2011 1232 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 APPDRV cmdGuard cmdHlp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SDHookDriver Tcpip
11/19/2011 8:10:17 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/19/2011 5:21:51 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
11/19/2011 3:32:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/19/2011 3:30:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 APPDRV Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/19/2011 3:30:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2011 3:30:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2011 3:30:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2011 3:30:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2011 3:29:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/19/2011 11:24:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
11/19/2011 11:24:34 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2011 10:38:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/18/2011 10:18:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
.
==== End Of File ===========================

I know I should have shut down Avira but there was no option to do so upon right clicking it, and I could not stop it through task manager because TM is completely taken over. HELP!!! Thanks in advance!

__________________
Zaq123 is offline   Reply With Quote
Old 11-26-2011, 08:16 PM   #2
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Bump, Please.
Sorry I did not zip those files, I have winrar so I could not have done so anyway. Right after posting to this forum, "whatever" has stopped trying to load 127.0.0. I've found a system restore point, I had turned off system restore. I did a virus scan with my usb drive in and it found that combofix is the TR/Yakes.ado.11 Trojan. I don't know if that is typical. I also remembered that on the Dell driver CD I have there is one driver that is an old version of Java that spybot s&d says is a virus or trojan. I did not load that driver on this install. Help!

__________________
Zaq123 is offline   Reply With Quote
Old 11-27-2011, 08:22 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Hello Zaq123,

That is a false detection for ComboFix. You can safely ignore that finding.

May I please see the C:\Combofix.txt and the log produced by TDSSKiller? You'll find the log for TDSSKiller on the C:\ drive as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 09:37 AM   #4
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Hello Ried, thank you so much for your help. Here are the logs. As you can see, I had webroot on my system at the time and was unable to disable it.

ComboFix 11-11-22.01 - Owner 11/22/2011 6:30.1.1 - x86
Running from: E:\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1000 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1000 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 13:04 . 2011-11-22 13:09 -------- d-----w- C:\d09abc78b87bd6cf02
2011-11-22 12:54 . 2011-11-22 12:54 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-19 21:47 . 2011-11-19 21:48 -------- d-----w- C:\a45514b98559813237f47e1c15
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-11-20 19:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WRSVC"="c:\program files\Webroot\WRSA.exe" -ul
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"Trend Micro RUBotted V2.0 Beta"=c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" /d=60
"ThreatFire"=c:\program files\ThreatFire\TFTray.exe
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-11-16 2996784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-11-22 633088]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 69392]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-11-22 106824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43757201
*NewlyCreated* - A2ANTIMALWARE
*NewlyCreated* - FXLIAKOB
*NewlyCreated* - ROOTREPEAL
*NewlyCreated* - SDHOOKDRIVER
*NewlyCreated* - TFSYSMON
*NewlyCreated* - THREATFIRE
*NewlyCreated* - TMCOMM
*Deregistered* - 43757201
*Deregistered* - fxliakob
*Deregistered* - rootrepeal
*Deregistered* - tmcomm
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-22 22:46]
.
2011-11-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-19 20:08]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bok3zs1f.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-22 06:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-22 06:36:10
ComboFix-quarantined-files.txt 2011-11-22 13:36
.
Pre-Run: 70,299,193,344 bytes free
Post-Run: 70,490,894,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 757A6F056ABCA8F389C52D32FC4FCEA5


05:53:25.0640 2852 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
05:53:25.0937 2852 ============================================================
05:53:25.0937 2852 Current date / time: 2011/11/22 05:53:25.0937
05:53:25.0937 2852 SystemInfo:
05:53:25.0937 2852
05:53:25.0937 2852 OS Version: 5.1.2600 ServicePack: 3.0
05:53:25.0937 2852 Product type: Workstation
05:53:25.0937 2852 ComputerName: PC-OWNER-AK47
05:53:25.0937 2852 UserName: Owner
05:53:25.0937 2852 Windows directory: C:\WINDOWS
05:53:25.0937 2852 System windows directory: C:\WINDOWS
05:53:25.0937 2852 Processor architecture: Intel x86
05:53:25.0937 2852 Number of processors: 1
05:53:25.0937 2852 Page size: 0x1000
05:53:25.0937 2852 Boot type: Normal boot
05:53:25.0937 2852 ============================================================
05:53:27.0171 2852 Initialize success
05:53:30.0687 3372 ============================================================
05:53:30.0687 3372 Scan started
05:53:30.0687 3372 Mode: Manual;
05:53:30.0687 3372 ============================================================
05:53:32.0046 3372 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
05:53:32.0046 3372 a2acc - ok
05:53:32.0234 3372 Abiosdsk - ok
05:53:32.0312 3372 abp480n5 - ok
05:53:32.0375 3372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:53:32.0375 3372 ACPI - ok
05:53:32.0437 3372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:53:32.0437 3372 ACPIEC - ok
05:53:32.0453 3372 adpu160m - ok
05:53:32.0515 3372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:53:32.0515 3372 aec - ok
05:53:32.0578 3372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:53:32.0593 3372 AFD - ok
05:53:32.0609 3372 Aha154x - ok
05:53:32.0640 3372 aic78u2 - ok
05:53:32.0656 3372 aic78xx - ok
05:53:32.0687 3372 AliIde - ok
05:53:32.0765 3372 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
05:53:32.0765 3372 AmdK8 - ok
05:53:32.0796 3372 amsint - ok
05:53:32.0843 3372 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
05:53:32.0843 3372 APPDRV - ok
05:53:32.0875 3372 asc - ok
05:53:32.0906 3372 asc3350p - ok
05:53:32.0921 3372 asc3550 - ok
05:53:33.0000 3372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:53:33.0000 3372 AsyncMac - ok
05:53:33.0046 3372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:53:33.0046 3372 atapi - ok
05:53:33.0062 3372 Atdisk - ok
05:53:33.0171 3372 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
05:53:33.0187 3372 ati2mtag - ok
05:53:33.0218 3372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:53:33.0218 3372 Atmarpc - ok
05:53:33.0265 3372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:53:33.0265 3372 audstub - ok
05:53:33.0359 3372 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
05:53:33.0359 3372 BCM43XX - ok
05:53:33.0421 3372 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
05:53:33.0421 3372 bcm4sbxp - ok
05:53:33.0453 3372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:53:33.0453 3372 Beep - ok
05:53:33.0500 3372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:53:33.0500 3372 cbidf2k - ok
05:53:33.0515 3372 cd20xrnt - ok
05:53:33.0531 3372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:53:33.0531 3372 Cdaudio - ok
05:53:33.0562 3372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:53:33.0562 3372 Cdfs - ok
05:53:33.0578 3372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:53:33.0593 3372 Cdrom - ok
05:53:33.0640 3372 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
05:53:33.0640 3372 cercsr6 - ok
05:53:33.0656 3372 Changer - ok
05:53:33.0687 3372 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:53:33.0687 3372 CmBatt - ok
05:53:33.0703 3372 CmdIde - ok
05:53:33.0734 3372 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:53:33.0734 3372 Compbatt - ok
05:53:33.0765 3372 Cpqarray - ok
05:53:33.0796 3372 dac2w2k - ok
05:53:33.0812 3372 dac960nt - ok
05:53:33.0828 3372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:53:33.0828 3372 Disk - ok
05:53:33.0890 3372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:53:33.0906 3372 dmboot - ok
05:53:33.0921 3372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:53:33.0921 3372 dmio - ok
05:53:33.0937 3372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:53:33.0937 3372 dmload - ok
05:53:33.0984 3372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:53:34.0000 3372 DMusic - ok
05:53:34.0015 3372 dpti2o - ok
05:53:34.0062 3372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:53:34.0062 3372 drmkaud - ok
05:53:34.0109 3372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:53:34.0109 3372 Fastfat - ok
05:53:34.0156 3372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
05:53:34.0156 3372 Fdc - ok
05:53:34.0171 3372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:53:34.0171 3372 Fips - ok
05:53:34.0187 3372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
05:53:34.0203 3372 Flpydisk - ok
05:53:34.0218 3372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:53:34.0234 3372 FltMgr - ok
05:53:34.0250 3372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:53:34.0265 3372 Fs_Rec - ok
05:53:34.0281 3372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:53:34.0281 3372 Ftdisk - ok
05:53:34.0296 3372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:53:34.0312 3372 Gpc - ok
05:53:34.0328 3372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:53:34.0328 3372 HDAudBus - ok
05:53:34.0359 3372 hpn - ok
05:53:34.0421 3372 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
05:53:34.0421 3372 HSFHWAZL - ok
05:53:34.0453 3372 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:53:34.0468 3372 HSF_DPV - ok
05:53:34.0531 3372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:53:34.0531 3372 HTTP - ok
05:53:34.0546 3372 i2omgmt - ok
05:53:34.0562 3372 i2omp - ok
05:53:34.0578 3372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:53:34.0578 3372 i8042prt - ok
05:53:34.0609 3372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:53:34.0609 3372 Imapi - ok
05:53:34.0640 3372 ini910u - ok
05:53:34.0656 3372 IntelIde - ok
05:53:34.0687 3372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:53:34.0687 3372 Ip6Fw - ok
05:53:34.0718 3372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:53:34.0734 3372 IpFilterDriver - ok
05:53:34.0750 3372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:53:34.0750 3372 IpInIp - ok
05:53:34.0796 3372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:53:34.0796 3372 IpNat - ok
05:53:34.0828 3372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:53:34.0828 3372 IPSec - ok
05:53:34.0859 3372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:53:34.0859 3372 IRENUM - ok
05:53:34.0890 3372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:53:34.0906 3372 isapnp - ok
05:53:34.0953 3372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:53:34.0953 3372 Kbdclass - ok
05:53:35.0000 3372 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
05:53:35.0015 3372 KeyScrambler - ok
05:53:35.0078 3372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:53:35.0078 3372 kmixer - ok
05:53:35.0109 3372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:53:35.0109 3372 KSecDD - ok
05:53:35.0140 3372 lbrtfdc - ok
05:53:35.0187 3372 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:53:35.0187 3372 mdmxsdk - ok
05:53:35.0250 3372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:53:35.0250 3372 mnmdd - ok
05:53:35.0265 3372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:53:35.0281 3372 Modem - ok
05:53:35.0296 3372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:53:35.0296 3372 Mouclass - ok
05:53:35.0312 3372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:53:35.0312 3372 MountMgr - ok
05:53:35.0328 3372 mraid35x - ok
05:53:35.0343 3372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:53:35.0343 3372 MRxDAV - ok
05:53:35.0421 3372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:53:35.0421 3372 MRxSmb - ok
05:53:35.0453 3372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:53:35.0453 3372 Msfs - ok
05:53:35.0500 3372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:53:35.0515 3372 MSKSSRV - ok
05:53:35.0531 3372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:53:35.0531 3372 MSPCLOCK - ok
05:53:35.0562 3372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:53:35.0562 3372 MSPQM - ok
05:53:35.0593 3372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:53:35.0593 3372 mssmbios - ok
05:53:35.0640 3372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:53:35.0640 3372 Mup - ok
05:53:35.0703 3372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:53:35.0703 3372 NDIS - ok
05:53:35.0734 3372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:53:35.0734 3372 NdisTapi - ok
05:53:35.0750 3372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:53:35.0750 3372 Ndisuio - ok
05:53:35.0765 3372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:53:35.0765 3372 NdisWan - ok
05:53:35.0812 3372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:53:35.0812 3372 NDProxy - ok
05:53:35.0828 3372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:53:35.0828 3372 NetBIOS - ok
05:53:35.0859 3372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:53:35.0859 3372 NetBT - ok
05:53:35.0968 3372 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
05:53:35.0968 3372 NPF - ok
05:53:35.0984 3372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:53:35.0984 3372 Npfs - ok
05:53:36.0031 3372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:53:36.0046 3372 Ntfs - ok
05:53:36.0078 3372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:53:36.0078 3372 Null - ok
05:53:36.0125 3372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:53:36.0125 3372 NwlnkFlt - ok
05:53:36.0156 3372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:53:36.0156 3372 NwlnkFwd - ok
05:53:36.0203 3372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
05:53:36.0203 3372 Parport - ok
05:53:36.0218 3372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:53:36.0218 3372 PartMgr - ok
05:53:36.0250 3372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:53:36.0250 3372 ParVdm - ok
05:53:36.0265 3372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:53:36.0265 3372 PCI - ok
05:53:36.0281 3372 PCIDump - ok
05:53:36.0312 3372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:53:36.0312 3372 PCIIde - ok
05:53:36.0343 3372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:53:36.0359 3372 Pcmcia - ok
05:53:36.0375 3372 PDCOMP - ok
05:53:36.0375 3372 PDFRAME - ok
05:53:36.0390 3372 PDRELI - ok
05:53:36.0406 3372 PDRFRAME - ok
05:53:36.0421 3372 perc2 - ok
05:53:36.0437 3372 perc2hib - ok
05:53:36.0500 3372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:53:36.0500 3372 PptpMiniport - ok
05:53:36.0531 3372 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:53:36.0531 3372 Processor - ok
05:53:36.0546 3372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:53:36.0546 3372 PSched - ok
05:53:36.0562 3372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:53:36.0562 3372 Ptilink - ok
05:53:36.0578 3372 ql1080 - ok
05:53:36.0593 3372 Ql10wnt - ok
05:53:36.0609 3372 ql12160 - ok
05:53:36.0625 3372 ql1240 - ok
05:53:36.0640 3372 ql1280 - ok
05:53:36.0671 3372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:53:36.0671 3372 RasAcd - ok
05:53:36.0687 3372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:53:36.0703 3372 Rasl2tp - ok
05:53:36.0718 3372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:53:36.0718 3372 RasPppoe - ok
05:53:36.0734 3372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:53:36.0734 3372 Raspti - ok
05:53:36.0765 3372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:53:36.0765 3372 Rdbss - ok
05:53:36.0781 3372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:53:36.0781 3372 RDPCDD - ok
05:53:36.0812 3372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:53:36.0812 3372 rdpdr - ok
05:53:36.0859 3372 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:53:36.0875 3372 RDPWD - ok
05:53:36.0906 3372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:53:36.0906 3372 redbook - ok
05:53:36.0953 3372 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
05:53:36.0953 3372 rimmptsk - ok
05:53:37.0109 3372 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
05:53:37.0109 3372 SASDIFSV - ok
05:53:37.0125 3372 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
05:53:37.0125 3372 SASKUTIL - ok
05:53:37.0171 3372 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
05:53:37.0171 3372 sdbus - ok
05:53:37.0250 3372 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
05:53:37.0250 3372 SDHookDriver - ok
05:53:37.0281 3372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:53:37.0281 3372 Secdrv - ok
05:53:37.0328 3372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
05:53:37.0328 3372 Serial - ok
05:53:37.0390 3372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:53:37.0390 3372 Sfloppy - ok
05:53:37.0406 3372 Simbad - ok
05:53:37.0437 3372 Sparrow - ok
05:53:37.0484 3372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:53:37.0484 3372 splitter - ok
05:53:37.0515 3372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:53:37.0515 3372 sr - ok
05:53:37.0578 3372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:53:37.0578 3372 Srv - ok
05:53:37.0671 3372 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
05:53:37.0671 3372 STHDA - ok
05:53:37.0703 3372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:53:37.0703 3372 swenum - ok
05:53:37.0734 3372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:53:37.0734 3372 swmidi - ok
05:53:37.0750 3372 symc810 - ok
05:53:37.0765 3372 symc8xx - ok
05:53:37.0781 3372 sym_hi - ok
05:53:37.0796 3372 sym_u3 - ok
05:53:37.0859 3372 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
05:53:37.0859 3372 SynTP - ok
05:53:37.0890 3372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:53:37.0890 3372 sysaudio - ok
05:53:37.0953 3372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:53:37.0968 3372 Tcpip - ok
05:53:38.0000 3372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:53:38.0000 3372 TDPIPE - ok
05:53:38.0015 3372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:53:38.0015 3372 TDTCP - ok
05:53:38.0031 3372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:53:38.0046 3372 TermDD - ok
05:53:38.0109 3372 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
05:53:38.0109 3372 TfSysMon - ok
05:53:38.0140 3372 TosIde - ok
05:53:38.0171 3372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:53:38.0171 3372 Udfs - ok
05:53:38.0187 3372 ultra - ok
05:53:38.0203 3372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:53:38.0218 3372 Update - ok
05:53:38.0265 3372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:53:38.0265 3372 usbehci - ok
05:53:38.0296 3372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:53:38.0296 3372 usbhub - ok
05:53:38.0343 3372 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
05:53:38.0343 3372 usbohci - ok
05:53:38.0375 3372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:53:38.0390 3372 USBSTOR - ok
05:53:38.0421 3372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:53:38.0421 3372 VgaSave - ok
05:53:38.0437 3372 ViaIde - ok
05:53:38.0468 3372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:53:38.0468 3372 VolSnap - ok
05:53:38.0500 3372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:53:38.0500 3372 Wanarp - ok
05:53:38.0531 3372 WDICA - ok
05:53:38.0578 3372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:53:38.0578 3372 wdmaud - ok
05:53:38.0640 3372 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:53:38.0656 3372 winachsf - ok
05:53:38.0718 3372 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:53:38.0718 3372 WmiAcpi - ok
05:53:38.0781 3372 WRkrn (1e53973998d1b327035c2a010d7749ac) C:\WINDOWS\system32\drivers\WRkrn.sys
05:53:38.0781 3372 WRkrn - ok
05:53:38.0828 3372 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:53:38.0828 3372 WS2IFSL - ok
05:53:38.0890 3372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:53:38.0890 3372 WudfPf - ok
05:53:38.0921 3372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:53:38.0921 3372 WudfRd - ok
05:53:38.0968 3372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:53:39.0140 3372 \Device\Harddisk0\DR0 - ok
05:53:39.0140 3372 Boot (0x1200) (ea6e6043177b2f7f73259da0ff4e018d) \Device\Harddisk0\DR0\Partition0
05:53:39.0140 3372 \Device\Harddisk0\DR0\Partition0 - ok
05:53:39.0156 3372 ============================================================
05:53:39.0156 3372 Scan finished
05:53:39.0156 3372 ============================================================
05:53:39.0171 3828 Detected object count: 0
05:53:39.0171 3828 Actual detected object count: 0
05:53:56.0046 3692 ============================================================
05:53:56.0046 3692 Scan started
05:53:56.0046 3692 Mode: Manual; SigCheck; TDLFS;
05:53:56.0046 3692 ============================================================
05:53:56.0375 3692 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
05:53:56.0562 3692 a2acc - ok
05:53:56.0593 3692 Abiosdsk - ok
05:53:56.0609 3692 abp480n5 - ok
05:53:56.0671 3692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:53:56.0906 3692 ACPI - ok
05:53:57.0000 3692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:53:57.0171 3692 ACPIEC - ok
05:53:57.0187 3692 adpu160m - ok
05:53:57.0234 3692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:53:57.0406 3692 aec - ok
05:53:57.0468 3692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:53:57.0515 3692 AFD - ok
05:53:57.0531 3692 Aha154x - ok
05:53:57.0546 3692 aic78u2 - ok
05:53:57.0546 3692 aic78xx - ok
05:53:57.0578 3692 AliIde - ok
05:53:57.0625 3692 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
05:53:57.0656 3692 AmdK8 - ok
05:53:57.0671 3692 amsint - ok
05:53:57.0718 3692 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
05:53:57.0750 3692 APPDRV ( UnsignedFile.Multi.Generic ) - warning
05:53:57.0750 3692 APPDRV - detected UnsignedFile.Multi.Generic (1)
05:53:57.0765 3692 asc - ok
05:53:57.0781 3692 asc3350p - ok
05:53:57.0781 3692 asc3550 - ok
05:53:57.0843 3692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:53:57.0953 3692 AsyncMac - ok
05:53:58.0000 3692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:53:58.0156 3692 atapi - ok
05:53:58.0187 3692 Atdisk - ok
05:53:58.0343 3692 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
05:53:58.0500 3692 ati2mtag - ok
05:53:58.0546 3692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:53:58.0687 3692 Atmarpc - ok
05:53:58.0734 3692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:53:58.0906 3692 audstub - ok
05:53:59.0000 3692 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
05:53:59.0109 3692 BCM43XX - ok
05:53:59.0156 3692 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
05:53:59.0218 3692 bcm4sbxp - ok
05:53:59.0234 3692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:53:59.0437 3692 Beep - ok
05:53:59.0453 3692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:53:59.0656 3692 cbidf2k - ok
05:53:59.0671 3692 cd20xrnt - ok
05:53:59.0687 3692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:53:59.0859 3692 Cdaudio - ok
05:53:59.0906 3692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:54:00.0031 3692 Cdfs - ok
05:54:00.0046 3692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:54:00.0171 3692 Cdrom - ok
05:54:00.0218 3692 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
05:54:00.0250 3692 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
05:54:00.0250 3692 cercsr6 - detected UnsignedFile.Multi.Generic (1)
05:54:00.0265 3692 Changer - ok
05:54:00.0328 3692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:54:00.0468 3692 CmBatt - ok
05:54:00.0484 3692 CmdIde - ok
05:54:00.0515 3692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:54:00.0640 3692 Compbatt - ok
05:54:00.0656 3692 Cpqarray - ok
05:54:00.0671 3692 dac2w2k - ok
05:54:00.0687 3692 dac960nt - ok
05:54:00.0718 3692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:54:00.0875 3692 Disk - ok
05:54:00.0937 3692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:54:01.0093 3692 dmboot - ok
05:54:01.0109 3692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:54:01.0265 3692 dmio - ok
05:54:01.0281 3692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:54:01.0421 3692 dmload - ok
05:54:01.0468 3692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:54:01.0625 3692 DMusic - ok
05:54:01.0656 3692 dpti2o - ok
05:54:01.0687 3692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:54:01.0828 3692 drmkaud - ok
05:54:01.0890 3692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:54:02.0062 3692 Fastfat - ok
05:54:02.0093 3692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
05:54:02.0250 3692 Fdc - ok
05:54:02.0281 3692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:54:02.0437 3692 Fips - ok
05:54:02.0453 3692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
05:54:02.0609 3692 Flpydisk - ok
05:54:02.0656 3692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:54:02.0796 3692 FltMgr - ok
05:54:02.0828 3692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:54:02.0984 3692 Fs_Rec - ok
05:54:03.0015 3692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:54:03.0187 3692 Ftdisk - ok
05:54:03.0234 3692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:54:03.0375 3692 Gpc - ok
05:54:03.0437 3692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:54:03.0593 3692 HDAudBus - ok
05:54:03.0609 3692 hpn - ok
05:54:03.0671 3692 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
05:54:03.0734 3692 HSFHWAZL - ok
05:54:03.0781 3692 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:54:03.0859 3692 HSF_DPV - ok
05:54:03.0921 3692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:54:03.0968 3692 HTTP - ok
05:54:03.0984 3692 i2omgmt - ok
05:54:04.0000 3692 i2omp - ok
05:54:04.0046 3692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:54:04.0203 3692 i8042prt - ok
05:54:04.0234 3692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:54:04.0406 3692 Imapi - ok
05:54:04.0421 3692 ini910u - ok
05:54:04.0437 3692 IntelIde - ok
05:54:04.0468 3692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:54:04.0609 3692 Ip6Fw - ok
05:54:04.0656 3692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:54:04.0812 3692 IpFilterDriver - ok
05:54:04.0843 3692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:54:04.0984 3692 IpInIp - ok
05:54:05.0015 3692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:54:05.0171 3692 IpNat - ok
05:54:05.0203 3692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:54:05.0343 3692 IPSec - ok
05:54:05.0375 3692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:54:05.0531 3692 IRENUM - ok
05:54:05.0578 3692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:54:05.0734 3692 isapnp - ok
05:54:05.0765 3692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:54:05.0906 3692 Kbdclass - ok
05:54:05.0968 3692 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
05:54:05.0984 3692 KeyScrambler - ok
05:54:06.0046 3692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:54:06.0187 3692 kmixer - ok
05:54:06.0218 3692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:54:06.0281 3692 KSecDD - ok
05:54:06.0312 3692 lbrtfdc - ok
05:54:06.0359 3692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:54:06.0375 3692 mdmxsdk - ok
05:54:06.0453 3692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:54:06.0625 3692 mnmdd - ok
05:54:06.0671 3692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:54:06.0828 3692 Modem - ok
05:54:06.0843 3692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:54:06.0984 3692 Mouclass - ok
05:54:07.0015 3692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:54:07.0156 3692 MountMgr - ok
05:54:07.0171 3692 mraid35x - ok
05:54:07.0218 3692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:54:07.0375 3692 MRxDAV - ok
05:54:07.0453 3692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:54:07.0484 3692 MRxSmb - ok
05:54:07.0515 3692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:54:07.0671 3692 Msfs - ok
05:54:07.0718 3692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:54:07.0859 3692 MSKSSRV - ok
05:54:07.0875 3692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:54:08.0000 3692 MSPCLOCK - ok
05:54:08.0031 3692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:54:08.0156 3692 MSPQM - ok
05:54:08.0203 3692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:54:08.0328 3692 mssmbios - ok
05:54:08.0375 3692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:54:08.0421 3692 Mup - ok
05:54:08.0500 3692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:54:08.0671 3692 NDIS - ok
05:54:08.0718 3692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:54:08.0765 3692 NdisTapi - ok
05:54:08.0796 3692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:54:08.0921 3692 Ndisuio - ok
05:54:08.0968 3692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:54:09.0109 3692 NdisWan - ok
05:54:09.0156 3692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:54:09.0187 3692 NDProxy - ok
05:54:09.0218 3692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:54:09.0375 3692 NetBIOS - ok
05:54:09.0406 3692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:54:09.0593 3692 NetBT - ok
05:54:09.0687 3692 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
05:54:09.0687 3692 NPF - ok
05:54:09.0734 3692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:54:09.0875 3692 Npfs - ok
05:54:09.0921 3692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:54:10.0062 3692 Ntfs - ok
05:54:10.0109 3692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:54:10.0250 3692 Null - ok
05:54:10.0312 3692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:54:10.0500 3692 NwlnkFlt - ok
05:54:10.0515 3692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:54:10.0703 3692 NwlnkFwd - ok
05:54:10.0750 3692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
05:54:10.0875 3692 Parport - ok
05:54:10.0890 3692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:54:11.0015 3692 PartMgr - ok
05:54:11.0031 3692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:54:11.0203 3692 ParVdm - ok
05:54:11.0218 3692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:54:11.0359 3692 PCI - ok
05:54:11.0375 3692 PCIDump - ok
05:54:11.0421 3692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:54:11.0578 3692 PCIIde - ok
05:54:11.0609 3692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:54:11.0718 3692 Pcmcia - ok
05:54:11.0734 3692 PDCOMP - ok
05:54:11.0750 3692 PDFRAME - ok
05:54:11.0765 3692 PDRELI - ok
05:54:11.0781 3692 PDRFRAME - ok
05:54:11.0796 3692 perc2 - ok
05:54:11.0812 3692 perc2hib - ok
05:54:11.0875 3692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:54:12.0031 3692 PptpMiniport - ok
05:54:12.0062 3692 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:54:12.0203 3692 Processor - ok
05:54:12.0218 3692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:54:12.0359 3692 PSched - ok
05:54:12.0390 3692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:54:12.0578 3692 Ptilink - ok
05:54:12.0593 3692 ql1080 - ok
05:54:12.0609 3692 Ql10wnt - ok
05:54:12.0625 3692 ql12160 - ok
05:54:12.0640 3692 ql1240 - ok
05:54:12.0640 3692 ql1280 - ok
05:54:12.0687 3692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:54:12.0875 3692 RasAcd - ok
05:54:12.0906 3692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:54:13.0046 3692 Rasl2tp - ok
05:54:13.0062 3692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:54:13.0203 3692 RasPppoe - ok
05:54:13.0218 3692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:54:13.0375 3692 Raspti - ok
05:54:13.0453 3692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:54:13.0578 3692 Rdbss - ok
05:54:13.0609 3692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:54:13.0781 3692 RDPCDD - ok
05:54:13.0828 3692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:54:13.0953 3692 rdpdr - ok
05:54:14.0000 3692 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:54:14.0046 3692 RDPWD - ok
05:54:14.0093 3692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:54:14.0250 3692 redbook - ok
05:54:14.0312 3692 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
05:54:14.0359 3692 rimmptsk - ok
05:54:14.0500 3692 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
05:54:14.0515 3692 SASDIFSV - ok
05:54:14.0546 3692 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
05:54:14.0546 3692 SASKUTIL - ok
05:54:14.0625 3692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
05:54:14.0781 3692 sdbus - ok
05:54:14.0843 3692 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
05:54:14.0859 3692 SDHookDriver - ok
05:54:14.0906 3692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:54:15.0015 3692 Secdrv - ok
05:54:15.0062 3692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
05:54:15.0187 3692 Serial - ok
05:54:15.0250 3692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:54:15.0375 3692 Sfloppy - ok
05:54:15.0406 3692 Simbad - ok
05:54:15.0421 3692 Sparrow - ok
05:54:15.0500 3692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:54:15.0625 3692 splitter - ok
05:54:15.0656 3692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:54:15.0796 3692 sr - ok
05:54:15.0859 3692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:54:15.0906 3692 Srv - ok
05:54:16.0000 3692 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
05:54:16.0109 3692 STHDA - ok
05:54:16.0171 3692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:54:16.0312 3692 swenum - ok
05:54:16.0359 3692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:54:16.0515 3692 swmidi - ok
05:54:16.0531 3692 symc810 - ok
05:54:16.0546 3692 symc8xx - ok
05:54:16.0562 3692 sym_hi - ok
05:54:16.0578 3692 sym_u3 - ok
05:54:16.0640 3692 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
05:54:16.0703 3692 SynTP - ok
05:54:16.0750 3692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:54:16.0875 3692 sysaudio - ok
05:54:16.0937 3692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:54:16.0984 3692 Tcpip - ok
05:54:17.0031 3692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:54:17.0171 3692 TDPIPE - ok
05:54:17.0203 3692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:54:17.0343 3692 TDTCP - ok
05:54:17.0375 3692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:54:17.0531 3692 TermDD - ok
05:54:17.0578 3692 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
05:54:17.0593 3692 TfSysMon - ok
05:54:17.0609 3692 TosIde - ok
05:54:17.0656 3692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:54:17.0796 3692 Udfs - ok
05:54:17.0812 3692 ultra - ok
05:54:17.0859 3692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:54:18.0000 3692 Update - ok
05:54:18.0046 3692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:54:18.0156 3692 usbehci - ok
05:54:18.0187 3692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:54:18.0312 3692 usbhub - ok
05:54:18.0359 3692 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
05:54:18.0500 3692 usbohci - ok
05:54:18.0546 3692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:54:18.0687 3692 USBSTOR - ok
05:54:18.0718 3692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:54:18.0875 3692 VgaSave - ok
05:54:18.0890 3692 ViaIde - ok
05:54:18.0937 3692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:54:19.0093 3692 VolSnap - ok
05:54:19.0140 3692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:54:19.0265 3692 Wanarp - ok
05:54:19.0281 3692 WDICA - ok
05:54:19.0343 3692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:54:19.0453 3692 wdmaud - ok
05:54:19.0515 3692 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:54:19.0578 3692 winachsf - ok
05:54:19.0640 3692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:54:19.0781 3692 WmiAcpi - ok
05:54:19.0843 3692 WRkrn (1e53973998d1b327035c2a010d7749ac) C:\WINDOWS\system32\drivers\WRkrn.sys
05:54:19.0859 3692 WRkrn - ok
05:54:19.0921 3692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:54:20.0109 3692 WS2IFSL - ok
05:54:20.0156 3692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:54:20.0203 3692 WudfPf - ok
05:54:20.0234 3692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:54:20.0250 3692 WudfRd - ok
05:54:20.0296 3692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:54:20.0546 3692 \Device\Harddisk0\DR0 - ok
05:54:20.0546 3692 Boot (0x1200) (ea6e6043177b2f7f73259da0ff4e018d) \Device\Harddisk0\DR0\Partition0
05:54:20.0546 3692 \Device\Harddisk0\DR0\Partition0 - ok
05:54:20.0562 3692 ============================================================
05:54:20.0562 3692 Scan finished
05:54:20.0562 3692 ============================================================
05:54:20.0671 2980 Detected object count: 2
05:54:20.0671 2980 Actual detected object count: 2
05:54:58.0484 2980 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS - copied to quarantine
05:54:58.0484 2980 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
05:54:58.0578 2980 C:\WINDOWS\system32\drivers\cercsr6.sys - copied to quarantine
05:54:58.0578 2980 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
05:55:49.0500 1160 Deinitialize success
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 04:04 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :)

Download and run HAMeb_check.exe

Post the contents of the resulting log.

Also, are you connecting to the internet with router? What happens when you do searches with Google - do you experience redirects?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 05:17 PM   #6
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Hello again,
Yes I connect through a router. I have not been getting any OBVIOUS redirects, but I am very certain that my browising is being manipulated. This all started a couple of months ago. I believe I was either hacked through utube or another site I was a member of. I went to utube and my password was changed and my passord was changed on the other website. I have wiped, with massive overkill - DOD, and reloaded my op probably easily 6 times since. I even took the darn thing apart and removed the battery, took out the hard drive, of course, replaced the hard drive, and wiped it with the internal battery out and reloaded it. I know taking the battery out of an XP OS doesn't clear the BIOS like it used to, but I thought I'd do everything I could think of. Like I stated earlier, with a fresh clean install, and never touching the internet, the true administrator accounts password changed, as did the user admin password. I don't know how that is even possible??? After I reformatted this time and tried to connect to the internet, the router passwords were changed and I could not connect to the internet even directly through the ethernet cable. I went to the library and it connected just fine. I came back and factory reseted the routers and password protected them again and have been using it since. I am not insane, nor a liar. How is this possible? I'm beginning to really, really wonder what "entity" is behind this. Or, maybe I am going insane?
Here is the log you requested.

C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
Mon 11/28/2011 at 17:43:55.12

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=5985:TCP:*:Disabled:Windows Remote Management


~~ EOF ~~
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 05:46 PM   #7
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Oh, and spybot s&d - older version, where you can check the system startup (IMO serious error not having this feature in beta) said ctfmon was a virus or trojan. It was in a windows uninstall folder and another windows folder (can't remember now), and, of course, in system32. I understand with XP that the other folder was OK. I had disabled ctfmon through regional and languages. I just decided to take them all out. The system immediately asked to restore ctfmon. I didn't.
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 06:18 PM   #8
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



I'm not sure about that finding for ctfmon and wouldn't worry too much about it at this point.

Here's the thing - you replaced the hard drive, so that would rule out an infected master boot record.

You've already reset the router, so that rules out a hacked router.

I'm not seeing anything in any of the logs, and unfortunately, we can't remove what we cannot see.

Can you explain to me about Administrator password being changed? How long ago did that happen? Or let me rephrase - has it been changed without your doing so, after you did the hard reset on the router?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 06:43 PM   #9
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



I see the way I stated that post that it sounds like I put in a new hard drive. I did not, I just removed it when I took out the battery and let it sit overnight, then put it back in the computer. I do believe the routers were hacked, the passwords were changed. Yes, the passwords on my machine were changed without me doing so and no one has had access to my computer. You say there is nothing to be seen? Rootkit identified a number of rootkits that it could not remove. When I open task manager, all that shows is the user profile screen which is blank. Like I stated, I am certain that my browser is being redirected - just minutes ago, doing a search to correctly spell a word, the only dictionary that came up was in spanish, and this was a google search. In researching around about my situation, I found information about Blue Pill. Considering things I do on utube, this trojan would be right up someones alley. Is a bios hack possible?s
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 06:50 PM   #10
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



I've been doing this for 6 years and have yet to come across an infected bios.

Since you clarified that you did not replace the hard drive, I'd like for you to run another tool please.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


Quote:
Rootkit identified a number of rootkits that it could not remove.
What rootkits? What tool exactly is that, and is there a log you can show me?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 06:59 PM   #11
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Should I uninstall winrar so I can zip that file?
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 07:02 PM   #12
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



No, no need to go through that. I happen to have winrar, so go ahead and use that. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 07:19 PM   #13
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



I did not see your question about the rootkits. TrendMicro's RootkitBuster found them, but I am unable to find the log. I did run the combofix and tddskiller before coming to this forum. Perhaps I should run them again?
Here are the other logs requested.


swMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-28 20:03:40
-----------------------------
20:03:40.343 OS Version: Windows 5.1.2600 Service Pack 3
20:03:40.343 Number of processors: 1 586 0x7C02
20:03:40.343 ComputerName: PC-OWNER-AK47 UserName: Owner
20:03:41.015 Initialize success
20:03:55.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:03:55.875 Disk 0 Vendor: WDC_WD800BEVS-75RST0 04.01G04 Size: 76319MB BusType: 3
20:03:57.890 Disk 0 MBR read successfully
20:03:57.890 Disk 0 MBR scan
20:03:57.890 Disk 0 Windows XP default MBR code
20:03:57.890 Disk 0 scanning sectors +156280320
20:03:57.984 Disk 0 scanning C:\WINDOWS\system32\drivers
20:04:14.437 Service scanning
20:04:15.656 Modules scanning
20:04:21.796 Disk 0 trace - called modules:
20:04:21.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:04:21.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b8dab8]
20:04:21.812 3 CLASSPNP.SYS[f7544fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b95d98]
20:04:21.812 Scan finished successfully
20:05:51.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
20:05:51.250 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Attached Files
File Type: zip MBR.zip (499 Bytes, 9 views)
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 07:23 PM   #14
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



As you can see, I use ccleaner and glary's. I do wipe everything from my system fairly regularly, all the logs, etc. I don't know if doing that may be removing information that would be useful to you?
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 07:31 PM   #15
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Yes, those logs may have proven helpful to me. :)

One more thing we can check, but it will require you to have a blank CD to create a bootable disc.

Download gparted-live-0.10.0-3.iso and save it to your desktop.

If you double-click the file, you should be prompted to burn the image to a blank CD. If so, proceed and let me know when done.

If not prompted, download IsoBurner-Setup.exe and save it to your desktop.

Double-click IsoBurner-Setup.exe and follow the prompts to install it.

Double-click the iso file again and you should be prompted to burn the iso to CD. Let me know when you have accomplished that.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 07:38 PM   #16
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Is the gibberish that is shown in the dat file normal? I don't have a CD on hand, but will try to round one up quickly.
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 07:55 PM   #17
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



If you're referring to the mbr.dat file, yes - it needs to be viewed with a special tool.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 07:58 PM   #18
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



Ok, I downloaded gparted and unzipped it. It's now a set of folders. I in the utils folder there's a win32 folder, this has the only exe file I could find. I clicked that and a dos screen flashed for a split second and that's it. HELP!
__________________
Zaq123 is offline   Reply With Quote
Old 11-28-2011, 08:02 PM   #19
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



It should not have been a .zip file - it's an .iso file. Click this link to be taken directly to download Download GParted from SourceForge.net
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-28-2011, 08:12 PM   #20
Registered Member
 
Join Date: Nov 2011
Posts: 25
OS: XP Professioanl SP3



That's what I thought, it did say iso. In trying to download it again, it says gparted . . .iso
which is a: WinRAR archive (110 MB)
What should firefox do . . . and it has the open with WinRAR default.
It will not allow me to download it without using WinRar, or IE, notepad, etc.

__________________
Zaq123 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can not start Acer aspire 5315 after Bios reset
I was downloading Drivers for a Acer Aspire 5315 in vista and clicked on bios *.exe file and it did not do anything all night, so the next morning i unplugged the power and Battery since noth else would work, like buttons and mouse. Since then i can not start the Laptop. i tried the reset option...
mahindra Motherboards, Bios & CPU 7 01-17-2012 01:57 PM
Clearing BIOS password
Hi. I am working on an Acer Aspire 5570Z laptop that has a password protected BIOS. The machine shows the stop error PAGE_FAULT _IN_NONPAGED_AREA on a BSOD. I have narrowed the problem to a conflict between the acer elock management software and XP Pro. (XP was installed after market, machine came...
jennie1 Motherboards, Bios & CPU 2 07-13-2011 04:49 AM
HP Pavilion dv2000 BIOS
I have a HP Pavilion dv2000 laptop which has a corrupt BIOS. The previous did not have the BIOS password protected. He said the laptop was infected by a virus that inadvertently password protected the BIOS. During the past several months I have tried every method/program I have been able to locate...
Red Tail Hawk Motherboards, Bios & CPU 1 03-03-2011 11:18 AM
Where I can get updates for bios and motherboard ?
Where I can get updates for bios and motherboard ? For BIOS System Bios Version : Nvidia - 42302e31 System Bios Date : 02/23/06 Manufacturer : Phoenix Technologies, LTD SMBIOS Version : 6.00 PG
zhong Motherboards, Bios & CPU 6 01-20-2011 03:06 PM
Need major help with bios -- freezing/restarting problem
Hi, I built a computer in January of 2010 as a senior project for graduation out of high school. It is now January of 2011 and I haven't gotten very far with it. I built the PC a year ago and I had this problem where it would randomly lock/freeze up and not move or respond in anyway whatsoever. I...
pburt68 Motherboards, Bios & CPU 114 01-09-2011 03:23 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:34 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts