help with virus deletion

**lindian** · 02-03-2011

Hi, I'm on a windows xp pro, service pack 3, I've got avira, malaware & spybot, I got a virus and ran malaware & avira but neither picked it up, spybot found it but has only disabled it, can it be deleted, spybot says "Microsoft.WindowsSecurityCentre_disabled" if someone can help it would be appreciated, but please be gentle with me as i'm not very good with the technical stuff, Thx very much

**broni** · 02-03-2011

Please, complete all steps listed here: HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

**lindian** · 04-03-2011

I hope I have done this right, ran Malware,GMER & MBRCheck, tied to run DDS, it starts and then seems to hang after about 2 mins and I have to unplug and then replug the computer to get it going again , tried again with internet antivirus and firewall off , but it does just the same, here are the logs I hope, cheers
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5950

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/03/2011 10:40:09
mbam-log-2011-03-04 (10-40-09).txt

Scan type: Quick scan
Objects scanned: 158671
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 2044 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\D9L83679SM (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-03 11:52:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L060AVV207-0 rev.V22OA66A
Running: 30miq2mp.exe; Driver: C:\DOCUME~1\learner5\LOCALS~1\Temp\axtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT F8C6E896 ZwCreateKey
SSDT F8C6E88C ZwCreateThread
SSDT F8C6E89B ZwDeleteKey
SSDT F8C6E8A5 ZwDeleteValueKey
SSDT F8C6E8AA ZwLoadKey
SSDT F8C6E878 ZwOpenProcess
SSDT F8C6E87D ZwOpenThread
SSDT F8C6E8B4 ZwReplaceKey
SSDT F8C6E8AF ZwRestoreKey
SSDT F8C6E8A0 ZwSetValueKey
SSDT F8C6E887 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E275C 4 Bytes CALL 10AF2027
.text ntoskrnl.exe!_abnormal_termination + 120 804E278C 4 Bytes CALL 0ABA2057
.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes CALL 30AA207F
.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes CALL 16082087
.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2840 4 Bytes CALL 744F210B
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat ED3DFD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 174):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8A78000 \WINDOWS\system32\KDCOM.DLL
0xF8988000 \WINDOWS\system32\BOOTVID.dll
0xF8529000 ACPI.sys
0xF8A7A000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8518000 pci.sys
0xF8578000 isapnp.sys
0xF8B40000 pciide.sys
0xF87F8000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A7C000 aliide.sys
0xF8A7E000 cmdide.sys
0xF8A80000 toside.sys
0xF8A82000 viaide.sys
0xF8A84000 intelide.sys
0xF8588000 MountMgr.sys
0xF84F9000 ftdisk.sys
0xF8A86000 dmload.sys
0xF84D3000 dmio.sys
0xF8800000 PartMgr.sys
0xF8598000 VolSnap.sys
0xF898C000 cpqarray.sys
0xF84BB000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF84A3000 atapi.sys
0xF8990000 aha154x.sys
0xF8808000 sparrow.sys
0xF8994000 symc810.sys
0xF85A8000 aic78xx.sys
0xF8998000 dac960nt.sys
0xF85B8000 ql10wnt.sys
0xF899C000 amsint.sys
0xF8810000 asc.sys
0xF89A0000 asc3550.sys
0xF8818000 mraid35x.sys
0xF8820000 i2omp.sys
0xF89A4000 ini910u.sys
0xF85C8000 ql1240.sys
0xF85D8000 aic78u2.sys
0xF8828000 symc8xx.sys
0xF8830000 sym_hi.sys
0xF8838000 sym_u3.sys
0xF8840000 ABP480N5.SYS
0xF8848000 asc3350p.sys
0xF8A88000 cd20xrnt.sys
0xF85E8000 ultra.sys
0xF848A000 adpu160m.sys
0xF8850000 dpti2o.sys
0xF85F8000 ql1080.sys
0xF8608000 ql1280.sys
0xF8618000 ql12160.sys
0xF8858000 perc2.sys
0xF8A8A000 perc2hib.sys
0xF8860000 hpn.sys
0xF89A8000 cbidf2k.sys
0xF845E000 dac2w2k.sys
0xF8628000 disk.sys
0xF8638000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF843E000 fltmgr.sys
0xF842C000 sr.sys
0xF8868000 PxHelp20.sys
0xF8415000 KSecDD.sys
0xF83FE000 WudfPf.sys
0xF8371000 Ntfs.sys
0xF8344000 NDIS.sys
0xF8648000 sisagp.sys
0xF8658000 viaagp.sys
0xF832A000 Mup.sys
0xF8870000 BTHidMgr.sys
0xF89AC000 BtHidBus.sys
0xF8668000 agp440.sys
0xF8678000 alim1541.sys
0xF8688000 amdagp.sys
0xF8698000 agpCPQ.sys
0xF81DF000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF813B000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF8127000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8940000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8103000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8948000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF80C2000 \SystemRoot\System32\DRIVERS\bcmwl5.sys
0xF8950000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF81CF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8958000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8960000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF81BF000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8A68000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF80AE000 \SystemRoot\System32\DRIVERS\parport.sys
0xF81AF000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF819F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF818F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF808B000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8968000 \SystemRoot\System32\Drivers\Asapi.SYS
0xF800C000 \SystemRoot\system32\drivers\smwdm.sys
0xF7FE8000 \SystemRoot\system32\drivers\portcls.sys
0xF86B8000 \SystemRoot\system32\drivers\drmk.sys
0xF7FD0000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8B7D000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF86C8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A74000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7FB9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF86D8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF86E8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8970000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7FA8000 \SystemRoot\System32\DRIVERS\psched.sys
0xF86F8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8978000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8980000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7ED8000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8708000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8888000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8AA2000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7E7A000 \SystemRoot\System32\DRIVERS\update.sys
0xF82EE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8768000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEFAF5000 \SystemRoot\system32\drivers\ialmsbw.sys
0xEFAE3000 \SystemRoot\system32\drivers\ialmkchw.sys
0xF8788000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8AA6000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF88C8000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8A34000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8A38000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7F28000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF88D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF88E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF8AB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B89000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AB2000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88F0000 \SystemRoot\System32\drivers\vga.sys
0xF8AB4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AB6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88F8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8900000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A40000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF6B6000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF65D000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF635000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF613000 \SystemRoot\System32\drivers\afd.sys
0xF7F18000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF8908000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEF5E8000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEF578000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xEFAAB000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF552000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xEF50E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xEFA9B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7E76000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF8ABA000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF8918000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7E6E000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
0xF8920000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xEFA6B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF4F6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8ABE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7E52000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8928000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BFC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF038000 \SystemRoot\System32\ialmdev5.DLL
0xBF060000 \SystemRoot\System32\ialmdd5.DLL
0xBF0E8000 \SystemRoot\System32\ATMFD.DLL
0xEF442000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEF42E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEF1AD000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7F98000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF132000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B02000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEEEFA000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8B24000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xEEA36000 \SystemRoot\System32\Drivers\HTTP.sys
0xF88A8000 \SystemRoot\System32\Drivers\AFGSp50.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
708 csrss.exe
732 C:\WINDOWS\system32\winlogon.exe
776 C:\WINDOWS\system32\services.exe
788 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
1012 svchost.exe
1052 C:\WINDOWS\system32\svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1268 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1584 C:\WINDOWS\system32\rundll32.exe
1640 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1852 svchost.exe
412 C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
424 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
448 C:\Program Files\Application Updater\ApplicationUpdater.exe
540 C:\Program Files\Java\jre6\bin\jqs.exe
664 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
908 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1328 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1424 C:\WINDOWS\system32\svchost.exe
1440 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1732 C:\Program Files\Canon\CAL\CALMAIN.exe
2012 C:\WINDOWS\explorer.exe
1084 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
1128 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
1372 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
1880 C:\Program Files\QuickTime\qttask.exe
2052 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2068 C:\WINDOWS\system32\ctfmon.exe
2208 alg.exe
2464 C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
2820 C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
3296 C:\WINDOWS\system32\svchost.exe
3308 wmiprvse.exe
504 C:\WINDOWS\system32\wuauclt.exe
780 C:\Documents and Settings\learner5\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

**broni** · 04-03-2011

Always continue in your original topic.
This time, I merged both threads.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

**lindian** · 05-03-2011

2011/03/05 09:36:22.0062 2292 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 09:36:22.0312 2292 ================================================== ==============================
2011/03/05 09:36:22.0312 2292 SystemInfo:
2011/03/05 09:36:22.0312 2292
2011/03/05 09:36:22.0312 2292 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/05 09:36:22.0312 2292 Product type: Workstation
2011/03/05 09:36:22.0312 2292 ComputerName: IAN-IBM
2011/03/05 09:36:22.0312 2292 UserName: learner5
2011/03/05 09:36:22.0312 2292 Windows directory: C:\WINDOWS
2011/03/05 09:36:22.0312 2292 System windows directory: C:\WINDOWS
2011/03/05 09:36:22.0312 2292 Processor architecture: Intel x86
2011/03/05 09:36:22.0312 2292 Number of processors: 1
2011/03/05 09:36:22.0312 2292 Page size: 0x1000
2011/03/05 09:36:22.0312 2292 Boot type: Normal boot
2011/03/05 09:36:22.0312 2292 ================================================== ==============================
2011/03/05 09:36:22.0953 2292 Initialize success
2011/03/05 09:36:27.0359 2224 ================================================== ==============================
2011/03/05 09:36:27.0359 2224 Scan started
2011/03/05 09:36:27.0359 2224 Mode: Manual;
2011/03/05 09:36:27.0359 2224 ================================================== ==============================
2011/03/05 09:36:29.0859 2224 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/05 09:36:30.0031 2224 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/03/05 09:36:30.0234 2224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/05 09:36:30.0437 2224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/05 09:36:30.0671 2224 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/05 09:36:30.0875 2224 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/05 09:36:31.0093 2224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/05 09:36:31.0296 2224 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/05 09:36:31.0656 2224 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
2011/03/05 09:36:31.0843 2224 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/05 09:36:32.0109 2224 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/05 09:36:32.0296 2224 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/05 09:36:32.0484 2224 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/05 09:36:32.0671 2224 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/05 09:36:32.0875 2224 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/05 09:36:33.0046 2224 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/05 09:36:33.0234 2224 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/05 09:36:33.0453 2224 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/05 09:36:33.0703 2224 Asapi (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
2011/03/05 09:36:33.0875 2224 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/05 09:36:34.0062 2224 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/05 09:36:34.0250 2224 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/05 09:36:34.0437 2224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/05 09:36:34.0656 2224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/05 09:36:34.0968 2224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/05 09:36:35.0171 2224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/05 09:36:35.0328 2224 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/05 09:36:35.0500 2224 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/05 09:36:35.0703 2224 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/05 09:36:35.0906 2224 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/05 09:36:36.0421 2224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/05 09:36:36.0828 2224 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/03/05 09:36:37.0234 2224 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/03/05 09:36:37.0406 2224 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/03/05 09:36:37.0593 2224 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/03/05 09:36:37.0781 2224 BtHidBus (69511655f2563b3719e0290065369f08) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2011/03/05 09:36:38.0031 2224 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2011/03/05 09:36:38.0218 2224 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/03/05 09:36:38.0406 2224 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/05 09:36:38.0609 2224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/05 09:36:38.0796 2224 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/05 09:36:38.0953 2224 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/05 09:36:39.0093 2224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/05 09:36:39.0265 2224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/05 09:36:39.0750 2224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/05 09:36:40.0093 2224 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/05 09:36:40.0375 2224 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/05 09:36:40.0562 2224 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/05 09:36:40.0734 2224 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/05 09:36:40.0937 2224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/05 09:36:41.0140 2224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/05 09:36:41.0375 2224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/05 09:36:41.0562 2224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/05 09:36:41.0750 2224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/05 09:36:41.0968 2224 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/05 09:36:42.0187 2224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/05 09:36:42.0359 2224 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/05 09:36:42.0546 2224 EGATHDRV (3ef85cad624ea5a26984915ccebc9440) C:\WINDOWS\System32\EGATHDRV.SYS
2011/03/05 09:36:42.0812 2224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/05 09:36:43.0031 2224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/05 09:36:43.0203 2224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/05 09:36:43.0390 2224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/05 09:36:43.0609 2224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/05 09:36:43.0828 2224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/05 09:36:44.0000 2224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/05 09:36:44.0171 2224 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/03/05 09:36:44.0343 2224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/05 09:36:44.0578 2224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/05 09:36:44.0812 2224 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/05 09:36:45.0000 2224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/05 09:36:45.0203 2224 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/05 09:36:45.0359 2224 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/05 09:36:45.0531 2224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/05 09:36:45.0734 2224 ialm (483e123d057f9cab066402239c0a0b3f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/05 09:36:45.0953 2224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/05 09:36:46.0156 2224 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/05 09:36:46.0359 2224 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/05 09:36:46.0562 2224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/05 09:36:46.0796 2224 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/05 09:36:46.0984 2224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/05 09:36:47.0187 2224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/05 09:36:47.0375 2224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/05 09:36:47.0546 2224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/05 09:36:47.0750 2224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/05 09:36:47.0937 2224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/05 09:36:48.0125 2224 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2011/03/05 09:36:48.0343 2224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/05 09:36:48.0515 2224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/05 09:36:48.0781 2224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/05 09:36:48.0984 2224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/05 09:36:49.0406 2224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/05 09:36:49.0609 2224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/05 09:36:49.0765 2224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/05 09:36:49.0953 2224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/05 09:36:50.0125 2224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/05 09:36:50.0296 2224 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/05 09:36:50.0484 2224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/05 09:36:50.0765 2224 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/05 09:36:50.0984 2224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/05 09:36:51.0171 2224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/05 09:36:51.0359 2224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/05 09:36:51.0546 2224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/05 09:36:51.0765 2224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/05 09:36:51.0968 2224 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/05 09:36:52.0171 2224 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/05 09:36:52.0359 2224 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/05 09:36:52.0578 2224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/05 09:36:52.0765 2224 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/05 09:36:52.0953 2224 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/05 09:36:53.0109 2224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/05 09:36:53.0296 2224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/05 09:36:53.0515 2224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/05 09:36:53.0703 2224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/05 09:36:53.0890 2224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/05 09:36:54.0203 2224 NMSCFG (419f4d80fe7e34e2626c84b3c6035955) C:\WINDOWS\system32\drivers\NMSCFG.SYS
2011/03/05 09:36:54.0390 2224 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/03/05 09:36:54.0593 2224 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/03/05 09:36:54.0796 2224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/05 09:36:55.0000 2224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/05 09:36:55.0203 2224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/05 09:36:55.0437 2224 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/05 09:36:55.0765 2224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/05 09:36:55.0968 2224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/05 09:36:56.0187 2224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/05 09:36:56.0375 2224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/05 09:36:56.0546 2224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/05 09:36:56.0812 2224 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/03/05 09:36:57.0000 2224 PcdrNt (231f133b4a5a04307abd95cac80fd063) C:\WINDOWS\System32\drivers\PcdrNt.sys
2011/03/05 09:36:57.0234 2224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/05 09:36:57.0562 2224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/05 09:36:57.0765 2224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/05 09:36:57.0984 2224 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/05 09:36:58.0750 2224 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/05 09:36:58.0968 2224 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/05 09:36:59.0203 2224 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/03/05 09:36:59.0421 2224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/05 09:36:59.0640 2224 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/05 09:36:59.0875 2224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/05 09:37:00.0046 2224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/05 09:37:00.0234 2224 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/05 09:37:00.0468 2224 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/05 09:37:00.0734 2224 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/05 09:37:00.0906 2224 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/05 09:37:01.0093 2224 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/05 09:37:01.0265 2224 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/05 09:37:01.0453 2224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/05 09:37:01.0750 2224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/05 09:37:01.0937 2224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/05 09:37:02.0125 2224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/05 09:37:02.0281 2224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/05 09:37:02.0453 2224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/05 09:37:02.0687 2224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/05 09:37:02.0906 2224 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/05 09:37:03.0109 2224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/05 09:37:03.0312 2224 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/05 09:37:03.0562 2224 rtl8029 (493b54a894a6e70dd02961a68db8863f) C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
2011/03/05 09:37:03.0734 2224 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/05 09:37:03.0968 2224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/05 09:37:04.0171 2224 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/05 09:37:04.0359 2224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/05 09:37:04.0562 2224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/05 09:37:05.0046 2224 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/05 09:37:05.0234 2224 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/05 09:37:05.0437 2224 smwdm (675c3c4d6da71e6be31548150521b561) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/05 09:37:05.0703 2224 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/05 09:37:05.0875 2224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/05 09:37:06.0078 2224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/05 09:37:06.0281 2224 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/05 09:37:06.0468 2224 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/05 09:37:06.0703 2224 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/05 09:37:06.0890 2224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/05 09:37:07.0078 2224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/05 09:37:07.0265 2224 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/05 09:37:07.0468 2224 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/05 09:37:07.0625 2224 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/05 09:37:07.0828 2224 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/05 09:37:08.0015 2224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/05 09:37:08.0234 2224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/05 09:37:08.0468 2224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/05 09:37:08.0671 2224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/05 09:37:08.0812 2224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/05 09:37:09.0015 2224 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/05 09:37:09.0218 2224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/05 09:37:09.0421 2224 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/05 09:37:09.0640 2224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/05 09:37:09.0859 2224 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/03/05 09:37:10.0046 2224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/05 09:37:10.0234 2224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/05 09:37:10.0406 2224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/05 09:37:10.0593 2224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/05 09:37:10.0812 2224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/05 09:37:11.0015 2224 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/03/05 09:37:11.0203 2224 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/03/05 09:37:11.0421 2224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/05 09:37:11.0609 2224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/05 09:37:11.0796 2224 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/03/05 09:37:11.0984 2224 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/03/05 09:37:12.0218 2224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/05 09:37:12.0421 2224 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/05 09:37:12.0640 2224 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/05 09:37:12.0812 2224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/05 09:37:13.0031 2224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/05 09:37:13.0234 2224 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/05 09:37:13.0578 2224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/05 09:37:13.0906 2224 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/05 09:37:14.0109 2224 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/05 09:37:14.0328 2224 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/05 09:37:14.0515 2224 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/05 09:37:14.0812 2224 {6080A529-897E-4629-A488-ABA0C29B635E} (9b808527870ebae0b1dfb90ef3f861b9) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/03/05 09:37:15.0031 2224 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dba29fe70d66f5a82c860894c91b42c7) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/03/05 09:37:15.0125 2224 ================================================== ==============================
2011/03/05 09:37:15.0125 2224 Scan finished
2011/03/05 09:37:15.0125 2224 ================================================== ==============================

**broni** · 05-03-2011

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

**lindian** · 07-03-2011

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8371000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF060000 C:\WINDOWS\System32\ialmdd5.DLL 557056 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7AD4000 C:\WINDOWS\system32\drivers\smwdm.sys 520192 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEF2ED000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF79E2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEF472000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEEA3C000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF0E8000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7B8A000 C:\WINDOWS\System32\DRIVERS\bcmwl5.sys 266240 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.0 wireless driver)
0xEE63B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7A40000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8529000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEECD7000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8344000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF845E000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEDD05000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF35D000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF038000 C:\WINDOWS\System32\ialmdev5.DLL 163840 bytes (Intel Corporation, Component GHAL Driver)
0xEF44A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF84D3000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEF2C7000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7AB0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7BCB000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7B53000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF428000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF843E000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84F9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEF283000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF832A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF848A000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 102400 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7A98000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF84A3000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEEEA8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF84BB000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEF7B7000 C:\WINDOWS\system32\drivers\ialmsbw.sys 94208 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM))
0xF8415000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7A81000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF83FE000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xEEBFA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEEE1C000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7C03000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 81920 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7B76000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7BEF000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF4CB000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xEF7A5000 C:\WINDOWS\system32\drivers\ialmkchw.sys 73728 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM))
0xF842C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8518000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7A70000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7C87000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8758000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8738000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8778000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8768000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF86C8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF81B1000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF85D8000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF85A8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF8638000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8728000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8788000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8598000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8618000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF8608000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF87A8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8668000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8698000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF8678000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF8688000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF8171000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8748000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8588000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8798000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8658000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF8578000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF81E1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF85F8000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF85C8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF8648000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF87C8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8628000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7C77000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8718000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF87B8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8191000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF81C1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF85B8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF85E8000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF7C97000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88A8000 C:\WINDOWS\System32\Drivers\Asapi.SYS 32768 bytes (VOB Computersysteme GmbH, ASAPI)
0xF8908000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8828000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF8838000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF8920000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8888000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8810000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF8870000 BTHidMgr.sys 28672 bytes (IVT Corporation, Bluetooth HID Manager driver)
0xF88A0000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF88F0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8860000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF87F8000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8858000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF8830000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF8930000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF8938000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8840000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF8848000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF8898000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88C8000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8890000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF8910000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8980000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF88F8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8928000 C:\WINDOWS\System32\Drivers\AFGSp50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF8850000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF88E0000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8820000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF8818000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF8900000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8800000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88B8000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8868000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF88C0000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8808000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF88B0000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF199000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8990000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF89A0000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF82EE000 C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 16384 bytes (Brother Industries Ltd., Brother USB Scanner Driver)
0xF89AC000 BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0xF89A8000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF898C000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF8998000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF89A4000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF829D000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEEE00000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF82F2000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8994000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF899C000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF8988000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEF29F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF82FA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8A58000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF82F6000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF82E2000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEE910000 C:\WINDOWS\system32\drivers\NMSCFG.SYS 12288 bytes (Intel Corporation, Intel(R) NIC Management Service Configuration Driver)
0xF8A60000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A7C000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8AC8000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8AC0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A88000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF8A7E000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF8A86000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8AE6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8ABE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A84000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A78000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8AC2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B10000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A8A000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF8B34000 C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xF8AC4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AAE000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A80000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF8AB4000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A82000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8A7A000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C70000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8BA2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8BFF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B40000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [a302.sys]
WARNING: Virus alike driver modification [a308.sys]
WARNING: Virus alike driver modification [a312.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [BtNetDrv.sys]
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [a305.sys]
WARNING: Virus alike driver modification [VMCUSB.sys]
WARNING: Virus alike driver modification [fw203x.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [VHIDMini.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [VBTEnum.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [ADFUUD.SYS]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [BTNetFilter.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [bcbthub.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [a306.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ccdecode.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [RTL8029.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [wstcodec.sys]
WARNING: Virus alike driver modification [vch.sys]
WARNING: Virus alike driver modification [a307.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [blueletaudio.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [CDRALW2K.SYS_]
WARNING: Virus alike driver modification [btcusb.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [NMSDD.SYS]
WARNING: Virus alike driver modification [a309.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [a304.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [a303.sys]
WARNING: Virus alike driver modification [IvtBtBus.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [BCMWL5.SYS]
WARNING: Virus alike driver modification [wa301a.sys]
WARNING: Virus alike driver modification [wa301b.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [NWWMUSB.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [a311.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [a310.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [NETMD031.sys]
WARNING: Virus alike driver modification [NETMD033.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [NETMDUSB.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [PcdrNt.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [Sio9502k.sys]
WARNING: Virus alike driver modification [SktBt2k.sys]
WARNING: Virus alike driver modification [ser2pl.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [OXSER.SYS]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [CDR4_2k.SYS_]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [mstee.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [VComm.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [wssbtr1f.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [iansw2k.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [VcommMgr.sys]
WARNING: Virus alike driver modification [nabtsfec.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [bsstor.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [ac97intc.sys]

**broni** · 08-03-2011

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**lindian** · 09-03-2011

Hi, managed to run rKill but combofix just freezes the computer, tried in safe mode and the same happens, wondered if I had deleted the firs combofix I had on the computer so I did a search and found the following combofix c:\ folder combofix2 c:\qoobox text ( I had to stop it because it just keeps repeating itself, the logs and files are exactly the same0. Please advise as I don't know what to do next. Cheers

**broni** · 09-03-2011

Delete your Combofix file. Download fresh one from here: http://www.filedropper.com/broni
I renamed it for a reason.
Try to run it again, normal, or safe mode.

help with virus deletion

help with virus deletion

Similar Threads

Rootkit deletion help please

Accidental Partition Deletion

Profile deletion

File Deletion Help

deletion of Windows 2000