BOO/TDss.M?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 10:24 am

I have attempted to do the Error-Checking and when I click on it to do the fix. It won't do anything and freezes up won't let me close it or anything

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 29th April 2011, 10:41 am

Do you have a Windows Vista setup disk?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 12:20 pm

I got the Error Checking to run finally and it took forever. I do have the disc I tried running it but it kept telling me that it couldnt find the compatable drives. I don't understand that cause I have both driver disc and vista disc and have tried using them both. But on to the next step from your previous post.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 2:57 pm

C:\Program Files\VideoScavenger_1eEI\Installr\1.bin\1eEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Users\charlie\AppData\Local\Temp\5748.tmp Win32/Olmarik.AMN trojan
C:\Users\charlie\AppData\Local\Temp\ecrwnsxmao.exe Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Users\charlie\AppData\Local\Temp\jar_cache676578667115791146.tmp Java/Exploit.CVE-2010-0842.I trojan
C:\Users\charlie\AppData\Local\Temp\worxcenmas.exe Win32/Cimag.DU trojan
C:\Windows\Temp\ecr3D88.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Windows\Temp\ecr3DD7.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\SPLPNlh.dll Win32/Cimag.DU trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\uvosuramujoyexa.dll a variant of Win32/Kryptik.NCK trojan

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 1st May 2011, 6:06 pm

Hi Charles, just came back from my www-less weekend. Some (presumably good) news: new versions exist of aswMBR and GMER. Let´s hope either of them shows details of your infection. First some preparatory work, before we run scans.

====================

  • Please download TFC (Temp File Cleaner) by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all programs and save your work.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that need to be deleted this can take seconds or up to minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

In the following step we are going to disable any CD-emulation drivers you might be running (e.g. Daemon tools, Roxio). These drivers can be a source of problems (blue screens, false positives) for our anti-malware tools. We will not re-enable them until after we clean up your machine.

Download DeFogger by jpshortstuff from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick DeFogger.exe to run the tool (rightclick > Run as Administrator for Windows Vista)
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

If you receive an error message while running DeFogger, please post the defogger_disable log that will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
====================

OK, try disabling the security software you are running (antivirus, firewall). Please check out [You must be registered and logged in to see this link.] to find out how to temporarily disable any security software.

====================

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

====================

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:38 am

GMER 1.0.15.15572 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-02 01:37:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.12.0
Running: yb65thpu.exe; Driver: C:\Users\charlie\AppData\Local\Temp\kxdiafob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:39 am

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:45 am

And sorry should have said all this first...


Welcome back from your www-less weekend. I hope it was a great one.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 7:00 am

I had a great weekend and coming back to work hearing that the most vicious of malware in this world has been eliminated has made my day.

Anyway, it wasn´t easy, but our tools have verified that you are infected with TDSS. It took some effort, because we are dealing with a new variant that has eluded previous versions of our scanners.

We are going to rerun aswMBR, this time to remove the infection.

  • Double click aswMBR.exe to run the tool
  • Once the scan finishes click Fix to remove the infection
  • Copy and paste the contents of the log generated back here.


====================

Also, please rerun the GMER scan and post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 7:14 am

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:03:02
-----------------------------
02:03:02.332 OS Version: Windows 6.0.6002 Service Pack 2
02:03:02.332 Number of processors: 4 586 0xF0B
02:03:02.332 ComputerName: CHARLIE-PC UserName: charlie
02:03:04.142 Initialize success
02:03:14.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:03:14.094 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:03:14.094 Disk 0 MBR read successfully
02:03:14.094 Disk 0 MBR scan
02:03:14.094 Disk 0 TDL4@MBR code has been found
02:03:14.110 Disk 0 MBR hidden
02:03:14.110 Disk 0 MBR [TDL4] **ROOTKIT**
02:03:14.110 Disk 0 trace - called modules:
02:03:14.110 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
02:03:14.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
02:03:14.110 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
02:03:14.126 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
02:03:14.126 Scan finished successfully
02:03:15.155 Disk 0 fixing MBR
02:03:25.170 Disk 0 MBR restored successfully
02:03:25.170 Infection fixed successfully - please reboot ASAP
02:03:31.925 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:03:31.941 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:09:19
-----------------------------
02:09:19.576 OS Version: Windows 6.0.6002 Service Pack 2
02:09:19.576 Number of processors: 4 586 0xF0B
02:09:19.576 ComputerName: CHARLIE-PC UserName: charlie
02:09:20.777 Initialize success
02:09:21.838 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:09:21.838 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:09:21.838 Disk 0 MBR read successfully
02:09:21.838 Disk 0 MBR scan
02:09:21.838 Disk 0 TDL4@MBR code has been found
02:09:21.838 Disk 0 MBR hidden
02:09:21.854 Disk 0 MBR [TDL4] **ROOTKIT**
02:09:21.854 Disk 0 trace - called modules:
02:09:21.854 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f05730]<<
02:09:21.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86185ac8]
02:09:21.854 3 CLASSPNP.SYS[8a5aa8b3] -> nt!IofCallDriver -> [0x8727c8a0]
02:09:21.854 \Driver\iaStor[0x86ee7240] -> IRP_MJ_CREATE -> 0x86f05730
02:09:21.869 Scan finished successfully
02:09:27.095 Disk 0 fixing MBR
02:09:37.110 Disk 0 MBR restored successfully
02:09:37.110 Infection fixed successfully - please reboot ASAP
02:09:44.770 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:09:44.786 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 7:24 am

ugh, aswMBR has failed to remove it. Have you rebooted immediately after fixing?

The safe way to clean your MBR is with the Vista boot disk. But if that disk does not recognize your harddisks as you have said earlier, we have a problem.

If you could verify that. Startup with Vista setup disk > Repair your computer > System Recovery Options > Command Prompt and run the bootrec /FixMbr command.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 7:57 am

The disk doesn't give me repair computer options. It just says install or check compatability online. Which I can't even do online.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 8:14 am

Argll

OK - I have browsed Kaspersky Forum and it appears there is a new version of TDSSKiller that is not yet officially available. I have uploaded it [You must be registered and logged in to see this link.].

Download that file from MegaUpload, unzip and run.

After that run aswMBR to verify if we got rid of this nasty buggar

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 8:22 am

I am going to go ahead and post the log here.
This is from the TDSSKiller2.5.0.0



2011/05/02 03:21:04.0907 5876 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:05.0672 5876 SystemInfo:
2011/05/02 03:21:05.0672 5876
2011/05/02 03:21:05.0672 5876 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/02 03:21:05.0672 5876 Product type: Workstation
2011/05/02 03:21:05.0672 5876 ComputerName: CHARLIE-PC
2011/05/02 03:21:05.0672 5876 UserName: charlie
2011/05/02 03:21:05.0672 5876 Windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 System windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 Processor architecture: Intel x86
2011/05/02 03:21:05.0672 5876 Number of processors: 4
2011/05/02 03:21:05.0672 5876 Page size: 0x1000
2011/05/02 03:21:05.0672 5876 Boot type: Normal boot
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:06.0031 5876 Initialize success
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:14.0002 4260 Scan started
2011/05/02 03:21:14.0002 4260 Mode: Manual;
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:15.0406 4260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/02 03:21:15.0500 4260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/02 03:21:15.0609 4260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/02 03:21:15.0687 4260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/02 03:21:15.0749 4260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/02 03:21:15.0890 4260 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/02 03:21:15.0999 4260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/02 03:21:16.0108 4260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/02 03:21:16.0202 4260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/02 03:21:16.0373 4260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/02 03:21:16.0467 4260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/02 03:21:16.0576 4260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/02 03:21:16.0639 4260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/02 03:21:16.0779 4260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/02 03:21:16.0873 4260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/02 03:21:17.0153 4260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 03:21:17.0231 4260 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/02 03:21:17.0419 4260 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:17.0528 4260 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/02 03:21:17.0637 4260 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/02 03:21:17.0699 4260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/02 03:21:17.0793 4260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/02 03:21:17.0902 4260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 03:21:17.0980 4260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/02 03:21:18.0074 4260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/02 03:21:18.0370 4260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/02 03:21:18.0729 4260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/02 03:21:18.0823 4260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/02 03:21:18.0885 4260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/02 03:21:18.0963 4260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/02 03:21:19.0072 4260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 03:21:19.0213 4260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 03:21:19.0447 4260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/02 03:21:19.0509 4260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/02 03:21:19.0634 4260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/02 03:21:19.0712 4260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/02 03:21:19.0821 4260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/02 03:21:19.0915 4260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/02 03:21:20.0008 4260 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 03:21:20.0180 4260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/02 03:21:20.0305 4260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 03:21:20.0461 4260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 03:21:20.0570 4260 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/02 03:21:20.0679 4260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/02 03:21:20.0851 4260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/02 03:21:20.0960 4260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/02 03:21:21.0069 4260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/02 03:21:21.0178 4260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/02 03:21:21.0272 4260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 03:21:21.0428 4260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 03:21:22.0286 4260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 03:21:22.0395 4260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 03:21:22.0489 4260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 03:21:22.0582 4260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 03:21:22.0660 4260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 03:21:23.0003 4260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/02 03:21:23.0097 4260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 03:21:23.0175 4260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/02 03:21:23.0284 4260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/02 03:21:23.0425 4260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 03:21:23.0503 4260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/02 03:21:23.0596 4260 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/02 03:21:23.0690 4260 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/05/02 03:21:23.0783 4260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 03:21:23.0846 4260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/02 03:21:23.0955 4260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 03:21:24.0064 4260 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/05/02 03:21:24.0142 4260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/02 03:21:24.0236 4260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/02 03:21:24.0329 4260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/02 03:21:24.0454 4260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 03:21:24.0517 4260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 03:21:24.0657 4260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/02 03:21:24.0735 4260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/02 03:21:24.0829 4260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 03:21:24.0907 4260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/02 03:21:24.0985 4260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 03:21:25.0063 4260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/02 03:21:25.0156 4260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/02 03:21:25.0219 4260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 03:21:25.0546 4260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 03:21:25.0718 4260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 03:21:25.0811 4260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 03:21:25.0874 4260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/02 03:21:25.0905 4260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/02 03:21:25.0952 4260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/02 03:21:25.0983 4260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/02 03:21:26.0014 4260 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/02 03:21:26.0045 4260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/02 03:21:26.0077 4260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/02 03:21:26.0108 4260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/02 03:21:26.0139 4260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 03:21:26.0155 4260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 03:21:26.0170 4260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 03:21:26.0233 4260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 03:21:26.0264 4260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/02 03:21:26.0311 4260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 03:21:26.0342 4260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/02 03:21:26.0389 4260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 03:21:26.0404 4260 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 03:21:26.0435 4260 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 03:21:26.0451 4260 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 03:21:26.0498 4260 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/02 03:21:26.0513 4260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/02 03:21:26.0560 4260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 03:21:26.0576 4260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/02 03:21:26.0607 4260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 03:21:26.0623 4260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 03:21:26.0654 4260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 03:21:26.0701 4260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 03:21:26.0716 4260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 03:21:26.0747 4260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 03:21:26.0763 4260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/02 03:21:26.0794 4260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 03:21:26.0841 4260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/02 03:21:26.0857 4260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 03:21:26.0888 4260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 03:21:26.0935 4260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 03:21:26.0950 4260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 03:21:26.0981 4260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 03:21:27.0013 4260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 03:21:27.0059 4260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/02 03:21:27.0075 4260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 03:21:27.0122 4260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 03:21:27.0184 4260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 03:21:27.0231 4260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/02 03:21:27.0247 4260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/02 03:21:27.0278 4260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 03:21:27.0325 4260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 03:21:27.0340 4260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/02 03:21:27.0403 4260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 03:21:27.0434 4260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/02 03:21:27.0465 4260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 03:21:27.0496 4260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/02 03:21:27.0527 4260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/02 03:21:27.0559 4260 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/02 03:21:27.0574 4260 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/02 03:21:27.0621 4260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/02 03:21:27.0715 4260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 03:21:27.0730 4260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/02 03:21:27.0777 4260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 03:21:27.0808 4260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/02 03:21:27.0855 4260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/02 03:21:27.0886 4260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/02 03:21:27.0933 4260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 03:21:28.0027 4260 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:28.0058 4260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 03:21:28.0073 4260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 03:21:28.0120 4260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 03:21:28.0136 4260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 03:21:28.0167 4260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 03:21:28.0214 4260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 03:21:28.0245 4260 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 03:21:28.0261 4260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 03:21:28.0292 4260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 03:21:28.0323 4260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 03:21:28.0354 4260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/02 03:21:28.0401 4260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 03:21:28.0448 4260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/02 03:21:28.0463 4260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/02 03:21:28.0495 4260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/02 03:21:28.0526 4260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/02 03:21:28.0541 4260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/02 03:21:28.0557 4260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/02 03:21:28.0588 4260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/02 03:21:28.0635 4260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/02 03:21:28.0666 4260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/02 03:21:28.0697 4260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/02 03:21:28.0760 4260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 03:21:28.0791 4260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/02 03:21:28.0853 4260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 03:21:28.0885 4260 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 03:21:28.0931 4260 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 03:21:28.0994 4260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/02 03:21:29.0056 4260 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/05/02 03:21:29.0134 4260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 03:21:29.0197 4260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/02 03:21:29.0321 4260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/02 03:21:29.0368 4260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/02 03:21:29.0446 4260 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 03:21:29.0493 4260 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 03:21:29.0509 4260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 03:21:29.0540 4260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 03:21:29.0571 4260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 03:21:29.0633 4260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 03:21:29.0680 4260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 03:21:29.0774 4260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 03:21:29.0852 4260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/02 03:21:29.0930 4260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 03:21:29.0977 4260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/02 03:21:30.0023 4260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 03:21:30.0055 4260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/02 03:21:30.0086 4260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/02 03:21:30.0117 4260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/02 03:21:30.0133 4260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/02 03:21:30.0164 4260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 03:21:30.0195 4260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 03:21:30.0211 4260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/02 03:21:30.0257 4260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 03:21:30.0289 4260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 03:21:30.0320 4260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/02 03:21:30.0351 4260 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/02 03:21:30.0382 4260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/02 03:21:30.0382 4260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 03:21:30.0429 4260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 03:21:30.0445 4260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/02 03:21:30.0476 4260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/02 03:21:30.0507 4260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/02 03:21:30.0569 4260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/02 03:21:30.0585 4260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/02 03:21:30.0632 4260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 03:21:30.0694 4260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/02 03:21:30.0741 4260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/02 03:21:30.0772 4260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/02 03:21:30.0803 4260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0819 4260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0850 4260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/02 03:21:30.0881 4260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 03:21:30.0959 4260 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/02 03:21:31.0037 4260 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/02 03:21:31.0069 4260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/02 03:21:31.0115 4260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 03:21:31.0147 4260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 03:21:31.0162 4260 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/02 03:21:31.0225 4260 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0225 4260 Scan finished
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0240 4820 Detected object count: 1
2011/05/02 03:21:35.0967 4820 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/02 03:21:35.0967 4820 \HardDisk0 - ok
2011/05/02 03:21:35.0967 4820 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 8:36 am

I have tried rebooting my computer after running the TDDSkiller and now every time it comes up to a blue screen and wont boot. I think I really screwed up. After running the scan I clicked cure I think and thats where I messed up. Anything I can do now or will I just have to suck it up and take it to the shop.. I am racking my brains here. Please tell me I didn't really mess this thing up.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 9:26 am

You didn´t mess things up - we´re dealing with a very new and tough infection and not being able to access your HD with a Vista setup disk means we have limited possibilities of killing this infection. If anyone failed here, it is me telling you to run new utilities.

Anyway: if you cannot boot up from this computer - do you have access to another computer? If so, we´re going to burn a boot CD that is hopefully going to allow us to enter your computer and see if we can fix it.

  • Download OTLPEStd.exe by OldTimer from [You must be registered and logged in to see this link.] (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out [You must be registered and logged in to see this link.]
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply


Leave your computer in REATOGO-X-PE. Don´t switch it off.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 9:28 am

I have access to my wifes computer



She has windows XP though so don't know if it will help.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 9:32 am

Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 9:35 am

[You must be registered and logged in to see this link.] wrote:I have access to my wifes computer

She has windows XP though so don't know if it will help.
That is perfect. Any computer able to burn a CD will do.

[You must be registered and logged in to see this link.] wrote:Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use
I think it is possible to create an USB rescue stick to run OTLPE, but a boot CD is much easier.

An blank CD-R 700 disk is fine.
See if you can burn that CD and restart the problem computer from that disk.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:16 am

It keeps telling me that no windows installation is found in that OTLPE. I even tried to get it to browse inside the disc and says that target didn't produce anything windows 2000 or newer.


I can't get to the screen that shows on the website you listed to boot with cd. I don't understand I pressed F12 and I can't find where it talks bout the key or anything when I boot it gives me 4 options I am so lost. Going to keep trying to find the BIOS screen at boot up

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 10:23 am

You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?

What kind of brand/model is the problem computer?


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:30 am

[You must be registered and logged in to see this link.] wrote:You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?
Yes I did. I will try to restart my wifes computer with the disk in and make sure it was created correctly.



[You must be registered and logged in to see this link.] wrote:
What kind of brand/model is the problem computer?


My computer is a Dell XPS 420 with Windows Vista. The disks says Windows XP professional.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:37 am

I have restarted wifes computer with the disk inside. However it does nothing but straight to my regular stuff.

Have I really messed things up that bad.. LOL

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 10:42 am

Wait a minute - have you tried to start up your Dell XPS 420 from a Windows XP setup disk?

Because then I understand that it fails - Windows XP setup disks generally cannot find SATA disk drives.

If your wife´s computer boots Windows normally, it is because it is not told to startup from CD.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:51 am

No I have been using the right disk. My wife's computer didn't come with a disk. Dell has that problem from what I heard bout XP. I also used the disk you had me make, on my wifes computer and told it to start up with the disc it worked. The only problem is that I can't get the file to work on my COMPUTER. The Vista one. The disk was made right just can't get the file to work with the computer thats all. I don't know what is going on.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:52 am

The computer running Vista is the one I am having the problem with. The disk you had me make says its loading xp on there. I don't understand..... Sad tearing

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 11:03 am

Yes, the OTLPE boot disk is windows XP based. From there I can also repair damaged Windows Vista/Windows 7 systems.

Your Dell XPS 420 is the first computer that I encounter that cannot boot up from the OTLPE boot disk.

I need some new ideas now.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 11:14 am

I finally got a scan with the text to run. I haven't gotten to see a finised log yet. I am still waiting.


There wasn't any prompts to say yes and ok to and there wasn't an option to load all remaining users.

If a log is produced I will have to load it to my usb device to post it cause I couldn't use the internet with the other computer.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 11:15 am

What? You managed to boot up the Dell with the OTLPE boot disk?

That is good news.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 11:26 am

It's probably just me. Don't worry if we can't get it. I am not it's time for a new pc anyways. LOL

The scan has finished but it didn't produce a log.. I don't know why maybe is because I didn't get to use it the regular double click way i had to open the folder and use it. So it didn't give me the options that you said it would.

My brain is starting to fry from all the crap this thing is putting me through.

I am very appreciative to you and this forum for allowing me to get help.


My wife says that she wants to start the Academy after she comes through you guys and makes sure her computer is clean. Smile

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 11:27 am

Yea good news and bad news... It won't do right. Like I have stated before it won't allow me to run the file you requested then I use it without the command prompt box and it scans but don't produce a log. MY computer hates us.



When it finishes the scan it opens a log but there is nothing in it. So weird. As well the C:\ is now a X:\ but I say yes to the prompt to open the log and it still don't have any text in it.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 11:40 am

I sent you a PM

You have now started up the Dell with the OTLPE disk and are looking at the Reatogo desktop right?

I would like you to browse your computer and find your harddisk. In one of our previous steps we have run mbrcheck. I want to run that again and see if it produces something intelligent.

It should be here:
C:\Users\charlie\Desktop\mbrcheck.exe

(not sure about the C:, maybe your Dell harddisk has another drive letter)

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 11:47 am

Ok it has detected Vista

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 11:55 am

[You must be registered and logged in to see this link.]

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 11:57 am

OK

So what happened is that TDSSKiller managed to kill the infection and cured the infected Vista MBR by replacing it with a standard Vista MBR.

The bad thing is that it broke your operating system. Your original MBR was a non-standard Vista MBR and your computer cannot work with a standard Vista MBR.

We need a way to recuperate the original non-standard Vista MBR or else your computer is cooked.

I´m going to discuss this issue with my colleagues from the forum.

The Vista setup CD what does it exactly say? Any brand name or version or service pack or anything?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 12:07 pm

Operating System

Already Installed on your Computer


Reinstallation DvD
Windows Vista Home Premium 32bit

The software is already installed on your computer. Only use this dvd to reinstall the operating sysem on a Dell PC.
The dvd is not for reinstallation of programs or drivers.
Support for these products is provided by Dell.
For Distribution only with a new dell pc

2007 dell inc.


I also have a Driver and Utilities disk.
It says pretty much the same thing it supports Dell XPS 420 and 720.

For reinstalling Dell XPS Desktop Computer Software.


When I try using it. It ask me which option to chose... Install or find compatability online. However the online don't let me do anything. And when I try to install it can't find a compatable driver even after using the driver and utilities disk.


Anyways yes thats fine I don't have anything better to do with the computer as it is. I will be awaiting a response as for now I am going to be logging off for the day or I might be back later to see if there is anything new to see. Thank you so very much for the time you have put into this. I hate malware/virus crap.

And yes bout the worst one being eliminated I totally agree with you there. That has made alot of people very very happy. Just sad that it took almost 10 years to do.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 12:11 pm

Here is the log from the MBRcheck



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x008000fe

Kernel Drivers (total 83):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halaacpi.dll
0xF7987000 \i386\system32\KDCOM.DLL
0xF7897000 \i386\system32\BOOTVID.dll
0xF73EC000 setupdd.sys
0xF7A4F000 \i386\system32\drivers\SPDDLANG.SYS
0xF73DB000 pci.sys
0xF73AD000 acpi.sys
0xF7989000 \i386\system32\drivers\WMILIB.SYS
0xF7487000 isapnp.sys
0xF7A50000 \i386\system32\drivers\OPRGHDLR.SYS
0xF7497000 ohci1394.sys
0xF74A7000 \i386\system32\drivers\1394BUS.SYS
0xF7707000 \i386\system32\drivers\PCIIDEX.SYS
0xF74B7000 mountmgr.sys
0xF7370000 ftdisk.sys
0xF7717000 partmgr.sys
0xF7993000 dmload.sys
0xF734A000 dmio.sys
0xF74E7000 \i386\system32\drivers\CLASSPNP.SYS
0xF7727000 usbehci.sys
0xF72F0000 \i386\system32\drivers\USBPORT.SYS
0xF7737000 usbuhci.sys
0xF7507000 usbhub.sys
0xF7997000 \i386\system32\drivers\USBD.SYS
0xF789F000 hidusb.sys
0xF7747000 \i386\system32\drivers\HIDPARSE.SYS
0xF7517000 \i386\system32\drivers\HIDCLASS.SYS
0xF774F000 usbstor.sys
0xF78A7000 kbdhid.sys
0xF7757000 kbdclass.sys
0xF775F000 mouclass.sys
0xF78AB000 mouhid.sys
0xF72D8000 SCSIPORT.SYS
0xF78C7000 VMSCSI.SY_
0xF77BF000 VIAPDSK.SY_
0xF7193000 viamraid.SY_
0xF712C000 SISRAID4.SY_
0xF77C7000 SISRAID2.SY_
0xF75F7000 SISRAID1.SY_
0xF7607000 SISRAID.SY_
0xF70F6000 si3531.SY_
0xF70DF000 SI3132B5.SY_
0xF6C04000 iastor86.SY_
0xF614C000 dmboot.sys
0xF720B000 cdrom.sys
0xF71FB000 disk.sys
0xF6135000 ksecdd.sys
0xF6112000 fastfat.sys
0xF6085000 ntfs.sys
0xF71EB000 cdfs.sys
0xF6058000 ndis.sys
0xF603D000 mup.sys
0xF7B98000 \SystemRoot\System32\drivers\audstub.sys
0xF799F000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF6863000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5EE9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF5FDC000 \SystemRoot\system32\drivers\ramdriv.sys
0xF684B000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF5FD0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7BA8000 \SystemRoot\System32\Drivers\Null.SYS
0xF772F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7767000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xF5F94000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7A8A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF6EB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF788F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAAB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9C5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9A3000 \SystemRoot\system32\drivers\afd.sys
0xBA97B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF74C7000 \??\B:\aswMBR.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
260 X:\I386\SYSTEM32\CSRSS.EXE
320 X:\I386\SYSTEM32\SERVICES.EXE
332 X:\I386\SYSTEM32\LSASS.EXE
452 X:\I386\SYSTEM32\SVCHOST.EXE
480 X:\I386\SYSTEM32\REATOGOLOGON.EXE
536 X:\I386\SYSTEM32\SVCHOST.EXE
1548 X:\I386\SYSTEM32\SVCHOST.EXE
1720 X:\I386\SYSTEM32\SVCHOST.EXE
1852 X:\PROGRAMS\wbload\wbload.exe
1980 X:\I386\SYSTEM32\SVCHOST.EXE
2036 X:\I386\EXPLORER.EXE
972 X:\I386\EXPLORER.EXE
1648 C:\Users\charlie\Desktop\unused shit\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive4 at offset 0x00000003`c3000000 (NTFS)
\\.\H: --> \\.\PhysicalDrive4 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive4 Model Number: WDCWD3200AAKS-75VYA0, Rev: 12.01B02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive4 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 3rd May 2011, 7:32 am

Hey Charles,

I have consulted with my colleagues and they agree with what we have done so far. Nobody screwed up, we´re just in a tough spot. Most computers would work properly with the standard MBR. Yours does not Sad tearing

I have some new instructions.

Insert you vista CD in the Dell and boot from it.
As you reported earlier, it will not find any harddisks on your system, correct?
Is there an option to install customs drivers, or something? What are the options you find?

If there is, I want to try the following.

Download this file on your working computer:

[You must be registered and logged in to see this link.]
It is a zip file.
Unpack the zip file.
Burn the files on a CD.

If you don´t know how to burn files to a CD, download imgburn
[You must be registered and logged in to see this link.]

Use the write files/folders to disk option and burn all the files that are in the zip file to a CD.

These are Dell pre OS-install disk drivers.
See if you can install them and have you vista setup disk find your harddisk.
If it does, report back to me please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 3rd May 2011, 1:01 pm

I got a tip from a dude at another tech forum.

Based on what you describe, it sounds like the BIOS is configured to run the hard disk in AHCI mode, but the AHCI driver isn't installed, so I would check the BIOS settings to see if AHCI is enabled, and disable it if it is.

Feel free to try this. It is outside my scope of knowledge. Reboot normally after this step.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 3rd May 2011, 7:31 pm

I have just returned from a day trip with family. While I was away I bought a new computer. I have a guy thats going to replace the Vista with Linux. He wanted the computer for spare parts. So I thank you so much for trying to help me get this working. I have never had so much head ache from one computer. Again thanks..



charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 15th June 2011, 12:45 am

Hey sorry this took so long. But we just tried doing the disc you suggested and GUESS WHAT..... IT WORKED!!!!!!!!!!!!!


TY

YOU ARE AWESOME.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21198
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum