structure

Was recently hit by a system tools 2011 virus, which I think I removed. However I recently had some type of error (wlan error) and had to run a system scan with DLS. I discovered a file that seems to still be on my computer called system tools 2011. I have scanned with both malwayrebytes and my avg 2011, but both could not find any virus or spyware. I was recommend to post in this forum in my previous thread just to make sure everything was ok. (previous thread: http://forums.malwarebytes.org/index.php?showtopic=71756) thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:41:27 PM, on 1/13/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Mike Stuff\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Mike Stuff\Logitech\SetPoint\SetPoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Mike Stuff\malware remove\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Mike Stuff\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CPN Notifier] C:\Mike Stuff\Poker\Cake Poker 2.0\PokerNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [nifezozegi] Rundll32.exe "C:\Windows\system32\jumukuti.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1720092644-1806278224-2529524551-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Mike Stuff\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickSet.lnk = ? O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Mike Stuff\Poker\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU) O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU) O13 - Gopher Prefix: O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10256 bytes

Ok, I have uninstalled avast! and the wlan error has gone away. So I assume the program was causing the problem. I have left AVAST! off my computer and am now installing AVG2011 and will use that as my antivirus. Is there any way I can check to make sure all traces of previous virus and malware are removed from my computer? thanks for the help

Ok, sorry, I was able to run the fixme.bat file (did not notice the way in which it was being saved to my desktop). I have also uninstalled and updated my JAVA. I am still getting the WLAN error. I will now try uninstalling avast and see if that could be the culprit. Will report back once I find out. And to the poster above, thanks for pointing that out, I did not notice it. I had just removed the "system tools" virus (or at least I thought I did) prior to this wlan problem occurring. Neither mbam nor avast have picked up the malware, so I just assumed it was off of my computer. Should I be concerned about it? thanks

I seem to be unable to preform step 2. When right clicking on the fixme.bat file, I get no option to "run as administrator." I have a few options, but none of them allow me to run the document as a file. I am using a vista machine. I assume when you say notepad, you mean a .txt file (thats the program that comes up when I search notepad). I have saved fixme.bat both with quotes ("fixme.bat") and without. Neither seem to matter. I have also tried to save as .txt and of course as all files, neither work. Maybe I should be Encoding the file as something different? It is default set as ANSI, but I have tried all the others (UNICODE, UTF-8 and unicode big endian) none of which work. thanks

dds.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by Vostro 1500 at 8:31:45.55 on Tue 01/04/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_19 Microsoft

After recently removing some malware (with help from these forums, thanks!) I have deleted the files that were located in my virus vault. I am now getting this popup error "Dell Wireless WLAN Card Wireless Network Controller stopped working and was closed." However my wireless card seems to be working just fine, and I am still connected to my wifi and my internet is all working. I have scanned my computer with malwarebytes with both the quick scan and the full scan. I have also scanned with my avast antivius; both have found no problems. I have uninstalled and reinstalled my wlan card driver after reading some google reports, but nothing has changed. My computer also seems to be slowly eating up small amounts of what little hard drive space I have left (like .01% each restart). You guys have been very helpful here in the past, so maybe you know whats going on here. Any help would be appreciated. Thanks

The virus seems to have gone away after avast seemingly removed it to the vault. I will post quick scan results anyway: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5404 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 12/27/2010 4:25:30 PM mbam-log-2010-12-27 (16-25-30).txt Scan type: Quick scan Objects scanned: 164261 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok, something strange has happened after restart. Virus was still there so I ran RTKill again and got a log saying it killed avast, which I thought was strange because that is my antivirus. So I restarted my computer again, and avast seemed to catch the program (defogger as in the original rtskill) and moved it to a vault. However I am unsure how to double check logs or see exactly for sure what file was moved. I am updating my malwarebytes to the latest version, and I will update my avast antivirus and run some scans once more after I restart. (second rtskill log) This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/27/2010 at 12:43:39. Operating System: Windows Vista Home Basic Processes terminated by Rkill or while it was running: C:\Program Files\Alwil Software\Avast5\setup\avast.setup Rkill completed on 12/27/2010 at 12:43:44.

Ok I was able to get one of the rtskills to run. It seemed to stop the spyware virus, however after running a full system scan with malwarebytes, I did not find any virus. Here are the requested logs. I will attempt to restart my computer and see if the virus is gone, if not I will repeat the steps while waiting for more instructions. thanks rtkill log: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/27/2010 at 10:55:54. Operating System: Windows Vista Home Basic Processes terminated by Rkill or while it was running: C:\ProgramData\fOgEe06300\fOgEe06300.exe Rkill completed on 12/27/2010 at 10:55:59. mbam log: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5320 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 12/27/2010 12:31:16 PM mbam-log-2010-12-27 (12-31-16).txt Scan type: Full scan (C:\|) Objects scanned: 314345 Time elapsed: 1 hour(s), 26 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I have scanned in safe mode, and found no infections. The problem is only occurring when I am in normal mode.

Hello, I am infected with the malware "System Tool." I can not run my malwarebytes program, every time I try to run it i get a small popup in my system tray that says "application can not be executed, the file avastSvc.exe is infected. Please activate your antivirus software" I try to run hijack this and get the same popup. I try to run OTL and get the same popup. All of my .exe files seem to be blocked. I have tried renaming my mbam .exe file as well but that did not work either. What should I do? thank you.

Very informative post. Just to verify before I reconnect to the internet, based off my TSDKILLER results, does it appear that virus has been removed? Can I resume normal activity on my laptop (checking email, connecting to password protected sites, ect.?)? Also, I would like to guarantee that my computer is 100% safe or at least as safe as possible. Is reformatting the best step to take? Can you please provide a short tutorial on how I can go about doing that. Thanks

Hi, I posted about virus help in the HJT forum and received it. Im just figured someone here might know a little better about formatting a computer rather than tag it on in the HJT post. I was told that my computer would not be 100% guaranteed to be secure after virus removal so I would like to make sure it is. As I said in my original post, I am considering reformatting my whole computer but have no idea how to go about doing it, or if its even a good idea. Would you be able to recommend a tutorial on how to go about doing so? thanks

First off, thanks again for all the help. You guys are great! I have a few questions considering the severity of this virus. Hopefully you can answer a few of these questions for me. Why did my anti-virus (AVG Free) not detect this before it was installed? I simply got this virus just by visiting a website (I don't think I actually installed anything) Also, why did I have to use an external malware remover rather than just malwarebytes? My laptop was the computer infected connected to my router via wifi. I also have a desktop (which I have been using to post) that is connected to the internet via my router. My desktop seems to be fine and I have ran a few scans on it just to be sure but is there any way this virus could have possibly compromised my desktop? I thought I read that this specific virus can infect my router...? Also, since my laptop can no longer be guaranteed to be 100% safe (as stated in your post) I am wondering what options I have to change that? Can you please explain why that is the case if I have removed the virus? Would you recommend formatting my harddrive or possibly resetting it to factory settings? Can you please link me to some instructions on how I can reformat? Finally, how did you go come to the conclusion that I had a rootkit on my computer? Was there was a specific line or few in the results I posted? If this requires a long drawn response that I most likely wont understand no need to post a long response, I was just curious. thanks

yikes! thanks for your quick responses and help, it is more than appreciated. I ran the TDSKILLER and it came back with 1 infection. I removed it and rebooted my computer. I will scan one more time with AVG and malwarebytes then attempt to reconnect to the internet and scan again tomorrow. Any thing else that I should do? 2010/09/30 13:43:03.0046 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/30 13:43:03.0046 ================================================================================ 2010/09/30 13:43:03.0046 SystemInfo: 2010/09/30 13:43:03.0046 2010/09/30 13:43:03.0046 OS Version: 6.0.6002 ServicePack: 2.0 2010/09/30 13:43:03.0046 Product type: Workstation 2010/09/30 13:43:03.0046 ComputerName: VOSTRO1500-PC 2010/09/30 13:43:03.0046 UserName: Vostro 1500 2010/09/30 13:43:03.0046 Windows directory: C:\Windows 2010/09/30 13:43:03.0046 System windows directory: C:\Windows 2010/09/30 13:43:03.0046 Processor architecture: Intel x86 2010/09/30 13:43:03.0046 Number of processors: 2 2010/09/30 13:43:03.0046 Page size: 0x1000 2010/09/30 13:43:03.0046 Boot type: Normal boot 2010/09/30 13:43:03.0046 ================================================================================ 2010/09/30 13:43:03.0560 Initialize success 2010/09/30 13:43:14.0153 Deinitialize success 2010/09/30 13:43:19.0316 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/30 13:43:19.0316 ================================================================================ 2010/09/30 13:43:19.0316 SystemInfo: 2010/09/30 13:43:19.0316 2010/09/30 13:43:19.0316 OS Version: 6.0.6002 ServicePack: 2.0 2010/09/30 13:43:19.0316 Product type: Workstation 2010/09/30 13:43:19.0316 ComputerName: VOSTRO1500-PC 2010/09/30 13:43:19.0316 UserName: Vostro 1500 2010/09/30 13:43:19.0316 Windows directory: C:\Windows 2010/09/30 13:43:19.0316 System windows directory: C:\Windows 2010/09/30 13:43:19.0316 Processor architecture: Intel x86 2010/09/30 13:43:19.0316 Number of processors: 2 2010/09/30 13:43:19.0316 Page size: 0x1000 2010/09/30 13:43:19.0316 Boot type: Normal boot 2010/09/30 13:43:19.0316 ================================================================================ 2010/09/30 13:43:19.0769 Initialize success 2010/09/30 13:43:41.0921 ================================================================================ 2010/09/30 13:43:41.0921 Scan started 2010/09/30 13:43:41.0921 Mode: Manual; 2010/09/30 13:43:41.0921 ================================================================================ 2010/09/30 13:43:42.0498 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/09/30 13:43:42.0576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/09/30 13:43:42.0638 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/09/30 13:43:42.0716 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/09/30 13:43:42.0763 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/09/30 13:43:42.0888 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/09/30 13:43:42.0982 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 2010/09/30 13:43:43.0060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/09/30 13:43:43.0122 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys 2010/09/30 13:43:43.0184 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 2010/09/30 13:43:43.0247 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys 2010/09/30 13:43:43.0325 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/09/30 13:43:43.0372 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/09/30 13:43:43.0465 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/09/30 13:43:43.0543 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/09/30 13:43:43.0590 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/09/30 13:43:43.0652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/09/30 13:43:43.0824 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys 2010/09/30 13:43:43.0855 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys 2010/09/30 13:43:43.0949 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys 2010/09/30 13:43:44.0042 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/09/30 13:43:44.0105 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2010/09/30 13:43:44.0183 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/09/30 13:43:44.0323 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/09/30 13:43:44.0417 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/09/30 13:43:44.0464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/09/30 13:43:44.0573 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/09/30 13:43:44.0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/09/30 13:43:44.0651 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/09/30 13:43:44.0713 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/09/30 13:43:44.0791 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/09/30 13:43:44.0916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/09/30 13:43:44.0978 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/09/30 13:43:45.0072 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/09/30 13:43:45.0150 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/09/30 13:43:45.0275 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/09/30 13:43:45.0353 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys 2010/09/30 13:43:45.0400 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2010/09/30 13:43:45.0431 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/09/30 13:43:45.0462 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/09/30 13:43:45.0540 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/09/30 13:43:45.0618 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/09/30 13:43:45.0758 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/09/30 13:43:45.0852 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/09/30 13:43:45.0961 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys 2010/09/30 13:43:46.0039 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/09/30 13:43:46.0148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/09/30 13:43:46.0226 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/09/30 13:43:46.0351 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/09/30 13:43:46.0414 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/09/30 13:43:46.0460 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2010/09/30 13:43:46.0538 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/09/30 13:43:46.0585 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/09/30 13:43:46.0663 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/09/30 13:43:46.0741 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/09/30 13:43:46.0835 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/09/30 13:43:46.0897 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/09/30 13:43:46.0960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2010/09/30 13:43:47.0069 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/09/30 13:43:47.0116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/09/30 13:43:47.0147 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/09/30 13:43:47.0225 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/09/30 13:43:47.0303 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/09/30 13:43:47.0428 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/09/30 13:43:47.0552 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/09/30 13:43:47.0630 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys 2010/09/30 13:43:47.0693 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/09/30 13:43:47.0740 i8042prt (df736b10e72221e0cfbeafbd4c40cd9d) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/09/30 13:43:47.0740 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: df736b10e72221e0cfbeafbd4c40cd9d, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd 2010/09/30 13:43:47.0755 i8042prt - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/09/30 13:43:47.0786 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys 2010/09/30 13:43:47.0849 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/09/30 13:43:47.0927 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/09/30 13:43:47.0974 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys 2010/09/30 13:43:48.0036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/09/30 13:43:48.0130 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/09/30 13:43:48.0286 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/09/30 13:43:48.0332 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/09/30 13:43:48.0442 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/09/30 13:43:48.0520 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 2010/09/30 13:43:48.0566 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/09/30 13:43:48.0613 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/09/30 13:43:48.0691 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/09/30 13:43:48.0754 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/09/30 13:43:48.0800 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/09/30 13:43:48.0910 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/09/30 13:43:49.0003 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\Windows\system32\Drivers\LBeepKE.sys 2010/09/30 13:43:49.0128 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2010/09/30 13:43:49.0175 LHidKe (dd40c03d85649205ec086722474c8a63) C:\Windows\system32\DRIVERS\LHidKE.Sys 2010/09/30 13:43:49.0253 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/09/30 13:43:49.0331 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2010/09/30 13:43:49.0393 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\Windows\system32\DRIVERS\LMouKE.Sys 2010/09/30 13:43:49.0440 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/09/30 13:43:49.0487 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/09/30 13:43:49.0549 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/09/30 13:43:49.0612 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/09/30 13:43:49.0658 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/09/30 13:43:49.0721 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/09/30 13:43:49.0799 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/09/30 13:43:49.0924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/09/30 13:43:50.0017 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/09/30 13:43:50.0064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/09/30 13:43:50.0126 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/09/30 13:43:50.0236 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/09/30 13:43:50.0282 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/09/30 13:43:50.0407 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/09/30 13:43:50.0470 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/09/30 13:43:50.0563 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/09/30 13:43:50.0626 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/09/30 13:43:50.0704 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/09/30 13:43:50.0750 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys 2010/09/30 13:43:50.0813 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/09/30 13:43:50.0938 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/09/30 13:43:51.0016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/09/30 13:43:51.0140 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/09/30 13:43:51.0187 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/09/30 13:43:51.0312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/09/30 13:43:51.0390 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/09/30 13:43:51.0484 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/09/30 13:43:51.0546 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/09/30 13:43:51.0608 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/09/30 13:43:51.0702 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/09/30 13:43:51.0796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/09/30 13:43:51.0874 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/09/30 13:43:51.0936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/09/30 13:43:51.0998 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/09/30 13:43:52.0061 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/09/30 13:43:52.0139 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/09/30 13:43:52.0186 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/09/30 13:43:52.0279 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/09/30 13:43:52.0326 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/09/30 13:43:52.0388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/09/30 13:43:52.0482 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/09/30 13:43:52.0544 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/09/30 13:43:52.0591 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/09/30 13:43:52.0856 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/09/30 13:43:53.0153 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/09/30 13:43:53.0184 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/09/30 13:43:53.0215 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 2010/09/30 13:43:53.0356 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/09/30 13:43:53.0418 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/09/30 13:43:53.0480 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/09/30 13:43:53.0512 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/09/30 13:43:53.0590 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/09/30 13:43:53.0636 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2010/09/30 13:43:53.0699 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/09/30 13:43:53.0777 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 2010/09/30 13:43:53.0902 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/09/30 13:43:54.0151 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/09/30 13:43:54.0229 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/09/30 13:43:54.0354 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/09/30 13:43:54.0416 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys 2010/09/30 13:43:54.0541 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/09/30 13:43:54.0635 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/09/30 13:43:54.0682 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/09/30 13:43:54.0806 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/09/30 13:43:54.0931 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/09/30 13:43:54.0978 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/09/30 13:43:55.0056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/09/30 13:43:55.0103 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/09/30 13:43:55.0181 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/09/30 13:43:55.0243 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/09/30 13:43:55.0306 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys 2010/09/30 13:43:55.0384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/09/30 13:43:55.0446 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/09/30 13:43:55.0524 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2010/09/30 13:43:55.0586 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2010/09/30 13:43:55.0602 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/09/30 13:43:55.0711 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/09/30 13:43:55.0789 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/09/30 13:43:55.0898 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2010/09/30 13:43:55.0945 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/09/30 13:43:55.0992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2010/09/30 13:43:56.0039 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2010/09/30 13:43:56.0117 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/09/30 13:43:56.0210 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/09/30 13:43:56.0273 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2010/09/30 13:43:56.0320 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/09/30 13:43:56.0382 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/09/30 13:43:56.0429 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 2010/09/30 13:43:56.0476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/09/30 13:43:56.0538 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/09/30 13:43:56.0616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/09/30 13:43:56.0710 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/09/30 13:43:56.0756 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/09/30 13:43:56.0819 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/09/30 13:43:56.0881 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/09/30 13:43:56.0990 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys 2010/09/30 13:43:57.0084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/09/30 13:43:57.0131 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/09/30 13:43:57.0162 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/09/30 13:43:57.0193 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/09/30 13:43:57.0256 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2010/09/30 13:43:57.0349 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/09/30 13:43:57.0458 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/09/30 13:43:57.0521 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/09/30 13:43:57.0599 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/09/30 13:43:57.0677 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/09/30 13:43:57.0739 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/09/30 13:43:57.0833 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/09/30 13:43:57.0942 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/09/30 13:43:58.0004 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/09/30 13:43:58.0082 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/09/30 13:43:58.0145 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2010/09/30 13:43:58.0223 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/09/30 13:43:58.0316 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 2010/09/30 13:43:58.0410 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/09/30 13:43:58.0472 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/09/30 13:43:58.0566 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/09/30 13:43:58.0613 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/09/30 13:43:58.0675 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/09/30 13:43:58.0722 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/09/30 13:43:58.0816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/09/30 13:43:58.0878 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/09/30 13:43:58.0925 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/09/30 13:43:58.0972 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2010/09/30 13:43:59.0003 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/09/30 13:43:59.0081 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/09/30 13:43:59.0159 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/09/30 13:43:59.0206 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/09/30 13:43:59.0284 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 2010/09/30 13:43:59.0330 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/09/30 13:43:59.0408 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys 2010/09/30 13:43:59.0502 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/09/30 13:43:59.0580 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/09/30 13:43:59.0642 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/09/30 13:43:59.0736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/09/30 13:43:59.0783 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/09/30 13:43:59.0876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/30 13:43:59.0892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/30 13:43:59.0986 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/09/30 13:44:00.0048 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/09/30 13:44:00.0220 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/09/30 13:44:00.0391 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/09/30 13:44:00.0516 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/09/30 13:44:00.0656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/09/30 13:44:00.0719 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/09/30 13:44:00.0781 ================================================================================ 2010/09/30 13:44:00.0781 Scan finished 2010/09/30 13:44:00.0781 ================================================================================ 2010/09/30 13:44:00.0797 Detected object count: 1 2010/09/30 13:44:34.0243 i8042prt (df736b10e72221e0cfbeafbd4c40cd9d) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/09/30 13:44:34.0243 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: df736b10e72221e0cfbeafbd4c40cd9d, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd 2010/09/30 13:44:38.0143 Backup copy not found, trying to cure infected file.. 2010/09/30 13:44:38.0143 Cure success, using it.. 2010/09/30 13:44:38.0174 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured after reboot 2010/09/30 13:44:38.0174 Rootkit.Win32.TDSS.tdl3(i8042prt) - User select action: Cure 2010/09/30 13:44:55.0366 Deinitialize success