Jump to content

Help!Remote Access bot/trojan? accessing Media Sharing and Games


Recommended Posts

I'm at my wits end in trying to figure out what keeps making my Toshiba Laptop transform itself into a "Server Host" and I am just a Client logging on with no priveleges, even when I am using the administrators acct. I have repeatedly tried clean install, have had multiple support incidents with Toshiba and Microsoft, they are no help. I am almost convinced after 7 months of fighting with this new laptop that the OEM has embedded some crap that works in stages as time goes by to configure it's "Hidden Virtual Server" and is connecting with Media Center/Player and Games to allow backdoor access to my connection. I may sound out of my mind, but I have spent over one year reading, looking and experimenting with my 4 machines, and they all seem to display the same behavior. I'm going to give ya'll a try at helping, since the other folks are in denial.

Machine I am using now:

Toshiba L455D-S5976 Laptop (new April 2010) Windows 7 Home Premium 32bit

OEM specs: 2GB Ram 250GB Harddrive, ATI RAdeon 3200 Graphics, AMD Sempron SI- 42

supposedly bare bones model, No WebCam, No Bluetooth, No Floppy

wireless adapter removed by myself, run wired connection only direct to Cox Cable HSI box.

(did this because I have neighbors who run unsecured routers, and it kept trying to connect automatically to them, I couldnt reconfig that, so I removed it)

Removed factory setup, used my Win 7 disks to clean install months ago, cant get Toshiba to explain why I still am only to access 232GB of a 250GB harddrive.

Things I find weird:

DVD/CDrom starts itself with no reason randomly

Internet Explorer corrupt and won't allow me to download new copy (Has custom configs in reg IEAK)

Unabled to deactivate remote assistance, which automatically resets itself to allow assistance for 6 hours from any computer

Unable to disable Media Center Sharing, Media Player Network Sharing, or Peer to Peer Networking without malfunctions so bad a restore or re-install is required

If any mods are made to ports to increase security above the auto config, suffer a DOS attack, and must do the same procedures to get online.

Can't get the Windows Updates for security to install properly (acts like its doing it, says it does, but then asks again) Also does auto update, even if I have it marked to ask me first. (gets Toshiba Value Added Package TVALZ_O, ATI , Realtek driver updates no matter what I say)

Blocks most Antivirus, Firewall, Antispyware, and rootkit tools.

So, I have tons of information about behaviors, scripts i've read, security certifiate abnormalities etc

If you see reference to "Macrovision" in these logs, I've looked at that, and my file detail says it is a Japanese version, not english.

When I right click on dds.scr on my desktop, it says its a screensaver and my options are to "test" or "configure" it

I have hundreds of file extensions I have never seen in my life, and can't get info on either. Oh, and I cant modify the associations either. Dozens are "unknown" file type which open with "Unknown"

In the ark.zip I included a text file of a suspicious script that was embedded in a .dll file, the word robot seems to give me the willy's. Apphelp is another suspicious character

Ask anything you want....I have been beating my head on the wall for over a year. As a 20+ year user of computers, I have never seen anything act so strange, nor have I been unable to fix it myself. I would love to find another person who can think "outside the box" to assist me in my research of this issue. I have the insight to see it, but not always the tech knowledge to process it.

Here's the logs:

I renamed mbam.exe winlogon.exe so it would run on advice I found in a forum post

11/8/2010 9:56:06 AM

mbam-log-2010-11-08 (09-56-06).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 178767

Time elapsed: 26 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (reboot) (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Malwarebytes\winlogon.exe (Trojan.Agent) ->

DDS (Ver_10-11-08.01) - NTFSx86

Run by LunaBlue at 8:32:34.69 on Mon 11/08/2010

Internet Explorer: 8.0.7600.16385

============== Running Processes ===============

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www,dogpile.com

uStart Page = hxxp://www.gulfcoastclaimsfacility.com/

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\malwarebytes\winlogon.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

============= SERVICES / DRIVERS ===============

=============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-11-08 11:05:18 -------- d-----w- c:\users\lunablue\appdata\roaming\Avira

2010-11-08 10:53:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-08 10:53:08 -------- d-----w- c:\program files\Avira

2010-11-08 10:53:08 -------- d-----w- c:\progra~2\Avira

2010-11-08 10:34:43 -------- d-sh--w- c:\windows\Installer

2010-11-08 04:05:57 -------- d-----w- c:\program files\CCleaner

2010-11-08 01:03:11 -------- d-----w- c:\users\lunablue\appdata\roaming\Malwarebytes

2010-11-08 01:03:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-08 01:03:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 01:03:05 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-08 01:03:04 -------- d-----w- C:\Malwarebytes

2010-11-07 21:42:38 -------- d-----w- c:\windows\system32\Wat

2010-11-07 21:06:11 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-07 21:05:10 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-07 21:05:10 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-07 21:05:10 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-07 21:05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-07 21:05:10 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-07 21:00:56 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-11-07 17:06:07 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2010-11-07 17:06:06 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-11-07 17:06:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-07 17:04:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-11-07 17:04:41 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-07 17:04:39 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-07 17:04:39 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-07 17:04:37 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-07 17:04:36 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-07 17:04:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-11-07 17:04:36 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-11-07 17:01:20 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2c1e9b9a-b7c3-4da7-ba62-f6d2b08f4c9d}\mpengine.dll

2010-11-07 17:01:19 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-11-07 16:58:16 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-11-07 16:58:15 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-07 09:27:22 -------- d-----w- C:\MGADiagToolOutput

2010-11-07 09:06:37 -------- d-----w- c:\program files\common files\Panda Security

2010-11-06 23:40:30 -------- d-----w- c:\windows\Panther

2010-11-06 22:43:10 0 ----a-w- c:\windows\ativpsrm.bin

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 8:33:08.57 ===============

ark.zip

apphelp.zip

Link to post
Share on other sites

:P

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

No interesting results from these scans unfortunately.

GooredFix by jpshortstuff (03.07.10.1)

Log created at 18:32 on 08/11/2010 (LunaBlue)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

(Key not found)

-=E.O.F=-

2010/11/08 18:34:23.0297 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/08 18:34:23.0297 ================================================================================

2010/11/08 18:34:23.0297 SystemInfo:

2010/11/08 18:34:23.0297

2010/11/08 18:34:23.0297 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/08 18:34:23.0297 Product type: Workstation

2010/11/08 18:34:23.0297 ComputerName: LUNA_BLUE

2010/11/08 18:34:23.0297 UserName: LunaBlue

2010/11/08 18:34:23.0297 Windows directory: C:\Windows

2010/11/08 18:34:23.0297 System windows directory: C:\Windows

2010/11/08 18:34:23.0297 Processor architecture: Intel x86

2010/11/08 18:34:23.0297 Number of processors: 1

2010/11/08 18:34:23.0297 Page size: 0x1000

2010/11/08 18:34:23.0297 Boot type: Normal boot

2010/11/08 18:34:23.0297 ================================================================================

nn

2010/11/08 18:34:23.0687 Initialize success

2010/11/08 18:34:29.0381 ================================================================================

2010/11/08 18:34:29.0381 Scan started

2010/11/08 18:34:29.0381 Mode: Manual;

2010/11/08 18:34:29.0381 ================================================================================

2010/11/08 18:34:30.0411 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/08 18:34:30.0567 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/08 18:34:30.0707 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/08 18:34:30.0895 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/08 18:34:31.0051 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/08 18:34:31.0207 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/08 18:34:31.0409 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/11/08 18:34:31.0565 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/08 18:34:31.0706 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/11/08 18:34:31.0909 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/08 18:34:32.0096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/11/08 18:34:32.0236 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/08 18:34:32.0392 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/08 18:34:32.0564 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/08 18:34:32.0720 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/08 18:34:32.0907 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/08 18:34:33.0047 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/08 18:34:33.0235 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/11/08 18:34:33.0422 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/11/08 18:34:33.0562 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/08 18:34:33.0718 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/08 18:34:33.0843 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/08 18:34:34.0155 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/08 18:34:34.0420 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/11/08 18:34:34.0561 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys

2010/11/08 18:34:34.0748 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/11/08 18:34:34.0951 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/11/08 18:34:35.0138 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/11/08 18:34:35.0294 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/08 18:34:35.0434 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/08 18:34:35.0575 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/08 18:34:35.0699 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/08 18:34:35.0855 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/11/08 18:34:35.0996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/08 18:34:36.0152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/08 18:34:36.0292 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/08 18:34:36.0448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/08 18:34:36.0604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/08 18:34:36.0776 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/08 18:34:36.0932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/08 18:34:37.0057 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/11/08 18:34:37.0228 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/08 18:34:37.0369 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/08 18:34:37.0540 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/11/08 18:34:37.0712 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/08 18:34:37.0868 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/08 18:34:38.0024 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/08 18:34:38.0211 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/11/08 18:34:38.0383 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/11/08 18:34:38.0539 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/11/08 18:34:38.0726 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/11/08 18:34:38.0929 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/08 18:34:39.0209 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/11/08 18:34:39.0459 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/08 18:34:39.0615 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/08 18:34:39.0802 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/11/08 18:34:39.0943 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/11/08 18:34:40.0099 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/08 18:34:40.0255 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/11/08 18:34:40.0395 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/11/08 18:34:40.0551 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/08 18:34:40.0723 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/11/08 18:34:40.0910 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/11/08 18:34:41.0066 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/08 18:34:41.0222 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/08 18:34:41.0378 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/08 18:34:41.0534 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/08 18:34:41.0690 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2010/11/08 18:34:41.0861 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/08 18:34:42.0017 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/08 18:34:42.0173 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/08 18:34:42.0329 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/08 18:34:42.0517 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/08 18:34:42.0688 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/08 18:34:42.0922 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/11/08 18:34:43.0063 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/08 18:34:43.0234 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/08 18:34:43.0406 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/08 18:34:43.0562 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/08 18:34:43.0718 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/08 18:34:43.0889 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/08 18:34:44.0061 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/08 18:34:44.0233 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/08 18:34:44.0389 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/11/08 18:34:44.0545 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/11/08 18:34:44.0701 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/08 18:34:44.0888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/08 18:34:45.0044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/08 18:34:45.0184 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/08 18:34:45.0340 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/08 18:34:45.0481 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/08 18:34:45.0668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/08 18:34:45.0855 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/08 18:34:46.0027 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/08 18:34:46.0198 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/08 18:34:46.0354 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/08 18:34:46.0510 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/11/08 18:34:46.0666 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/08 18:34:46.0822 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/08 18:34:46.0994 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/11/08 18:34:47.0165 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/08 18:34:47.0306 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/08 18:34:47.0509 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/08 18:34:47.0665 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/11/08 18:34:47.0836 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/08 18:34:47.0992 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/08 18:34:48.0148 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/08 18:34:48.0304 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/08 18:34:48.0429 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/08 18:34:48.0601 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/08 18:34:48.0741 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/08 18:34:48.0944 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/08 18:34:49.0022 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/11/08 18:34:49.0162 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/08 18:34:49.0334 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/08 18:34:49.0490 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/08 18:34:49.0646 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/08 18:34:49.0864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/11/08 18:34:49.0973 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/11/08 18:34:50.0129 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/08 18:34:50.0207 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/11/08 18:34:50.0348 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/08 18:34:50.0488 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/11/08 18:34:50.0660 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/08 18:34:50.0878 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/11/08 18:34:51.0019 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/08 18:34:51.0175 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/08 18:34:51.0315 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/08 18:34:51.0455 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/08 18:34:51.0596 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/11/08 18:34:51.0767 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/08 18:34:51.0908 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/08 18:34:52.0111 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/08 18:34:52.0298 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/11/08 18:34:52.0423 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/08 18:34:52.0610 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/11/08 18:34:52.0781 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/11/08 18:34:52.0922 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/08 18:34:53.0078 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/08 18:34:53.0218 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/08 18:34:53.0374 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/08 18:34:53.0530 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/11/08 18:34:53.0686 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/11/08 18:34:53.0842 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/11/08 18:34:53.0998 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/11/08 18:34:54.0139 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/08 18:34:54.0295 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/08 18:34:54.0435 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/11/08 18:34:54.0591 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/11/08 18:34:54.0887 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/08 18:34:55.0059 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/11/08 18:34:55.0246 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/08 18:34:55.0433 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/08 18:34:55.0605 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/08 18:34:55.0777 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/08 18:34:55.0933 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/08 18:34:56.0089 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/08 18:34:56.0260 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/08 18:34:56.0447 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/08 18:34:56.0603 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/08 18:34:56.0759 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/08 18:34:56.0931 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/08 18:34:57.0056 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/08 18:34:57.0212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/08 18:34:57.0368 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/08 18:34:57.0539 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/11/08 18:34:57.0711 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/11/08 18:34:57.0929 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/08 18:34:58.0117 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

2010/11/08 18:34:58.0288 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/08 18:34:58.0444 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/08 18:34:58.0616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/11/08 18:34:58.0819 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/08 18:34:58.0865 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/11/08 18:34:58.0912 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/08 18:34:58.0990 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/08 18:34:59.0131 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/11/08 18:34:59.0255 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/08 18:34:59.0411 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/08 18:34:59.0583 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/11/08 18:34:59.0723 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/08 18:34:59.0895 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/08 18:35:00.0067 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/11/08 18:35:00.0238 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/11/08 18:35:00.0441 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/08 18:35:00.0597 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/08 18:35:00.0737 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/08 18:35:00.0893 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2010/11/08 18:35:00.0987 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/08 18:35:01.0159 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/08 18:35:01.0377 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/11/08 18:35:01.0580 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/08 18:35:01.0751 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/08 18:35:01.0907 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/11/08 18:35:02.0048 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/11/08 18:35:02.0188 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/08 18:35:02.0344 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/08 18:35:02.0547 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/08 18:35:02.0719 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/08 18:35:02.0890 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/08 18:35:03.0046 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/08 18:35:03.0249 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/08 18:35:03.0436 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/08 18:35:03.0561 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/08 18:35:03.0717 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/08 18:35:03.0873 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/08 18:35:04.0029 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/08 18:35:04.0185 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/08 18:35:04.0326 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/08 18:35:04.0482 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/08 18:35:04.0606 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/08 18:35:04.0794 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/08 18:35:04.0918 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/08 18:35:05.0012 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/08 18:35:05.0152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/11/08 18:35:05.0308 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/08 18:35:05.0464 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/11/08 18:35:05.0605 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/11/08 18:35:05.0745 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/08 18:35:05.0886 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/08 18:35:06.0042 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/11/08 18:35:06.0213 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/08 18:35:06.0385 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/08 18:35:06.0541 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2010/11/08 18:35:06.0712 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/08 18:35:06.0884 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/08 18:35:06.0931 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/08 18:35:07.0134 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/11/08 18:35:07.0274 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/08 18:35:07.0508 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/08 18:35:07.0633 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/11/08 18:35:07.0867 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/08 18:35:08.0054 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/08 18:35:08.0226 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/11/08 18:35:08.0413 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/08 18:35:08.0522 ================================================================================

2010/11/08 18:35:08.0538 Scan finished

2010/11/08 18:35:08.0538 ================================================================================

2010/11/08 18:35:52.0842 Deinitialize success

Link to post
Share on other sites

That looks good.

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Not sure what to do now. Another bizarre occurence since last post. I removed (deleted) the avira.zip file that was on my desktop since I did not use it for install, and I did not need it there. When I deleted that file, all of the tools I had downloaded disappeared, the pc became "this copy of windows is not genuine" and would not reboot. Forced to restore to point prior to our original logs. What now???

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.