Jump to content

Infected computer. (Logs attached)


Recommended Posts

I've got a computer with a bunch of virus activity on it. Web browsers on this computer often get redirected to malware sites, so I'm posting these logs from another computer after copying them over on a USB thumb drive. (The computer I'm posting them from is a Mac, so I'm not too concerned about Windows-based viruses migrating to it via the thumb drive.

I've run MBAM, DDS, and GMER. The latest MBAM and DDS logs are posted inline, and the DDS "Attach" file and the GMER results are attached in a zip.

Thanks for your help.

------------------------------------------------

Malwarebytes' Anti-Malware 1.41

Database version: 2955

Windows 5.1.2600 Service Pack 3

12/14/2010 11:21:21 PM

mbam-log-2010-12-14 (23-21-16).txt

Scan type: Quick Scan

Objects scanned: 142028

Time elapsed: 23 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerWINID (Malware.Trace) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:WINDOWSherjek.config (Malware.Trace) -> No action taken.

------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86

Run by Tiffany Bohne at 23:46:15.98 on Tue 12/14/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.144 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesIntelWirelessBinEvtEng.exe

C:Program FilesIntelWirelessBinS24EvMon.exe

svchost.exe

svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

C:WINDOWSsystem32spoolsv.exe

svchost.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesSymantec AntiVirusDefWatch.exe

C:WINDOWSsystem32DVDRAMSV.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:Program FilesFlip VideoFlipShareFlipShareService.exe

C:Program FilesJavajre6binjqs.exe

C:Program FilesMicrosoft LifeCamMSCamS32.exe

C:Program FilesIntelWirelessBinRegSrvc.exe

C:Program FilesSymantec AntiVirusSavRoam.exe

svchost.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

c:TOSHIBAIVPswupdateswupdtmr.exe

C:Program FilesSymantec AntiVirusRtvscan.exe

C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe

C:WINDOWSsystem32dllhost.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:WINDOWSsystem32wscntfy.exe

C:Program FilesiTunesiTunes.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe

C:Program FilesCommon FilesAppleApple Application Supportdistnoted.exe

C:Program FilesMalwarebytes' Anti-Malwarembam.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32NOTEPAD.EXE

E:dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:windowssystem32userinit.exe

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll

BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:program fileswhitesmoketoolbarwhitesmoketoolbarX.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlaDLASHX_W.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar3.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier3.1.807.1746swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar3.dll

TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:program fileswhitesmoketoolbarwhitesmoketoolbarX.dll

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime

mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:windowssystem32NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1tiffan~1applic~1mozillafirefoxprofilese4ip0wqd.default

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.gmail.com

FF - prefs.js: keyword.URL - hxxp://search.fresh-search.net/?sid=10101069100&s=

FF - prefs.js: network.proxy.type - 0

FF - component: c:program filesmozilla firefoxextensions{ab2ce124-6272-4b12-94a9-7303c7397bd1}componentsSkypeFfComponent.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamove networkspluginsnpqmp071503000010.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamove networkspluginsnpqmp071504000001.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamove networkspluginsnpqmp071701000002.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamove networkspluginsnpqmp071705000014.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamozillapluginsnpgoogletalk.dll

FF - plugin: c:documents and settingstiffany bohneapplication datamozillapluginsnpgtpo3dautoplugin.dll

FF - plugin: c:documents and settingstiffany bohnelocal settingsapplication datagoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:program filesgooglepicasa3npPicasa3.dll

FF - plugin: c:program filesgoogleupdate1.2.183.29npGoogleOneClick8.dll

FF - plugin: c:program filesgoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll

FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesmozilla firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:program filesmozilla firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%extensions{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationDotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:program filesjavajre6libdeployjqsff

FF - Ext: XULRunner: {727B7CF8-998C-432B-B034-D04DE1B53775} - c:documents and settingstiffany bohnelocal settingsapplication data{727B7CF8-998C-432B-B034-D04DE1B53775}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:documents and settingstiffany bohneapplication dataMove Networks

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: browser.search.order.1 - Search

FF - user.js: keyword.URL - hxxp://search.fresh-search.net/?sid=10101069100&s=

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:program filessymantec antivirussavrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:program filessymantec antivirusSavrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccEvtMgr.exe [2006-11-21 192104]

R2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSetMgr.exe [2006-11-21 169576]

R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]

R2 SavRoam;SAVRoam;c:program filessymantec antivirusSavRoam.exe [2006-12-20 116928]

R2 Symantec AntiVirus;Symantec AntiVirus;c:program filessymantec antivirusRtvscan.exe [2006-12-20 1814720]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-5-28 102448]

R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2009-4-29 38224]

R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120101214.001naveng.sys [2010-12-14 86136]

R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120101214.001navex15.sys [2010-12-14 1360248]

S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-11-15 136176]

S3 IO_Memory;IO_Memory;??c:sysprepdriversioport.sys --> c:sysprepdriversioport.sys [?]

S3 SVRPEDRV;SVRPEDRV;??c:syspreppedrv.sys --> c:sysprepPEDrv.sys [?]

S3 Symantec Core LC;Symantec Core LC;c:program filescommon filessymantec sharedccpd-lcsymlcsvc.exe [2007-2-5 1252232]

S3 VX6000;Microsoft LifeCam VX-6000;c:windowssystem32driversVX6000Xp.sys [2010-3-21 2385896]

=============== Created Last 30 ================

2010-12-15 05:51:11 -------- d-----w- C:cmdcons

2010-12-15 05:46:35 98816 ----a-w- c:windowssed.exe

2010-12-15 05:46:35 89088 ----a-w- c:windowsMBR.exe

2010-12-15 05:46:35 256512 ----a-w- c:windowsPEV.exe

2010-12-15 05:46:35 161792 ----a-w- c:windowsSWREG.exe

2010-12-15 05:46:06 -------- d-s---w- C:ComboFix

2010-12-02 03:35:18 4280320 ----a-w- c:windowssystem32GPhotos.scr

2010-11-19 02:40:45 -------- d-----w- c:program filesETS

2010-11-17 00:21:36 0 ----a-w- c:windowssystem32lsp2A.tmp

2010-11-16 00:35:29 -------- d-----w- c:docume~1tiffan~1applic~1whitesmoketoolbar

2010-11-16 00:28:48 -------- d-----w- c:program fileswhitesmoketoolbar

2010-11-16 00:28:20 -------- d-----w- c:windowssystem32%APPDATA%

==================== Find3M ====================

2010-12-15 03:14:38 0 ----a-w- c:windowsJpolageya.bin

2010-09-18 18:23:26 974848 ----a-w- c:windowssystem32mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:windowssystem32mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:windowssystem32mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:windowssystem32mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC60R -> Harddisk0DR0 -> DeviceIdeIdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EC1446]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ec7504]; MOV EAX, [0x86ec7580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> DeviceHarddisk0DR0[0x86F699C0]

3 CLASSPNP[0xF759EFD7] -> nt!IofCallDriver[0x804E13B9] -> Device\00000089[0x86F6C3B8]

5 ACPI[0xF74F5620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F3D940]

Driveratapi[0x86FDD6E8] -> IRP_MJ_CREATE -> 0x86EC1446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

DeviceIdeIdeDeviceP0T0L0-3 -> ??IDE#DiskHTS541080G9SA00_________________________MB4OC60R#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

Driveratapi DriverStartIo -> 0x86EC1292

user != kernel MBR !!!

sectors 156301486 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 23:48:19.14 ===============

Let's try attaching those again...

ark.zip

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thank you; there's a noticeable improvement.

please post the contents of that log TDSSKiller log.

Here it is.

2010/12/15 18:31:02.0671 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/15 18:31:02.0671 ================================================================================

2010/12/15 18:31:02.0671 SystemInfo:

2010/12/15 18:31:02.0671

2010/12/15 18:31:02.0671 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/15 18:31:02.0671 Product type: Workstation

2010/12/15 18:31:02.0671 ComputerName: TIFFANY

2010/12/15 18:31:02.0671 UserName: Tiffany Bohne

2010/12/15 18:31:02.0671 Windows directory: C:\WINDOWS

2010/12/15 18:31:02.0671 System windows directory: C:\WINDOWS

2010/12/15 18:31:02.0671 Processor architecture: Intel x86

2010/12/15 18:31:02.0671 Number of processors: 2

2010/12/15 18:31:02.0671 Page size: 0x1000

2010/12/15 18:31:02.0671 Boot type: Normal boot

2010/12/15 18:31:02.0671 ================================================================================

2010/12/15 18:31:03.0031 Initialize success

2010/12/15 18:31:05.0093 ================================================================================

2010/12/15 18:31:05.0093 Scan started

2010/12/15 18:31:05.0093 Mode: Manual;

2010/12/15 18:31:05.0093 ================================================================================

2010/12/15 18:31:06.0750 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/15 18:31:06.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/15 18:31:06.0828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/15 18:31:06.0906 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/12/15 18:31:06.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/15 18:31:07.0046 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/12/15 18:31:07.0171 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/12/15 18:31:07.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/15 18:31:07.0609 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/12/15 18:31:07.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/15 18:31:07.0750 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/15 18:31:07.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/15 18:31:08.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/15 18:31:08.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/15 18:31:08.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/15 18:31:08.0234 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/15 18:31:08.0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/15 18:31:08.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/15 18:31:08.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/15 18:31:08.0453 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/15 18:31:08.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/15 18:31:08.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/15 18:31:08.0843 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2010/12/15 18:31:08.0875 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/12/15 18:31:08.0906 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2010/12/15 18:31:08.0937 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2010/12/15 18:31:08.0968 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2010/12/15 18:31:09.0015 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2010/12/15 18:31:09.0031 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2010/12/15 18:31:09.0078 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2010/12/15 18:31:09.0109 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2010/12/15 18:31:09.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/15 18:31:09.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/15 18:31:09.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/15 18:31:09.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/15 18:31:09.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/15 18:31:09.0640 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/12/15 18:31:09.0687 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/12/15 18:31:09.0796 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/12/15 18:31:09.0843 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2010/12/15 18:31:10.0046 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/15 18:31:10.0109 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/15 18:31:10.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/15 18:31:10.0390 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/15 18:31:10.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/15 18:31:10.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/15 18:31:10.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/15 18:31:10.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/15 18:31:10.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/15 18:31:10.0718 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/12/15 18:31:10.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/15 18:31:10.0843 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/15 18:31:10.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/15 18:31:10.0953 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/15 18:31:11.0000 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/15 18:31:11.0046 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/15 18:31:11.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/15 18:31:11.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/15 18:31:11.0453 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/12/15 18:31:11.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/15 18:31:11.0953 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/15 18:31:12.0187 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/15 18:31:12.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/15 18:31:12.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/15 18:31:12.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/15 18:31:12.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/15 18:31:12.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/15 18:31:12.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/15 18:31:12.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/15 18:31:12.0593 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2010/12/15 18:31:12.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/15 18:31:12.0687 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/15 18:31:12.0718 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

2010/12/15 18:31:12.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/15 18:31:13.0046 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2010/12/15 18:31:13.0109 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2010/12/15 18:31:13.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/15 18:31:13.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/15 18:31:13.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/15 18:31:13.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/15 18:31:13.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/15 18:31:13.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/15 18:31:13.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/15 18:31:13.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/15 18:31:13.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/15 18:31:13.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/15 18:31:13.0656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/15 18:31:13.0718 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/15 18:31:13.0937 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/15 18:31:13.0968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/15 18:31:14.0015 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/15 18:31:14.0203 NAVENG (01543b4f5b6fdac6761910ce44aff3f8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101214.001\naveng.sys

2010/12/15 18:31:14.0328 NAVEX15 (38814ee261cfc76ded4b5647fc082826) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101214.001\navex15.sys

2010/12/15 18:31:14.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/15 18:31:14.0609 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/15 18:31:14.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/15 18:31:14.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/15 18:31:14.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/15 18:31:14.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/15 18:31:14.0812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/15 18:31:14.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/15 18:31:14.0953 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/15 18:31:15.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/15 18:31:15.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/15 18:31:15.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/15 18:31:15.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/15 18:31:15.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/15 18:31:15.0453 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/15 18:31:15.0500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/12/15 18:31:15.0546 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/15 18:31:15.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/15 18:31:15.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/15 18:31:15.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/15 18:31:15.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/15 18:31:15.0921 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/12/15 18:31:15.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/15 18:31:16.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/15 18:31:16.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/15 18:31:16.0140 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/15 18:31:16.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/15 18:31:16.0312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/15 18:31:16.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/15 18:31:16.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/15 18:31:16.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/15 18:31:16.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/15 18:31:17.0031 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/15 18:31:17.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/15 18:31:17.0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/15 18:31:17.0265 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/12/15 18:31:17.0484 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/12/15 18:31:17.0531 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/12/15 18:31:17.0750 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/12/15 18:31:17.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/15 18:31:17.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/15 18:31:17.0968 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/12/15 18:31:18.0015 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/12/15 18:31:18.0062 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/12/15 18:31:18.0125 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/15 18:31:18.0218 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/12/15 18:31:18.0468 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/12/15 18:31:18.0687 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/15 18:31:18.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/15 18:31:18.0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/15 18:31:18.0890 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/15 18:31:18.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/15 18:31:18.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/15 18:31:19.0125 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/15 18:31:19.0187 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/12/15 18:31:19.0265 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/12/15 18:31:19.0500 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/15 18:31:19.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/15 18:31:19.0625 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2010/12/15 18:31:19.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/15 18:31:19.0750 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2010/12/15 18:31:19.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/15 18:31:19.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/15 18:31:19.0906 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/15 18:31:19.0968 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

2010/12/15 18:31:20.0046 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2010/12/15 18:31:20.0093 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2010/12/15 18:31:20.0125 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2010/12/15 18:31:20.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/15 18:31:20.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/15 18:31:20.0515 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/15 18:31:20.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/15 18:31:20.0625 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/15 18:31:20.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/15 18:31:20.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/15 18:31:20.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/15 18:31:20.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/15 18:31:20.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/15 18:31:20.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/15 18:31:20.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/15 18:31:20.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/15 18:31:21.0171 VX6000 (3c296e30c519e2f71e47820d8f4dd1e7) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

2010/12/15 18:31:21.0500 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2010/12/15 18:31:21.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/15 18:31:21.0640 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/12/15 18:31:21.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/15 18:31:21.0828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/15 18:31:21.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/15 18:31:21.0953 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/15 18:31:22.0031 ================================================================================

2010/12/15 18:31:22.0031 Scan finished

2010/12/15 18:31:22.0031 ================================================================================

2010/12/15 18:31:22.0062 Detected object count: 1

2010/12/15 18:31:34.0578 \HardDisk0 - will be cured after reboot

2010/12/15 18:31:34.0578 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/15 18:31:40.0500 Deinitialize success

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.