Jump to content

Some Threats Detected


dew

Recommended Posts

Malwarebytes & Superantispyware is detecting infected files in my system scan. I suspect if it is infected with malware. Please help me cleaning it fully from all threats. Thank you

My logs are attached below:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:46:57, on 18-12-2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\Rushiraj\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Users\Rushiraj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "D:\Softwares\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rushiraj\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Softwares\SUPERAntiSpyware.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

--

End of file - 6104 bytes

Malwarebytes:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5343

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

17-12-2010 22:32:59

mbam-log-2010-12-17 (22-32-59).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 200825

Time elapsed: 37 minute(s), 1 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 1884 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

SuperAntiSpyware:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/18/2010 at 09:32 AM

Application Version : 4.47.1000

Core Rules Database Version : 6029

Trace Rules Database Version: 3841

Scan type : Complete Scan

Total Scan Time : 00:22:11

Memory items scanned : 571

Memory threats detected : 0

Registry items scanned : 9063

Registry threats detected : 0

File items scanned : 21274

File threats detected : 9

Adware.Tracking Cookie

.imrworldwide.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.dmtracker.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.findcollegecards.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.findcollegecards.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.findcollegecards.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

statse.webtrendslive.com [ C:\Users\Rushiraj\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

DDS Logs:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rushiraj at 9:41:40.31 on 18-12-2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.954.333 [GMT 5.5:30]

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\Rushiraj\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

D:\Softwares\SUPERAntiSpyware.exe

C:\Windows\system32\taskhost.exe

C:\Users\Rushiraj\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

uRun: [Google Update] "c:\users\rushiraj\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [sUPERAntiSpyware] d:\softwares\SUPERAntiSpyware.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "d:\softwares\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rushiraj\appdata\roaming\mozilla\firefox\profiles\kpl4scau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/

FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\rushiraj\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]

R1 SASDIFSV;SASDIFSV;d:\softwares\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;d:\softwares\SASKUTIL.SYS [2010-5-11 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-11 68208]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-12-5 8192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-12-18 03:28:17 -------- d-----w- c:\users\rushiraj\appdata\roaming\SUPERAntiSpyware.com

2010-12-18 03:28:17 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2010-12-17 16:09:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-17 16:09:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-17 11:33:57 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-12-17 11:33:55 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-17 11:33:52 516096 ----a-w- c:\program files\windows mail\wab.exe

2010-12-17 11:33:42 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-17 11:23:34 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a6171d7e-7654-4bcf-84f4-2ef6a4985ec9}\mpengine.dll

2010-12-05 08:04:43 8192 ----a-w- c:\windows\system32\srvany.exe

2010-12-04 04:47:22 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2010-12-03 15:44:57 -------- d-----w- c:\users\rushiraj\appdata\roaming\Malwarebytes

2010-12-03 15:44:10 -------- d-----w- c:\progra~2\Malwarebytes

2010-12-02 06:02:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-02 06:02:35 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-11-27 12:41:40 -------- d-----w- c:\users\rushiraj\appdata\roaming\IObit

2010-11-26 06:18:47 -------- d-----w- c:\windows\system32\x64

2010-11-26 06:15:17 64672 ----a-w- c:\windows\system32\athihvui.dll

2010-11-26 06:15:17 400544 ----a-w- c:\windows\system32\athihvs.dll

2010-11-26 06:15:17 2101760 ----a-w- c:\windows\system32\drivers\athr.sys

2010-11-26 06:15:17 -------- d-----w- c:\windows\system32\nn-NO

2010-11-26 06:11:55 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2010-11-26 06:11:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2010-11-26 06:11:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2010-11-26 06:11:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2010-11-26 06:11:55 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2010-11-26 06:11:52 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2010-11-26 06:11:36 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2010-11-25 07:04:08 -------- d-----w- c:\users\rushiraj\appdata\local\eSupport.com

2010-11-24 16:20:38 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2010-11-24 08:10:09 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-19 05:11:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

2010-10-15 17:06:20 8198680 ----a-w- c:\windows\system32\TVWSetup.exe

2010-10-15 17:06:18 137752 ----a-w- c:\windows\system32\igfxtray.exe

2010-10-15 17:06:16 267800 ----a-w- c:\windows\system32\igfxsrvc.exe

2010-10-15 17:06:16 170520 ----a-w- c:\windows\system32\igfxpers.exe

2010-10-15 17:06:14 179224 ----a-w- c:\windows\system32\igfxext.exe

2010-10-15 17:06:12 171032 ----a-w- c:\windows\system32\hkcmd.exe

2010-10-15 17:06:10 3156504 ----a-w- c:\windows\system32\GfxUI.exe

2010-10-15 17:01:30 81920 ----a-w- c:\windows\system32\igfxCoIn_v2226.dll

2010-10-15 16:54:58 4966400 ----a-w- c:\windows\system32\igdumd32.dll

2010-10-15 16:53:26 982240 ----a-w- c:\windows\system32\igkrng500.bin

2010-10-15 16:53:26 92356 ----a-w- c:\windows\system32\igfcg500m.bin

2010-10-15 16:53:26 439308 ----a-w- c:\windows\system32\igcompkrng500.bin

2010-10-15 16:52:50 571904 ----a-w- c:\windows\system32\igdumdx32.dll

2010-10-15 16:49:10 4410880 ----a-w- c:\windows\system32\igd10umd32.dll

2010-10-15 16:36:18 11039232 ----a-w- c:\windows\system32\ig4icd32.dll

2010-10-15 16:27:26 195584 ----a-w- c:\windows\system32\igfxpph.dll

2010-10-15 16:27:26 115200 ----a-w- c:\windows\system32\igfxcpl.cpl

2010-10-15 16:27:16 261632 ----a-w- c:\windows\system32\igfxTMM.dll

2010-10-15 16:27:12 23552 ----a-w- c:\windows\system32\igfxexps.dll

2010-10-15 16:27:00 57344 ----a-w- c:\windows\system32\igfxsrvc.dll

2010-10-15 16:26:42 130048 ----a-w- c:\windows\system32\igfxdo.dll

2010-10-15 16:26:36 94720 ----a-w- c:\windows\system32\hccutils.dll

2010-10-15 16:26:30 120320 ----a-w- c:\windows\system32\gfxSrvc.dll

2010-10-15 16:26:28 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2010-10-15 16:26:28 228864 ----a-w- c:\windows\system32\igfxdev.dll

2010-10-15 16:26:06 85504 ----a-w- c:\windows\system32\igfxrenu.lrc

2010-10-15 16:26:06 828928 ----a-w- c:\windows\system32\igfxress.dll

2010-10-05 14:27:22 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl

2010-10-05 14:27:10 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll

2010-10-05 14:26:58 66152 ----a-w- c:\windows\system32\RtkCoInst.dll

2010-10-05 14:26:58 453224 ----a-w- c:\windows\system32\RtkApoApi.dll

2010-10-05 14:26:48 3610216 ----a-w- c:\windows\system32\RtkAPO.dll

2010-10-05 14:26:36 477288 ----a-w- c:\windows\system32\RCoRes.dat

2010-09-29 07:41:02 1251944 ----a-w- c:\windows\RtlExUpd.dll

2010-09-27 04:04:58 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll

============= FINISH: 9:43:06.74 ===============

DDS second log attached:

Thank you for your help.

Attach.txt

Link to post
Share on other sites

:rolleyes:

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Hi LDTate, thank you for replying. Sorry for attaching log. My system is working fine. I use firefox & google chrome both browsers. I have disabled cookies in Google chrome to get rid of adwares now onwards. I use 'Adblock plus' in firefox. Is there any such extension in Chrome which can protect from adware cookies and spywares?

Here is my TDS log:

2010/12/19 19:34:00.0059 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/19 19:34:00.0059 ================================================================================

2010/12/19 19:34:00.0059 SystemInfo:

2010/12/19 19:34:00.0059

2010/12/19 19:34:00.0059 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/19 19:34:00.0059 Product type: Workstation

2010/12/19 19:34:00.0075 ComputerName: RUSHIRAJ-PC

2010/12/19 19:34:00.0075 UserName: Rushiraj

2010/12/19 19:34:00.0075 Windows directory: C:\Windows

2010/12/19 19:34:00.0075 System windows directory: C:\Windows

2010/12/19 19:34:00.0075 Processor architecture: Intel x86

2010/12/19 19:34:00.0075 Number of processors: 1

2010/12/19 19:34:00.0075 Page size: 0x1000

2010/12/19 19:34:00.0075 Boot type: Normal boot

2010/12/19 19:34:00.0075 ================================================================================

2010/12/19 19:34:01.0417 Initialize success

2010/12/19 19:34:11.0089 ================================================================================

2010/12/19 19:34:11.0089 Scan started

2010/12/19 19:34:11.0089 Mode: Manual;

2010/12/19 19:34:11.0089 ================================================================================

2010/12/19 19:34:13.0132 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/19 19:34:13.0273 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/19 19:34:13.0429 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/19 19:34:13.0585 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/19 19:34:13.0725 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/19 19:34:13.0865 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/19 19:34:14.0053 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/12/19 19:34:14.0349 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/19 19:34:14.0411 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/19 19:34:14.0552 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/19 19:34:14.0599 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/12/19 19:34:14.0708 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/19 19:34:14.0786 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/19 19:34:14.0864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/19 19:34:14.0942 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/19 19:34:15.0098 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/19 19:34:15.0176 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/19 19:34:15.0285 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/19 19:34:15.0457 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/19 19:34:15.0503 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/19 19:34:15.0644 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/19 19:34:15.0675 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/19 19:34:15.0847 athr (c910b8ebe20289565a55d9b8904e1563) C:\Windows\system32\DRIVERS\athr.sys

2010/12/19 19:34:16.0049 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/19 19:34:16.0112 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/19 19:34:16.0268 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/19 19:34:16.0424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/19 19:34:16.0471 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/19 19:34:16.0502 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/19 19:34:16.0627 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/19 19:34:16.0673 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/19 19:34:16.0783 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/19 19:34:16.0892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/19 19:34:16.0939 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/19 19:34:17.0063 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/19 19:34:17.0219 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/19 19:34:17.0407 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/19 19:34:17.0547 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/19 19:34:17.0656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/19 19:34:17.0843 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/19 19:34:17.0890 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/19 19:34:18.0015 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/19 19:34:18.0077 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/19 19:34:18.0202 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/19 19:34:18.0343 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/19 19:34:18.0499 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2010/12/19 19:34:18.0686 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/12/19 19:34:18.0826 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/19 19:34:18.0982 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/19 19:34:19.0107 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2010/12/19 19:34:19.0247 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2010/12/19 19:34:19.0372 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/19 19:34:19.0450 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/19 19:34:19.0669 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/19 19:34:19.0934 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/19 19:34:20.0059 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/19 19:34:20.0168 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/19 19:34:20.0293 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/19 19:34:20.0433 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/19 19:34:20.0495 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/19 19:34:20.0620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/19 19:34:20.0651 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/19 19:34:20.0792 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/19 19:34:20.0917 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/19 19:34:20.0963 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/19 19:34:21.0104 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/19 19:34:21.0244 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/19 19:34:21.0400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/19 19:34:21.0478 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2010/12/19 19:34:21.0619 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/19 19:34:21.0650 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/19 19:34:21.0775 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/19 19:34:21.0931 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/19 19:34:22.0102 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/19 19:34:22.0180 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/19 19:34:22.0243 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/12/19 19:34:22.0399 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/19 19:34:22.0555 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/19 19:34:22.0711 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/19 19:34:23.0007 igfx (88740882a8fa53fce0532f1cf33548ab) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/19 19:34:23.0319 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/19 19:34:23.0506 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/19 19:34:23.0553 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/19 19:34:23.0678 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/19 19:34:23.0818 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/19 19:34:23.0849 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/19 19:34:23.0912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/19 19:34:24.0021 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/19 19:34:24.0068 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/19 19:34:24.0208 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/19 19:34:24.0271 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/19 19:34:24.0395 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys

2010/12/19 19:34:24.0473 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys

2010/12/19 19:34:24.0598 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys

2010/12/19 19:34:24.0676 KLIF (2b7064ff5681b8dde96b98709bb78884) C:\Windows\system32\DRIVERS\klif.sys

2010/12/19 19:34:24.0801 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys

2010/12/19 19:34:24.0863 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

2010/12/19 19:34:25.0035 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/19 19:34:25.0097 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/19 19:34:25.0238 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys

2010/12/19 19:34:25.0409 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/19 19:34:25.0519 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/19 19:34:25.0581 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/19 19:34:25.0659 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/19 19:34:25.0753 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/19 19:34:25.0831 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/19 19:34:25.0924 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/19 19:34:26.0018 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/19 19:34:26.0111 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/19 19:34:26.0205 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/19 19:34:26.0299 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/19 19:34:26.0439 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/19 19:34:26.0470 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/12/19 19:34:26.0595 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/19 19:34:26.0657 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/19 19:34:26.0782 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/19 19:34:26.0845 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/19 19:34:26.0938 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/19 19:34:27.0063 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/19 19:34:27.0125 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/19 19:34:27.0250 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/19 19:34:27.0391 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/19 19:34:27.0437 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/19 19:34:27.0562 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/19 19:34:27.0718 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/19 19:34:27.0781 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/19 19:34:27.0890 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/19 19:34:27.0937 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/19 19:34:28.0155 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/19 19:34:28.0264 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/19 19:34:28.0311 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/19 19:34:28.0389 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/19 19:34:28.0483 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/19 19:34:28.0607 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/12/19 19:34:28.0732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/19 19:34:28.0795 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/19 19:34:28.0904 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/19 19:34:28.0951 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/19 19:34:29.0091 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/12/19 19:34:29.0153 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/19 19:34:29.0231 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/19 19:34:29.0403 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/19 19:34:29.0543 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/19 19:34:29.0590 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/19 19:34:29.0653 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/12/19 19:34:29.0793 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/19 19:34:29.0824 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/19 19:34:29.0933 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/19 19:34:30.0011 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/19 19:34:30.0121 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/19 19:34:30.0292 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/19 19:34:30.0339 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/19 19:34:30.0448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/19 19:34:30.0511 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/12/19 19:34:30.0635 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/19 19:34:30.0698 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/19 19:34:30.0807 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/19 19:34:30.0885 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/19 19:34:31.0103 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/19 19:34:31.0150 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/19 19:34:31.0306 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/19 19:34:31.0400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/19 19:34:31.0525 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/19 19:34:31.0603 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/19 19:34:31.0696 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/19 19:34:31.0774 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/19 19:34:31.0883 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/19 19:34:32.0024 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/19 19:34:32.0086 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/19 19:34:32.0195 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/19 19:34:32.0367 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/19 19:34:32.0429 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/19 19:34:32.0539 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2010/12/19 19:34:32.0679 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/19 19:34:32.0710 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/19 19:34:32.0757 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/12/19 19:34:32.0913 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/12/19 19:34:33.0022 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/19 19:34:33.0100 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/12/19 19:34:33.0209 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/19 19:34:33.0287 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/19 19:34:33.0412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/19 19:34:33.0537 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/19 19:34:33.0599 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/19 19:34:33.0693 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/19 19:34:33.0802 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/19 19:34:33.0880 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/19 19:34:33.0958 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/19 19:34:34.0067 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/19 19:34:34.0145 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/12/19 19:34:34.0270 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/19 19:34:34.0333 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/19 19:34:34.0442 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/19 19:34:34.0598 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/19 19:34:34.0676 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/19 19:34:34.0801 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/19 19:34:34.0847 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/19 19:34:34.0988 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/19 19:34:35.0128 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/12/19 19:34:35.0159 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2010/12/19 19:34:35.0300 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/19 19:34:35.0440 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys

2010/12/19 19:34:35.0596 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/12/19 19:34:35.0768 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/19 19:34:35.0908 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/19 19:34:35.0955 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/12/19 19:34:36.0080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/19 19:34:36.0142 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/19 19:34:36.0251 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/19 19:34:36.0439 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/19 19:34:36.0517 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/19 19:34:36.0595 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/19 19:34:36.0657 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/19 19:34:36.0766 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/19 19:34:36.0844 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/19 19:34:36.0922 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/19 19:34:37.0000 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/19 19:34:37.0094 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/19 19:34:37.0172 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/19 19:34:37.0265 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/19 19:34:37.0406 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/19 19:34:37.0437 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/19 19:34:37.0562 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/19 19:34:37.0609 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/19 19:34:37.0765 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/19 19:34:37.0905 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/19 19:34:38.0139 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/19 19:34:38.0248 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/19 19:34:38.0311 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/12/19 19:34:38.0420 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/19 19:34:38.0482 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/19 19:34:38.0591 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2010/12/19 19:34:38.0638 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/12/19 19:34:38.0763 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/19 19:34:38.0794 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/19 19:34:38.0919 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/19 19:34:38.0997 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/19 19:34:39.0122 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/12/19 19:34:39.0169 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/12/19 19:34:39.0293 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/19 19:34:39.0356 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/19 19:34:39.0403 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/19 19:34:39.0527 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/19 19:34:39.0590 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/19 19:34:39.0777 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/19 19:34:39.0839 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/19 19:34:40.0058 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/12/19 19:34:40.0136 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/19 19:34:40.0307 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/19 19:34:40.0401 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/12/19 19:34:40.0526 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/19 19:34:40.0666 ================================================================================

2010/12/19 19:34:40.0666 Scan finished

2010/12/19 19:34:40.0666 ================================================================================

Link to post
Share on other sites

You can just delete them. DDS, TDSSKiller and GooredFix

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :rolleyes:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.