Jump to content

Sounds Bites and Hijacked google


firlos
 Share

Recommended Posts

I got the windisk virus or what have you the other day and i was able to get rid of that but i still have my google search results being hijacked and internet explorer is always running with two copies and i get random sound clips and ads playing on my computer please help me, here are the logs you asked for.

DDS lOG

DDS (Ver_10-12-12.02) - NTFSx86

Run by Rick at 15:35:27.20 on Sun 02/06/2011

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23

Microsoft

Link to post
Share on other sites

here is avira log

Avira AntiVir Personal

Report file date: Sunday, February 06, 2011 13:53

Scanning for 2457918 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : Rick

Computer name : KNOBLESS

Version information:

BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 22:23:31

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 22:23:40

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:23:50

VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 22:23:50

VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 22:23:50

VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 22:23:50

VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 22:23:50

VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 22:23:50

VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 22:23:50

VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 22:23:50

VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 22:23:50

VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 22:23:50

VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 22:23:50

VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 22:23:50

VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 23:54:35

VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 01:12:47

VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 03:09:26

VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 17:41:13

VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 22:39:57

VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 00:23:58

VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 01:45:39

VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 17:30:06

VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 21:12:43

VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 22:47:36

VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 21:37:03

VBASE024.VDF : 7.11.1.155 132096 Bytes 1/17/2011 21:37:05

VBASE025.VDF : 7.11.1.189 451072 Bytes 1/20/2011 21:37:13

VBASE026.VDF : 7.11.1.230 138752 Bytes 1/24/2011 21:37:15

VBASE027.VDF : 7.11.2.12 164352 Bytes 1/27/2011 21:37:15

VBASE028.VDF : 7.11.2.43 178176 Bytes 2/1/2011 21:37:16

VBASE029.VDF : 7.11.2.78 206336 Bytes 2/4/2011 21:37:17

VBASE030.VDF : 7.11.2.79 2048 Bytes 2/4/2011 21:37:17

VBASE031.VDF : 7.11.2.83 18944 Bytes 2/6/2011 21:37:17

Engineversion : 8.2.4.162

AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 22:23:26

AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/6/2011 21:37:41

AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 22:23:26

AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 22:23:26

AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 22:23:25

AEPACK.DLL : 8.2.4.9 512374 Bytes 2/6/2011 21:37:39

AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/6/2011 21:37:35

AEHEUR.DLL : 8.1.2.73 3207541 Bytes 2/6/2011 21:37:33

AEHELP.DLL : 8.1.16.1 246134 Bytes 2/6/2011 21:37:21

AEGEN.DLL : 8.1.5.2 397683 Bytes 2/6/2011 21:37:20

AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 22:23:18

AECORE.DLL : 8.1.19.2 196983 Bytes 2/6/2011 21:37:18

AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 22:23:18

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 22:23:32

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 22:23:30

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 22:23:31

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 22:23:31

AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 22:23:27

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 22:23:28

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 22:23:31

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 22:23:52

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, February 06, 2011 13:53

Starting search for hidden objects.

HKEY_USERS\S-1-5-21-2539157648-3851442491-571201555-1000\Software\Microsoft\Internet Explorer\Recovery\Active\{1c4af410-323d-11e0-9c87-001c238e6203}

[NOTE] The registry entry is invisible.

c:\windows\explorer.exe

c:\windows\explorer.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'iexplore.exe' - '103' Module(s) have been scanned

Scan process 'iexplore.exe' - '75' Module(s) have been scanned

Scan process 'SearchFilterHost.exe' - '32' Module(s) have been scanned

Scan process 'SearchProtocolHost.exe' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'vssvc.exe' - '49' Module(s) have been scanned

Scan process 'avscan.exe' - '71' Module(s) have been scanned

Scan process 'avcenter.exe' - '96' Module(s) have been scanned

Scan process 'explorer.exe' - '150' Module(s) have been scanned

Scan process 'Taskmgr.exe' - '35' Module(s) have been scanned

Scan process 'avgnt.exe' - '62' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'avshadow.exe' - '33' Module(s) have been scanned

Scan process 'avguard.exe' - '65' Module(s) have been scanned

Scan process 'CLI.exe' - '97' Module(s) have been scanned

Scan process 'iPodService.exe' - '30' Module(s) have been scanned

Scan process 'firefox.exe' - '113' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '64' Module(s) have been scanned

Scan process 'CLI.EXE' - '133' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '29' Module(s) have been scanned

Scan process 'DLG.exe' - '22' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned

Scan process 'jusched.exe' - '22' Module(s) have been scanned

Scan process 'HpqSRmon.exe' - '28' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '16' Module(s) have been scanned

Scan process 'sttray.exe' - '37' Module(s) have been scanned

Scan process 'PDVDDXSrv.exe' - '41' Module(s) have been scanned

Scan process 'WLTRAY.EXE' - '42' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned

Scan process 'MSASCui.exe' - '39' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '26' Module(s) have been scanned

Scan process 'Dwm.exe' - '32' Module(s) have been scanned

Scan process 'taskeng.exe' - '80' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'taskeng.exe' - '49' Module(s) have been scanned

Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned

Scan process 'xaudio.exe' - '14' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned

Scan process 'svchost.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'RoxWatch9.exe' - '58' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'java.exe' - '58' Module(s) have been scanned

Scan process 'svchost.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '24' Module(s) have been scanned

Scan process 'LinksysUpdater.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '57' Module(s) have been scanned

Scan process 'spoolsv.exe' - '83' Module(s) have been scanned

Scan process 'bcmwltry.exe' - '66' Module(s) have been scanned

Scan process 'WLTRYSVC.EXE' - '15' Module(s) have been scanned

Scan process 'svchost.exe' - '94' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned

Scan process 'svchost.exe' - '82' Module(s) have been scanned

Scan process 'SLsvc.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '147' Module(s) have been scanned

Scan process 'svchost.exe' - '114' Module(s) have been scanned

Scan process 'svchost.exe' - '64' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '50' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '72' Module(s) have been scanned

Scan process 'lsm.exe' - '22' Module(s) have been scanned

Scan process 'winlogon.exe' - '30' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '35' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1788' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OMVOHRKF\f_7[1].js

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14de97d8-416e87b6

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

--> prev/monoid.class

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6874292c-128388fe

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

--> prev/monoid.class

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

Begin scan in 'D:\' <Stuff>

Beginning disinfection:

C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6874292c-128388fe

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

[NOTE] The file was moved to the quarantine directory under the name '48008b4f.qua'.

C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14de97d8-416e87b6

[DETECTION] Contains recognition pattern of the JAVA/Applet.K Java virus

[NOTE] The file was moved to the quarantine directory under the name '50a2a4ed.qua'.

C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OMVOHRKF\f_7[1].js

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '02c8e1e8.qua'.

End of the scan: Sunday, February 06, 2011 15:33

Used time: 1:38:46 Hour(s)

The scan has been done completely.

24984 Scanned directories

439553 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

3 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

439550 Files not concerned

6049 Archives were scanned

0 Warnings

3 Notes

371177 Objects were scanned with rootkit scan

2 Hidden objects were found

Link to post
Share on other sites

Hello firlos! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Your database version of MBAM is 5671, but the current is 5701 , so please:

[*]Launch Malwarebytes' Anti-Malware

[*]Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already

Link to post
Share on other sites

still infected here is log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5703

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

2/7/2011 10:36:17 AM

mbam-log-2011-02-07 (10-36-17).txt

Scan type: Quick scan

Objects scanned: 155842

Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Rick\AppData\Local\Temp\e12fd82f.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Rick\AppData\Local\Temp\Low\0.04394918551638349.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Rick\AppData\Local\Temp\Low\1dcc0093.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Rick\AppData\Local\Temp\Low\skmewwwln\vymjqeksjmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on -TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
    .

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

No, it couldn't.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

no thank you!

2011/02/08 10:58:17.0591 4000 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03

2011/02/08 10:58:17.0810 4000 ================================================================================

2011/02/08 10:58:17.0810 4000 SystemInfo:

2011/02/08 10:58:17.0810 4000

2011/02/08 10:58:17.0810 4000 OS Version: 6.0.6002 ServicePack: 2.0

2011/02/08 10:58:17.0810 4000 Product type: Workstation

2011/02/08 10:58:17.0810 4000 ComputerName: KNOBLESS

2011/02/08 10:58:17.0810 4000 UserName: Rick

2011/02/08 10:58:17.0810 4000 Windows directory: C:\Windows

2011/02/08 10:58:17.0810 4000 System windows directory: C:\Windows

2011/02/08 10:58:17.0810 4000 Processor architecture: Intel x86

2011/02/08 10:58:17.0810 4000 Number of processors: 2

2011/02/08 10:58:17.0810 4000 Page size: 0x1000

2011/02/08 10:58:17.0810 4000 Boot type: Normal boot

2011/02/08 10:58:17.0810 4000 ================================================================================

2011/02/08 10:58:18.0732 4000 Initialize success

2011/02/08 10:58:26.0904 0740 ================================================================================

2011/02/08 10:58:26.0904 0740 Scan started

2011/02/08 10:58:26.0904 0740 Mode: Manual;

2011/02/08 10:58:26.0904 0740 ================================================================================

2011/02/08 10:58:28.0404 0740 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/02/08 10:58:28.0482 0740 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/02/08 10:58:28.0544 0740 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/02/08 10:58:28.0654 0740 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/02/08 10:58:28.0700 0740 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/02/08 10:58:28.0794 0740 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/02/08 10:58:28.0935 0740 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/02/08 10:58:29.0013 0740 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/02/08 10:58:29.0060 0740 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/02/08 10:58:29.0091 0740 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/02/08 10:58:29.0122 0740 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/02/08 10:58:29.0247 0740 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/02/08 10:58:29.0294 0740 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2011/02/08 10:58:29.0482 0740 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/02/08 10:58:29.0529 0740 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/02/08 10:58:29.0607 0740 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/08 10:58:29.0716 0740 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/02/08 10:58:29.0810 0740 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/02/08 10:58:29.0888 0740 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/02/08 10:58:29.0997 0740 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/02/08 10:58:30.0075 0740 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/02/08 10:58:30.0122 0740 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2011/02/08 10:58:30.0263 0740 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/02/08 10:58:30.0388 0740 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/08 10:58:30.0497 0740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/02/08 10:58:30.0529 0740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/02/08 10:58:30.0591 0740 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/02/08 10:58:30.0622 0740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/02/08 10:58:30.0669 0740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/02/08 10:58:30.0794 0740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/02/08 10:58:30.0825 0740 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/02/08 10:58:31.0044 0740 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/08 10:58:31.0122 0740 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/08 10:58:31.0169 0740 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/02/08 10:58:31.0232 0740 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/02/08 10:58:31.0372 0740 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/02/08 10:58:31.0419 0740 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/02/08 10:58:31.0450 0740 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/02/08 10:58:31.0482 0740 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/02/08 10:58:31.0529 0740 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/02/08 10:58:31.0622 0740 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/02/08 10:58:31.0763 0740 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/02/08 10:58:31.0872 0740 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/02/08 10:58:31.0904 0740 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/02/08 10:58:31.0950 0740 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/02/08 10:58:32.0075 0740 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/02/08 10:58:32.0154 0740 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/02/08 10:58:32.0216 0740 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys

2011/02/08 10:58:32.0279 0740 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/08 10:58:32.0435 0740 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/02/08 10:58:32.0482 0740 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/02/08 10:58:32.0560 0740 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/02/08 10:58:32.0685 0740 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/02/08 10:58:32.0794 0740 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/02/08 10:58:32.0872 0740 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/02/08 10:58:32.0919 0740 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/02/08 10:58:33.0029 0740 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/02/08 10:58:33.0091 0740 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/02/08 10:58:33.0138 0740 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/02/08 10:58:33.0200 0740 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/02/08 10:58:33.0294 0740 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/08 10:58:33.0341 0740 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/02/08 10:58:33.0404 0740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/02/08 10:58:33.0747 0740 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/02/08 10:58:33.0825 0740 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/02/08 10:58:33.0872 0740 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/02/08 10:58:33.0904 0740 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/02/08 10:58:34.0029 0740 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/08 10:58:34.0060 0740 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/02/08 10:58:34.0185 0740 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/02/08 10:58:34.0310 0740 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/02/08 10:58:34.0372 0740 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

2011/02/08 10:58:34.0419 0740 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/02/08 10:58:34.0544 0740 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/02/08 10:58:34.0591 0740 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/02/08 10:58:34.0638 0740 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/02/08 10:58:34.0700 0740 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys

2011/02/08 10:58:34.0747 0740 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/02/08 10:58:34.0857 0740 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/08 10:58:34.0919 0740 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/02/08 10:58:34.0966 0740 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/02/08 10:58:35.0029 0740 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/02/08 10:58:35.0075 0740 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/02/08 10:58:35.0200 0740 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/02/08 10:58:35.0232 0740 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/02/08 10:58:35.0263 0740 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/02/08 10:58:35.0310 0740 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/08 10:58:35.0372 0740 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/02/08 10:58:35.0529 0740 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/08 10:58:35.0700 0740 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/08 10:58:35.0779 0740 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/02/08 10:58:35.0810 0740 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/02/08 10:58:35.0857 0740 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/02/08 10:58:35.0919 0740 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/02/08 10:58:35.0997 0740 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/02/08 10:58:36.0060 0740 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/02/08 10:58:36.0122 0740 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/02/08 10:58:36.0185 0740 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/08 10:58:36.0247 0740 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/08 10:58:36.0294 0740 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/08 10:58:36.0357 0740 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/02/08 10:58:36.0419 0740 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/02/08 10:58:36.0466 0740 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/08 10:58:36.0544 0740 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/02/08 10:58:36.0622 0740 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/02/08 10:58:36.0669 0740 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/08 10:58:36.0700 0740 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/08 10:58:36.0779 0740 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/08 10:58:36.0857 0740 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2011/02/08 10:58:36.0888 0740 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/02/08 10:58:36.0966 0740 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/02/08 10:58:37.0013 0740 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/02/08 10:58:37.0107 0740 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/08 10:58:37.0200 0740 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/08 10:58:37.0247 0740 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/02/08 10:58:37.0310 0740 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/02/08 10:58:37.0388 0740 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/02/08 10:58:37.0419 0740 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/02/08 10:58:37.0497 0740 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/02/08 10:58:37.0560 0740 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/08 10:58:37.0669 0740 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/02/08 10:58:37.0763 0740 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/08 10:58:37.0810 0740 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/08 10:58:37.0872 0740 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/08 10:58:37.0935 0740 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/02/08 10:58:38.0029 0740 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/08 10:58:38.0075 0740 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/08 10:58:38.0169 0740 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/02/08 10:58:38.0216 0740 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/02/08 10:58:38.0310 0740 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/08 10:58:38.0419 0740 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/02/08 10:58:38.0529 0740 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/02/08 10:58:38.0607 0740 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/02/08 10:58:38.0638 0740 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/02/08 10:58:38.0685 0740 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/02/08 10:58:38.0716 0740 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/02/08 10:58:38.0888 0740 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/02/08 10:58:38.0950 0740 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/02/08 10:58:38.0997 0740 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/02/08 10:58:39.0029 0740 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/02/08 10:58:39.0138 0740 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/02/08 10:58:39.0200 0740 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/02/08 10:58:39.0263 0740 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/02/08 10:58:39.0325 0740 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/02/08 10:58:39.0544 0740 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/08 10:58:39.0607 0740 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/02/08 10:58:39.0685 0740 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/08 10:58:39.0810 0740 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

2011/02/08 10:58:39.0904 0740 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/02/08 10:58:39.0966 0740 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/02/08 10:58:40.0029 0740 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/08 10:58:40.0185 0740 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/02/08 10:58:40.0341 0740 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/08 10:58:40.0404 0740 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/08 10:58:40.0466 0740 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/08 10:58:40.0513 0740 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/02/08 10:58:40.0575 0740 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/08 10:58:40.0685 0740 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/08 10:58:40.0747 0740 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2011/02/08 10:58:40.0779 0740 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/08 10:58:40.0841 0740 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/02/08 10:58:40.0919 0740 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/02/08 10:58:40.0982 0740 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\drivers\rimsptsk.sys

2011/02/08 10:58:41.0044 0740 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\drivers\rixdptsk.sys

2011/02/08 10:58:41.0138 0740 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/08 10:58:41.0185 0740 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/02/08 10:58:41.0310 0740 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/02/08 10:58:41.0372 0740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/08 10:58:41.0419 0740 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/02/08 10:58:41.0482 0740 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/02/08 10:58:41.0529 0740 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/02/08 10:58:41.0622 0740 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/02/08 10:58:41.0685 0740 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/02/08 10:58:41.0732 0740 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/02/08 10:58:41.0779 0740 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/02/08 10:58:41.0825 0740 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/02/08 10:58:41.0857 0740 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/02/08 10:58:41.0935 0740 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/02/08 10:58:42.0029 0740 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/02/08 10:58:42.0107 0740 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/02/08 10:58:42.0169 0740 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2011/02/08 10:58:42.0247 0740 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/08 10:58:42.0294 0740 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/08 10:58:42.0372 0740 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/02/08 10:58:42.0466 0740 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

2011/02/08 10:58:42.0575 0740 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

2011/02/08 10:58:42.0638 0740 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/02/08 10:58:42.0716 0740 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/02/08 10:58:42.0747 0740 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/02/08 10:58:42.0779 0740 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/02/08 10:58:42.0904 0740 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys

2011/02/08 10:58:43.0013 0740 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/02/08 10:58:43.0075 0740 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/08 10:58:43.0138 0740 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/08 10:58:43.0232 0740 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/02/08 10:58:43.0263 0740 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/02/08 10:58:43.0310 0740 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/08 10:58:43.0372 0740 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/02/08 10:58:43.0482 0740 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/08 10:58:43.0575 0740 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/02/08 10:58:43.0622 0740 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/08 10:58:43.0669 0740 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/02/08 10:58:43.0747 0740 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/08 10:58:43.0841 0740 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/02/08 10:58:43.0888 0740 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/02/08 10:58:43.0950 0740 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/02/08 10:58:44.0013 0740 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/02/08 10:58:44.0075 0740 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/08 10:58:44.0169 0740 URC_USBV7 (c7f0148964c5728d4880198dcc10b924) C:\Windows\system32\Drivers\URC_USBV7.sys

2011/02/08 10:58:44.0279 0740 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/02/08 10:58:44.0341 0740 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/08 10:58:44.0419 0740 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/02/08 10:58:44.0466 0740 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/02/08 10:58:44.0544 0740 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/08 10:58:44.0591 0740 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/02/08 10:58:44.0654 0740 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/02/08 10:58:44.0700 0740 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/02/08 10:58:44.0747 0740 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/08 10:58:44.0825 0740 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/02/08 10:58:44.0919 0740 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/08 10:58:44.0966 0740 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/02/08 10:58:45.0013 0740 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/02/08 10:58:45.0091 0740 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/02/08 10:58:45.0122 0740 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/02/08 10:58:45.0185 0740 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/02/08 10:58:45.0247 0740 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/02/08 10:58:45.0357 0740 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/02/08 10:58:45.0482 0740 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/02/08 10:58:45.0544 0740 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/02/08 10:58:45.0591 0740 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/08 10:58:45.0622 0740 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/08 10:58:45.0669 0740 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/02/08 10:58:45.0794 0740 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/08 10:58:45.0935 0740 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/02/08 10:58:46.0060 0740 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/02/08 10:58:46.0216 0740 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/02/08 10:58:46.0279 0740 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/08 10:58:46.0357 0740 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/08 10:58:46.0419 0740 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/02/08 10:58:46.0497 0740 ================================================================================

2011/02/08 10:58:46.0497 0740 Scan finished

2011/02/08 10:58:46.0497 0740 ================================================================================

Link to post
Share on other sites

seems to be faster, there was alot of stuff running in processes now there isnt too much also the double iexplore are gone, havnt had any sounds yet and the google hijacking seems to be gone, what do you think i had on my computer? also thank you soo much for helping

Link to post
Share on other sites

Glad I could help! :)

what do you think i had on my computer?

A lot of things as you see in your MBAM logs. The main problem was TDL4. More information here:

http://www.kernelmode.info/forum/viewtopic...=19&start=0

Last steps for you:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS, GMER and TDSSKiller.

Step 3

Keep your software up-to-date:

www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.