Carla Posted March 23, 2011 ID:403493 Share Posted March 23, 2011 Got Antimalware doctor on my computer and used Malwarebytes scan. After the first scan, it removed almost everything but said not all of it could be removed. I restarted the computer, ran Malwarebytes again and it seemed to remove it. I also have Webroot Antivirus with spyware sweep and since removing Antimaware doctor, I will occasionally get a warning saying that webroot is trying to block an internet site and shows these 9 digit numbers. It usually happens randomly when I'm on a page. I'm not sure if I've gotten all of this problem. Sorry, I'm not good with computers, please help me!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:01:21 PM, on 3/22/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exeC:\Program Files\TOSHIBA\TECO\TEco.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Epson Software\Event Manager\EEventManager.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Webroot\Security\Current\Framework\WRTray.exeC:\Program Files\real\realplayer\Update\realsched.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIA.EXEC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Users\Owner\Documents\RCA Detective\RCADetective.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\igfxext.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%languageR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80012&lng=enR1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80012R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dllO1 - Hosts: ::1 localhostO2 - BHO: (no name) - MRI_DISABLED - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dllO3 - Toolbar: Webroot Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"O4 - HKLM\..\Run: [smoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunO4 - HKLM\..\Run: [smartFaceVWatcher] "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"O4 - HKLM\..\Run: [Teco] "C:\Program Files\TOSHIBA\TECO\Teco.exe" /rO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"O4 - HKLM\..\Run: [TPCHWMsg] "%ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe"O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60O4 - HKLM\..\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"O4 - HKLM\..\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe"O4 - HKLM\..\Run: [EEventManager] "C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe"O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE" /FU "C:\Windows\TEMP\E_SC4C5.tmp" /EF "HKCU"O4 - HKCU\..\Run: [Calendar] "C:\Program Files\Desksware\Desktop iCal\Calendar.exe"O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Startup: RCA Detective.lnk = C:\Users\Owner\Documents\RCA Detective\RCADetective.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://www.gamehouse.com/games/NightshiftJaguarsEye.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cabO18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exeO23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2011 ID:403831 Share Posted March 23, 2011 Welcome to the forum, please do this:Download TDSSKiller to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan. Don't Change These Settings:If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. You may be asked you to reboot the computer to complete the process. Click on Reboot Now To view the report: Click the Report button and copy/paste the contents of it into your next reply.Note:It will also create a log in the C:\ directory and look something like this:TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt---------------------------------------Please download and run ComboFix:A few notes first:[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)[*]ComboFix must be run from an Administrative account.[*]Vista and W7 users - Right click, choose "Run as Administrator"[*]It must be downloaded to and run from your desktop.[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)[*]ComboFix Guide <---please read!Download ComboFix from one of these locations: (you may have to use right click > save target as)[*]Link 1[*]Link 2* IMPORTANT !!! Save ComboFix.exe to your Desktop[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------They may interfere with the running of ComboFix.Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover[*]Double click on ComboFix.exe & follow the prompts.[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.[*] Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console part[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!. [*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.If a reboot doesn't restore your connection, please try this:Check HEREFor XP systems download and run WinSockFix and HereVista users: Check HERE Windows 7 systems: Download and run this Winsockfix.bat[*]5.Give ComboFix at least 20-30 minutes to finish if needed.MrC Link to post Share on other sites More sharing options...
Carla Posted March 23, 2011 Author ID:403948 Share Posted March 23, 2011 Mr C,Thank you for your help. I did a Webroot scan and a trojan was detected. I think this is the little bug that was left over from antimalware doctor. I ran tdsskiller and it looks like it removed the trojan, my computer is working much better. Should I still run ComboFix? If so, I'm having trouble disabling Webroot. I can't find anything on webroot in these forums.Thanks again,Carla Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2011 ID:403951 Share Posted March 23, 2011 Did TDSSKiller find anything?Please post the log, MrC Link to post Share on other sites More sharing options...
Carla Posted March 23, 2011 Author ID:403960 Share Posted March 23, 2011 Yes, it did find the trojan. But I did not save the log, I'm sorry. Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2011 ID:403989 Share Posted March 23, 2011 It's important that I see that log.The log is located in your C:\ directory and look something like this:TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txtPlease post it, MrC Link to post Share on other sites More sharing options...
Carla Posted March 23, 2011 Author ID:404012 Share Posted March 23, 2011 Got it:2011/03/23 14:10:46.0599 3448 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:282011/03/23 14:10:46.0817 3448 ================================================================================2011/03/23 14:10:46.0817 3448 SystemInfo:2011/03/23 14:10:46.0817 3448 2011/03/23 14:10:46.0817 3448 OS Version: 6.0.6002 ServicePack: 2.02011/03/23 14:10:46.0817 3448 Product type: Workstation2011/03/23 14:10:46.0817 3448 ComputerName: OWNER-PC2011/03/23 14:10:46.0817 3448 UserName: Owner2011/03/23 14:10:46.0817 3448 Windows directory: C:\Windows2011/03/23 14:10:46.0817 3448 System windows directory: C:\Windows2011/03/23 14:10:46.0817 3448 Processor architecture: Intel x862011/03/23 14:10:46.0817 3448 Number of processors: 22011/03/23 14:10:46.0817 3448 Page size: 0x10002011/03/23 14:10:46.0817 3448 Boot type: Normal boot2011/03/23 14:10:46.0817 3448 ================================================================================2011/03/23 14:10:47.0223 3448 Initialize success2011/03/23 14:10:52.0885 5960 ================================================================================2011/03/23 14:10:52.0885 5960 Scan started2011/03/23 14:10:52.0885 5960 Mode: Manual; 2011/03/23 14:10:52.0885 5960 ================================================================================2011/03/23 14:10:53.0385 5960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys2011/03/23 14:10:53.0509 5960 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys2011/03/23 14:10:53.0650 5960 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys2011/03/23 14:10:53.0743 5960 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys2011/03/23 14:10:53.0853 5960 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys2011/03/23 14:10:53.0977 5960 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys2011/03/23 14:10:54.0102 5960 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys2011/03/23 14:10:54.0274 5960 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys2011/03/23 14:10:54.0367 5960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys2011/03/23 14:10:54.0461 5960 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys2011/03/23 14:10:54.0570 5960 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys2011/03/23 14:10:54.0679 5960 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys2011/03/23 14:10:54.0804 5960 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys2011/03/23 14:10:54.0913 5960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys2011/03/23 14:10:55.0054 5960 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys2011/03/23 14:10:55.0147 5960 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys2011/03/23 14:10:55.0241 5960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys2011/03/23 14:10:55.0335 5960 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys2011/03/23 14:10:55.0459 5960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys2011/03/23 14:10:55.0584 5960 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys2011/03/23 14:10:55.0693 5960 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys2011/03/23 14:10:55.0787 5960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys2011/03/23 14:10:55.0896 5960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys2011/03/23 14:10:55.0990 5960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys2011/03/23 14:10:56.0068 5960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys2011/03/23 14:10:56.0161 5960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys2011/03/23 14:10:56.0271 5960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys2011/03/23 14:10:56.0364 5960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys2011/03/23 14:10:56.0520 5960 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\Windows\system32\drivers\BVRPMPR5.SYS2011/03/23 14:10:56.0645 5960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys2011/03/23 14:10:56.0770 5960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys2011/03/23 14:10:56.0863 5960 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys2011/03/23 14:10:56.0957 5960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys2011/03/23 14:10:57.0097 5960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys2011/03/23 14:10:57.0175 5960 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys2011/03/23 14:10:57.0269 5960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys2011/03/23 14:10:57.0394 5960 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys2011/03/23 14:10:57.0472 5960 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys2011/03/23 14:10:57.0597 5960 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys2011/03/23 14:10:57.0753 5960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys2011/03/23 14:10:57.0877 5960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys2011/03/23 14:10:58.0002 5960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys2011/03/23 14:10:58.0158 5960 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys2011/03/23 14:10:58.0314 5960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys2011/03/23 14:10:58.0408 5960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys2011/03/23 14:10:58.0533 5960 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys2011/03/23 14:10:58.0611 5960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys2011/03/23 14:10:58.0657 5960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys2011/03/23 14:10:58.0798 5960 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys2011/03/23 14:10:58.0845 5960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys2011/03/23 14:10:58.0860 5960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys2011/03/23 14:10:58.0907 5960 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys2011/03/23 14:10:58.0938 5960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys2011/03/23 14:10:59.0047 5960 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys2011/03/23 14:10:59.0079 5960 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys2011/03/23 14:10:59.0110 5960 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys2011/03/23 14:10:59.0250 5960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys2011/03/23 14:10:59.0313 5960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys2011/03/23 14:10:59.0359 5960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys2011/03/23 14:10:59.0375 5960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys2011/03/23 14:10:59.0406 5960 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys2011/03/23 14:10:59.0437 5960 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys2011/03/23 14:10:59.0484 5960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys2011/03/23 14:10:59.0515 5960 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys2011/03/23 14:10:59.0578 5960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys2011/03/23 14:10:59.0625 5960 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys2011/03/23 14:10:59.0671 5960 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys2011/03/23 14:10:59.0812 5960 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys2011/03/23 14:10:59.0905 5960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys2011/03/23 14:11:00.0015 5960 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys2011/03/23 14:11:00.0295 5960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys2011/03/23 14:11:00.0327 5960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys2011/03/23 14:11:00.0358 5960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys2011/03/23 14:11:00.0405 5960 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys2011/03/23 14:11:00.0451 5960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys2011/03/23 14:11:00.0467 5960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys2011/03/23 14:11:00.0498 5960 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys2011/03/23 14:11:00.0561 5960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys2011/03/23 14:11:00.0576 5960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys2011/03/23 14:11:00.0607 5960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys2011/03/23 14:11:00.0639 5960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys2011/03/23 14:11:00.0685 5960 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys2011/03/23 14:11:00.0763 5960 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys2011/03/23 14:11:00.0873 5960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys2011/03/23 14:11:00.0919 5960 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys2011/03/23 14:11:00.0935 5960 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys2011/03/23 14:11:00.0997 5960 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys2011/03/23 14:11:01.0013 5960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys2011/03/23 14:11:01.0044 5960 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys2011/03/23 14:11:01.0107 5960 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys2011/03/23 14:11:01.0169 5960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys2011/03/23 14:11:01.0231 5960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys2011/03/23 14:11:01.0247 5960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys2011/03/23 14:11:01.0263 5960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys2011/03/23 14:11:01.0309 5960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys2011/03/23 14:11:01.0387 5960 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys2011/03/23 14:11:01.0419 5960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys2011/03/23 14:11:01.0450 5960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys2011/03/23 14:11:01.0481 5960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys2011/03/23 14:11:01.0512 5960 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys2011/03/23 14:11:01.0575 5960 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys2011/03/23 14:11:01.0590 5960 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys2011/03/23 14:11:01.0653 5960 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys2011/03/23 14:11:01.0684 5960 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys2011/03/23 14:11:01.0731 5960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys2011/03/23 14:11:01.0793 5960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys2011/03/23 14:11:01.0855 5960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys2011/03/23 14:11:01.0918 5960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys2011/03/23 14:11:01.0933 5960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys2011/03/23 14:11:01.0980 5960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys2011/03/23 14:11:02.0027 5960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys2011/03/23 14:11:02.0074 5960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys2011/03/23 14:11:02.0121 5960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys2011/03/23 14:11:02.0167 5960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys2011/03/23 14:11:02.0230 5960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys2011/03/23 14:11:02.0277 5960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys2011/03/23 14:11:02.0308 5960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys2011/03/23 14:11:02.0370 5960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys2011/03/23 14:11:02.0386 5960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys2011/03/23 14:11:02.0417 5960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys2011/03/23 14:11:02.0479 5960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys2011/03/23 14:11:02.0620 5960 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys2011/03/23 14:11:02.0729 5960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys2011/03/23 14:11:02.0791 5960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys2011/03/23 14:11:02.0823 5960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys2011/03/23 14:11:02.0901 5960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys2011/03/23 14:11:02.0979 5960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys2011/03/23 14:11:02.0994 5960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys2011/03/23 14:11:03.0010 5960 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys2011/03/23 14:11:03.0041 5960 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys2011/03/23 14:11:03.0072 5960 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys2011/03/23 14:11:03.0135 5960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys2011/03/23 14:11:03.0181 5960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys2011/03/23 14:11:03.0213 5960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys2011/03/23 14:11:03.0228 5960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys2011/03/23 14:11:03.0291 5960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys2011/03/23 14:11:03.0322 5960 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys2011/03/23 14:11:03.0337 5960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys2011/03/23 14:11:03.0400 5960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys2011/03/23 14:11:03.0478 5960 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys2011/03/23 14:11:03.0540 5960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys2011/03/23 14:11:03.0556 5960 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys2011/03/23 14:11:03.0634 5960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys2011/03/23 14:11:03.0665 5960 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys2011/03/23 14:11:03.0727 5960 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys2011/03/23 14:11:03.0774 5960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys2011/03/23 14:11:03.0821 5960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys2011/03/23 14:11:03.0868 5960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys2011/03/23 14:11:03.0899 5960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys2011/03/23 14:11:03.0946 5960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys2011/03/23 14:11:03.0961 5960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys2011/03/23 14:11:04.0024 5960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys2011/03/23 14:11:04.0055 5960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys2011/03/23 14:11:04.0086 5960 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys2011/03/23 14:11:04.0117 5960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys2011/03/23 14:11:04.0164 5960 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys2011/03/23 14:11:04.0258 5960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys2011/03/23 14:11:04.0320 5960 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys2011/03/23 14:11:04.0351 5960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys2011/03/23 14:11:04.0398 5960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2011/03/23 14:11:04.0429 5960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys2011/03/23 14:11:04.0461 5960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys2011/03/23 14:11:04.0476 5960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys2011/03/23 14:11:04.0507 5960 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys2011/03/23 14:11:04.0523 5960 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys2011/03/23 14:11:04.0539 5960 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys2011/03/23 14:11:04.0570 5960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys2011/03/23 14:11:04.0601 5960 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys2011/03/23 14:11:04.0617 5960 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys2011/03/23 14:11:04.0632 5960 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys2011/03/23 14:11:04.0695 5960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys2011/03/23 14:11:04.0726 5960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys2011/03/23 14:11:04.0788 5960 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys2011/03/23 14:11:04.0851 5960 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys2011/03/23 14:11:04.0897 5960 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys2011/03/23 14:11:04.0960 5960 ssfmonm (83a1fe75211bb59645fe53e469ad61c8) C:\Windows\system32\DRIVERS\ssfmonm.sys2011/03/23 14:11:05.0007 5960 sshrmd (6fb311640254a0fc65fc70f4f58fb9b1) C:\Windows\system32\DRIVERS\sshrmd.sys2011/03/23 14:11:05.0038 5960 ssidrv (16cd11a307389db133e08229ed300861) C:\Windows\system32\DRIVERS\ssidrv.sys2011/03/23 14:11:05.0100 5960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys2011/03/23 14:11:05.0147 5960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys2011/03/23 14:11:05.0178 5960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys2011/03/23 14:11:05.0194 5960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys2011/03/23 14:11:05.0256 5960 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys2011/03/23 14:11:05.0350 5960 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys2011/03/23 14:11:05.0412 5960 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys2011/03/23 14:11:05.0475 5960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys2011/03/23 14:11:05.0537 5960 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys2011/03/23 14:11:05.0568 5960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys2011/03/23 14:11:05.0584 5960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys2011/03/23 14:11:05.0646 5960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys2011/03/23 14:11:05.0677 5960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys2011/03/23 14:11:05.0787 5960 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys2011/03/23 14:11:05.0865 5960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys2011/03/23 14:11:05.0896 5960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys2011/03/23 14:11:05.0943 5960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys2011/03/23 14:11:05.0989 5960 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS2011/03/23 14:11:06.0036 5960 TVALZFL (009aecd4c19209b09669a6615ea1e889) C:\Windows\system32\DRIVERS\TVALZFL.sys2011/03/23 14:11:06.0052 5960 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys2011/03/23 14:11:06.0099 5960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys2011/03/23 14:11:06.0145 5960 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys2011/03/23 14:11:06.0177 5960 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys2011/03/23 14:11:06.0192 5960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys2011/03/23 14:11:06.0223 5960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys2011/03/23 14:11:06.0255 5960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys2011/03/23 14:11:06.0301 5960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys2011/03/23 14:11:06.0333 5960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys2011/03/23 14:11:06.0379 5960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys2011/03/23 14:11:06.0411 5960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys2011/03/23 14:11:06.0442 5960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys2011/03/23 14:11:06.0473 5960 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys2011/03/23 14:11:06.0535 5960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS2011/03/23 14:11:06.0582 5960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys2011/03/23 14:11:06.0613 5960 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys2011/03/23 14:11:06.0645 5960 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys2011/03/23 14:11:06.0676 5960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys2011/03/23 14:11:06.0691 5960 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys2011/03/23 14:11:06.0707 5960 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys2011/03/23 14:11:06.0738 5960 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys2011/03/23 14:11:06.0785 5960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys2011/03/23 14:11:06.0832 5960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys2011/03/23 14:11:06.0879 5960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys2011/03/23 14:11:06.0925 5960 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys2011/03/23 14:11:06.0957 5960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys2011/03/23 14:11:06.0988 5960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2011/03/23 14:11:07.0019 5960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2011/03/23 14:11:07.0035 5960 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys2011/03/23 14:11:07.0081 5960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys2011/03/23 14:11:07.0191 5960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys2011/03/23 14:11:07.0253 5960 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys2011/03/23 14:11:07.0284 5960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys2011/03/23 14:11:07.0347 5960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys2011/03/23 14:11:07.0393 5960 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/03/23 14:11:07.0393 5960 ================================================================================2011/03/23 14:11:07.0393 5960 Scan finished2011/03/23 14:11:07.0393 5960 ================================================================================2011/03/23 14:11:07.0409 5040 Detected object count: 12011/03/23 14:11:25.0817 5040 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot2011/03/23 14:11:25.0817 5040 \HardDisk0 - ok2011/03/23 14:11:25.0817 5040 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/23 14:11:32.0899 7336 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2011 ID:404026 Share Posted March 23, 2011 OK, you had the Win32.TDSS rootkit.Run TDSSKiller again and see if it finds anything, if so please post the log.If not we have to run ComboFix, the link below explains how to disable your anti-virus, anti-malware and firewalls:http://www.bleepingcomputer.com/forums/topic114351.htmlLet me know, MrC Link to post Share on other sites More sharing options...
Carla Posted March 24, 2011 Author ID:404341 Share Posted March 24, 2011 Ran Tdsskiller again and it did not find anything. I will try running ComboFix, but I'm nervous since it's so powerful! What happens if it doesn't restore my internet connection? Link to post Share on other sites More sharing options...
MrCharlie Posted March 24, 2011 ID:404344 Share Posted March 24, 2011 OK, don't let all the information I provide for ComboFix intimidate you, 99.9% of the time it will run fine.You should have no problem with your internet connection.You'll be find, just make sure you run it from your desktop and disable all your anti-malware programs before you run it.MrC Link to post Share on other sites More sharing options...
Carla Posted March 24, 2011 Author ID:404375 Share Posted March 24, 2011 Whew!ComboFix 11-03-23.06 - Owner 03/24/2011 10:19:08.1.2 - x86Microsoft Link to post Share on other sites More sharing options...
MrCharlie Posted March 24, 2011 ID:404383 Share Posted March 24, 2011 You did GOOD We'll uninstall ComboFix when we are done.Please update and run a quick scan with MBAM and post the log.Reboot and let me know how it is, MrC Link to post Share on other sites More sharing options...
Carla Posted March 24, 2011 Author ID:404389 Share Posted March 24, 2011 Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6153Windows 6.0.6002 Service Pack 2Internet Explorer 7.0.6002.180053/24/2011 10:58:38 AMmbam-log-2011-03-24 (10-58-38).txtScan type: Quick scanObjects scanned: 156716Time elapsed: 5 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
MrCharlie Posted March 24, 2011 ID:404403 Share Posted March 24, 2011 How is it running?? MrC Link to post Share on other sites More sharing options...
Carla Posted March 24, 2011 Author ID:404405 Share Posted March 24, 2011 Very good! Link to post Share on other sites More sharing options...
MrCharlie Posted March 24, 2011 ID:404408 Share Posted March 24, 2011 Good Please Uninstall ComboFix: Go to start > run and copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point--------------Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any questions...please post back.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Carla Posted March 24, 2011 Author ID:404415 Share Posted March 24, 2011 THANK YOU SO MUCH!!!!!!!!!!!!!!!!!! Link to post Share on other sites More sharing options...
Staff screen317 Posted March 26, 2011 Staff ID:405529 Share Posted March 26, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts