Jump to content

Recommended Posts

I am running a 32 bit vista laptop. I do not have administrative rights as it is a work laptop I am trying to get cleaned up(couldn't run defogger). The other day my Google links started redirecting to spam sites. I used Malwarebytes and it seemed to work. When I came back in to work today the links started getting redirected again. Here are the logs you asked for MBAM and DDS/GMER.

(MBAM)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6598

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

5/18/2011 9:12:10 AM

mbam-log-2011-05-18 (09-12-10).txt

Scan type: Quick scan

Objects scanned: 196351

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Joshua.Saliba at 9:23:52.59 on Wed 05/18/2011

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23

Microsoft

Attach.zip

Link to post
Share on other sites

Hi hailmary25 and Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Hi hailmary25 and Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

I followed your steps, I downloaded to desktop and extracted there but when I clicked on TDSSKiller.exe nothing happened. I clicked it the run application came up I hit run and then nothing.

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi, I added some files to the CFScript to tidy things up in your PC.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

File::
c:\windows\system32\HIPIS0e011b3.dll
C:\acertchk.bat
C:\QTipMutexCheck.exe
C:\rcertmd5deep.exe
C:\rcertcurl.exe
C:\rcertsqlite.exe
C:\rcertnoficker.exe
C:\rcertGetVers.exe
C:\rcertgrep.exe
C:\rcertsleep.exe
C:\rcertgzip.exe

Folder::
c:\users\Joshua.Saliba\AppData\Local\temp
c:\users\pcpatch\AppData\Local\temp
C:\rcertqtiptempcollect
C:\32788R22FWJFW
C:\acertchk.bat

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

DDS::
Trusted Zone: acpol.army.mil
Trusted Zone: af.mil
Trusted Zone: army.mil
Trusted Zone: army.mil\*.monmouth
Trusted Zone: army.mil\*.ria
Trusted Zone: army.mil\acpol
Trusted Zone: army.mil\webmail1.monmouth
Trusted Zone: army.mil\www.us
Trusted Zone: chrcs.army.mil
Trusted Zone: navy.mil
Trusted Zone: osd.mil
Trusted Zone: osd.mil\www.defensetravel
Trusted Zone: ria.army.mil
Trusted Zone: usmc.mil

FireFox::
FF - ProfilePath - c:\users\Joshua.Saliba\AppData\Roaming\Mozilla\Firefox\Profiles\pl383oqk.default\

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

The search redirections should have stopped now. Have they?

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Adobe Reader 9.4.0

Java

Link to post
Share on other sites

The Google links problem is gone. I have successfully downloaded Adobe Reader.I tried to download the latest Java and got ths erroer

Error 1330:

File Required cannot be installed. Cabinet file C:\Users\myname\AppData\locallow\sun\Java\jre1.6.0_25\Data1.cab has invalid digital signature and this may mean file is corrupt.

I am about to run the scan.

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=7ab4507bb683574bacf77823fc3b6dff

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-05-20 07:11:53

# local_time=2011-05-20 03:11:53 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 32776539 142522902 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=122148

# found=4

# cleaned=0

# scan_time=3299

C:\Users\Joshua.Saliba\AppData\Local\Mozilla\Firefox\Profiles\pl383oqk.default\Cache\F\DD\E3BFFd01 JS/Kryptik.AI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2d85064e-4f34eedc a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a187610-2fb16efa a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3bfa29c8-1a37d366 Java/TrojanDownloader.Agent.NCQ trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Smile we are getting closer. Good job you done there!

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3bfa29c8-1a37d366
    C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a187610-2fb16efa
    C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2d85064e-4f34eedc
    C:\Users\Joshua.Saliba\AppData\Local\Mozilla\Firefox\Profiles\pl383oqk.default\Cache\F\DD\E3BFFd01
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

So I am not sure what is happening but a couple of things. The google links thing return however it seemed like it was fighting itself as in it would try to link somewhere and then return back to google. Also now sometimes when I open up firefox audio commercials start playing even when no videos are on the screen or I close firefox.

Lastly I ran oTM and when I hit move it it ran but those last 4 lines of your code stayed in the left side and I let it sit for 30 min. Finally I hit move it again and it ran through those last bits and here is the log

All processes killed

Error: Unable to interpret <[emptytemp]> in the current context!

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

Error: Unable to interpret <[EMPTYFLASH]> in the current context!

Error: Unable to interpret <[Reboot]> in the current context!

OTM by OldTimer - Version 3.1.17.2 log created on 05202011_164141

Link to post
Share on other sites

Well, there is more than one way to skin a cat, as we say.

Please download ATF Cleaner by Atribune.


  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

To clear your Java Cache.

Click Start > Control Panel.

In the Control Panel, double-click the "Java" icon in the control panel. The Java Control Panel then appears.

Under the header "Temporary Internet Files", select the "Settings" button.

81f6db55.png

Don't change any of the settings, then click "Delete Files".

9e91904d.png

Next, the Delete Temporary Files dialog box appears.

a7252171.png

Make sure both boxes are ticked, and hit the OK button.

Next


  • Flush the DNS cache:
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

Next. Restart your computer. Then do the following:

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click Enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

FireFox::
FF - ProfilePath - c:\users\Joshua.Saliba\AppData\Roaming\Mozilla\Firefox\Profiles\pl383oqk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of ComboFix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

I mentioned earlier that I tried to download Java but it never worked because of the error I mentioned above. There isn't any java in my control panel. However her is the log from combo.

ComboFix 11-05-19.02 - Joshua.Saliba 05/20/2011 21:25:18.3.2 - x86

Microsoft

Link to post
Share on other sites

The leftovers of this is giving us a hard time, but we'll nip it... ;)

Copy everything inside the Code box below and paste it into Notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files".

Save it as Firefox.bat on your desktop.

@echo off

set DataDir=C:\Users\%Joshua.Saliba%\AppData\Local\Mozilla\Firefox\Profiles

del /q /s /f "%DataDir%"
rd /s /q "%DataDir%"

for /d %%x in (C:\Users\%Joshua.Saliba%\AppData\Roaming\Mozilla\Firefox\Profiles\*) do del /q /s /f %%x\*sqlite

Locate Firefox.bat file on your Desktop and double-click on it

A DOS box should open and close quickly, this is normal.

Next

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Ran your last scan must say it was a pain as it messed with Windows and I had to use my reapir disk to gt back on and it might have restored to a previous point I have no clue. The google links are still hijacked and I still get random audio. Here is the log.

Autoscan: completed <1 minute ago (events: 9, objects: 9742, time: 00:01:00)

5/22/2011 11:32:07 PM Task started

5/22/2011 11:32:07 PM Detected: MEM:Rootkit.Win32.Sst.a Unknown application

5/22/2011 11:32:27 PM Cannot be backed up: MEM:Rootkit.Win32.Sst.a Unknown application

5/23/2011 12:01:00 AM Detected: MEM:Rootkit.Win32.Sst.a System Memory

5/23/2011 12:06:32 AM Task stopped

5/23/2011 12:07:19 AM Task started

5/23/2011 12:08:17 AM Task stopped

5/23/2011 12:18:23 AM Task started

5/23/2011 12:19:23 AM Task completed

Disinfect active threats: completed 8 minutes ago (events: 7, objects: 2994, time: 00:04:59)

5/23/2011 12:06:31 AM Task started

5/23/2011 12:06:32 AM Detected: MEM:Rootkit.Win32.Sst.a System Memory

5/23/2011 12:06:32 AM Disinfected: MEM:Rootkit.Win32.Sst.a System Memory

5/23/2011 12:06:32 AM Disinfected: MEM:Rootkit.Win32.Sst.a System Memory

5/23/2011 12:09:00 AM Detected: Virus.Win32.TDSS.e c:\Windows\System32\drivers\volsnap.sys

5/23/2011 12:09:07 AM Will be deleted on system restart: Virus.Win32.TDSS.e c:\Windows\System32\drivers\volsnap.sys

5/23/2011 12:11:30 AM Task completed

Link to post
Share on other sites

Drag TDSSKiller icon into the recycle bin. Download a updated copy.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Right-click TDSSKiller and select Run As Administrator. If TDSSKiller still does not run, try renaming it.

To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension. Example: runme.com

Link to post
Share on other sites

2011/05/24 09:10:47.0917 3096 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23

2011/05/24 09:10:48.0432 3096 ================================================================================

2011/05/24 09:10:48.0432 3096 SystemInfo:

2011/05/24 09:10:48.0433 3096

2011/05/24 09:10:48.0433 3096 OS Version: 6.0.6002 ServicePack: 2.0

2011/05/24 09:10:48.0433 3096 Product type: Workstation

2011/05/24 09:10:48.0433 3096 ComputerName: MONMNB0388188Q

2011/05/24 09:10:48.0433 3096 UserName: Joshua.Saliba

2011/05/24 09:10:48.0433 3096 Windows directory: C:\Windows

2011/05/24 09:10:48.0433 3096 System windows directory: C:\Windows

2011/05/24 09:10:48.0433 3096 Processor architecture: Intel x86

2011/05/24 09:10:48.0433 3096 Number of processors: 2

2011/05/24 09:10:48.0433 3096 Page size: 0x1000

2011/05/24 09:10:48.0433 3096 Boot type: Normal boot

2011/05/24 09:10:48.0433 3096 ================================================================================

2011/05/24 09:10:48.0436 3096 SetPrivileges failed!

2011/05/24 09:10:49.0713 3096 Initialize success

2011/05/24 09:10:53.0801 5272 ================================================================================

2011/05/24 09:10:53.0801 5272 Scan started

2011/05/24 09:10:53.0801 5272 Mode: Manual;

2011/05/24 09:10:53.0801 5272 ================================================================================

2011/05/24 09:10:54.0352 5272 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/05/24 09:10:54.0417 5272 ADIHdAudAddService (3db3fb83217627d9a0cb8bae6cc5b491) C:\Windows\system32\drivers\ADIHdAud.sys

2011/05/24 09:10:54.0671 5272 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/05/24 09:10:54.0780 5272 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/05/24 09:10:54.0918 5272 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/05/24 09:10:55.0177 5272 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/05/24 09:10:55.0595 5272 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/05/24 09:10:55.0901 5272 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/05/24 09:10:56.0263 5272 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/05/24 09:10:56.0477 5272 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/05/24 09:10:56.0560 5272 AlKernel (06112696a1b06692939cf087d1f1c84e) C:\Windows\system32\Drivers\AlKernel.sys

2011/05/24 09:10:56.0702 5272 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/05/24 09:10:56.0798 5272 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/05/24 09:10:56.0904 5272 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/05/24 09:10:56.0958 5272 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/05/24 09:10:57.0084 5272 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/05/24 09:10:57.0157 5272 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/05/24 09:10:57.0252 5272 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/24 09:10:57.0420 5272 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/05/24 09:10:57.0831 5272 atikmdag (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/24 09:10:58.0374 5272 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/24 09:10:58.0556 5272 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/05/24 09:10:58.0705 5272 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/05/24 09:10:58.0814 5272 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/24 09:10:58.0919 5272 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/05/24 09:10:59.0083 5272 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/05/24 09:10:59.0250 5272 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/05/24 09:10:59.0473 5272 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/05/24 09:10:59.0745 5272 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/05/24 09:10:59.0990 5272 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/05/24 09:11:00.0161 5272 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/05/24 09:11:00.0713 5272 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/24 09:11:00.0817 5272 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/24 09:11:01.0058 5272 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/24 09:11:01.0124 5272 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/05/24 09:11:01.0223 5272 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/24 09:11:01.0370 5272 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/05/24 09:11:01.0510 5272 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/24 09:11:01.0756 5272 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/05/24 09:11:01.0957 5272 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/05/24 09:11:02.0236 5272 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

2011/05/24 09:11:02.0411 5272 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

2011/05/24 09:11:02.0663 5272 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) c:\Windows\system32\Drivers\CVPNDRVA.sys

2011/05/24 09:11:02.0792 5272 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/05/24 09:11:02.0949 5272 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/05/24 09:11:03.0176 5272 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

2011/05/24 09:11:03.0456 5272 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/05/24 09:11:03.0608 5272 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/24 09:11:03.0926 5272 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/05/24 09:11:04.0115 5272 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/05/24 09:11:04.0367 5272 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/05/24 09:11:04.0636 5272 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/05/24 09:11:04.0756 5272 EMSC (f41bd011c5e304e99076f6893e46eee4) C:\Windows\system32\DRIVERS\EMSC.SYS

2011/05/24 09:11:04.0850 5272 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys

2011/05/24 09:11:04.0937 5272 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys

2011/05/24 09:11:05.0162 5272 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/05/24 09:11:05.0505 5272 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/05/24 09:11:05.0665 5272 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/24 09:11:05.0840 5272 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/05/24 09:11:05.0934 5272 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/05/24 09:11:06.0131 5272 Firehk (f96d1c2c40902604329933374950babb) C:\Windows\system32\DRIVERS\firehk.sys

2011/05/24 09:11:06.0167 5272 FirehkMP (f96d1c2c40902604329933374950babb) C:\Windows\system32\DRIVERS\firehk.sys

2011/05/24 09:11:06.0319 5272 firelm01 (7e661e34cce11472fd468f9a9383b391) C:\Windows\system32\drivers\firelm01.sys

2011/05/24 09:11:06.0398 5272 FirePM (f0a996a78cf4fc361b319f2fc2abcefe) C:\Windows\system32\Drivers\FirePM.sys

2011/05/24 09:11:06.0538 5272 FireTDI (91cbe1e5d61819d290b3471cab620fe3) C:\Windows\system32\Drivers\FireTDI.sys

2011/05/24 09:11:06.0659 5272 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/24 09:11:06.0799 5272 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/05/24 09:11:07.0087 5272 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/24 09:11:07.0240 5272 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/24 09:11:07.0387 5272 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/05/24 09:11:07.0610 5272 GKUPRO2D (2db6e04b2a005b2206daab92d5cf9c4d) C:\Windows\system32\Drivers\GKUPRO2D.sys

2011/05/24 09:11:07.0772 5272 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

2011/05/24 09:11:07.0997 5272 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/24 09:11:08.0245 5272 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys

2011/05/24 09:11:08.0356 5272 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/05/24 09:11:08.0478 5272 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/24 09:11:08.0610 5272 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/24 09:11:08.0724 5272 HIPK (c61656628f974bbe152d971b34a3e74c) C:\Windows\system32\drivers\HIPK.sys

2011/05/24 09:11:08.0798 5272 HIPPSK (cbabea2348172968a7b4ff54c382893f) C:\Windows\system32\drivers\HIPPSK.sys

2011/05/24 09:11:08.0944 5272 HIPQK (f44af553d6291317daaa428ad65ad3e7) C:\Windows\system32\drivers\HIPQK.sys

2011/05/24 09:11:09.0088 5272 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys

2011/05/24 09:11:09.0155 5272 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys

2011/05/24 09:11:09.0276 5272 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/05/24 09:11:09.0396 5272 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/24 09:11:09.0500 5272 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

2011/05/24 09:11:09.0625 5272 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/05/24 09:11:09.0727 5272 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/05/24 09:11:09.0908 5272 IntcAzAudAddService (98fb74ec7f46e25ec082f1925eef39cd) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/24 09:11:10.0068 5272 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/24 09:11:10.0140 5272 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/24 09:11:10.0322 5272 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys

2011/05/24 09:11:10.0347 5272 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/05/24 09:11:10.0437 5272 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/05/24 09:11:10.0469 5272 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/05/24 09:11:10.0499 5272 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/24 09:11:10.0529 5272 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/05/24 09:11:10.0623 5272 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/05/24 09:11:10.0681 5272 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys

2011/05/24 09:11:10.0763 5272 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/24 09:11:10.0811 5272 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/24 09:11:10.0851 5272 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/24 09:11:11.0002 5272 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/24 09:11:11.0153 5272 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/05/24 09:11:11.0358 5272 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/05/24 09:11:11.0591 5272 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/05/24 09:11:11.0702 5272 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/05/24 09:11:12.0025 5272 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/05/24 09:11:12.0201 5272 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/05/24 09:11:12.0295 5272 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\Windows\system32\drivers\mfeapfk.sys

2011/05/24 09:11:12.0428 5272 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\Windows\system32\drivers\mfeavfk.sys

2011/05/24 09:11:12.0526 5272 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\Windows\system32\drivers\mfebopk.sys

2011/05/24 09:11:12.0573 5272 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\Windows\system32\drivers\mfehidk.sys

2011/05/24 09:11:12.0682 5272 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\Windows\system32\drivers\mferkdet.sys

2011/05/24 09:11:12.0780 5272 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\Windows\system32\drivers\mfetdik.sys

2011/05/24 09:11:12.0843 5272 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/05/24 09:11:12.0948 5272 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/24 09:11:13.0111 5272 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/24 09:11:13.0254 5272 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/24 09:11:13.0506 5272 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/05/24 09:11:13.0823 5272 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys

2011/05/24 09:11:14.0118 5272 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/24 09:11:14.0315 5272 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/05/24 09:11:14.0543 5272 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/05/24 09:11:14.0715 5272 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/24 09:11:14.0798 5272 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/24 09:11:14.0935 5272 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/24 09:11:15.0026 5272 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2011/05/24 09:11:15.0136 5272 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys

2011/05/24 09:11:15.0246 5272 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/05/24 09:11:15.0380 5272 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/05/24 09:11:15.0546 5272 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/24 09:11:15.0629 5272 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/24 09:11:15.0751 5272 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/05/24 09:11:15.0860 5272 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/05/24 09:11:16.0001 5272 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/24 09:11:16.0239 5272 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/05/24 09:11:16.0460 5272 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/05/24 09:11:16.0541 5272 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/24 09:11:16.0842 5272 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/05/24 09:11:17.0104 5272 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/24 09:11:17.0380 5272 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/24 09:11:17.0512 5272 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/24 09:11:17.0633 5272 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/05/24 09:11:17.0718 5272 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/24 09:11:17.0764 5272 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/24 09:11:18.0005 5272 NETw5v32 (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/05/24 09:11:18.0693 5272 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/05/24 09:11:18.0964 5272 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/05/24 09:11:19.0034 5272 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/24 09:11:19.0207 5272 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/05/24 09:11:19.0459 5272 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/05/24 09:11:19.0542 5272 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/05/24 09:11:19.0643 5272 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys

2011/05/24 09:11:19.0932 5272 nvlddmkm (dfc0fd2417ebe4c32609d9f9581c630c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/24 09:11:20.0187 5272 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/05/24 09:11:20.0303 5272 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/05/24 09:11:20.0506 5272 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/05/24 09:11:20.0972 5272 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/05/24 09:11:21.0335 5272 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2011/05/24 09:11:21.0574 5272 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/05/24 09:11:21.0905 5272 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/24 09:11:22.0122 5272 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/05/24 09:11:22.0278 5272 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/05/24 09:11:22.0463 5272 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/05/24 09:11:22.0625 5272 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/05/24 09:11:22.0955 5272 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/24 09:11:23.0373 5272 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys

2011/05/24 09:11:23.0646 5272 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

2011/05/24 09:11:23.0841 5272 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/24 09:11:24.0022 5272 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/05/24 09:11:24.0144 5272 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/05/24 09:11:24.0197 5272 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/24 09:11:24.0305 5272 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/24 09:11:24.0420 5272 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/24 09:11:24.0482 5272 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/24 09:11:24.0533 5272 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/24 09:11:24.0616 5272 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/24 09:11:24.0723 5272 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/24 09:11:24.0790 5272 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/24 09:11:24.0865 5272 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/05/24 09:11:24.0956 5272 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/24 09:11:25.0018 5272 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/05/24 09:11:25.0157 5272 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/24 09:11:25.0262 5272 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/05/24 09:11:25.0333 5272 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/05/24 09:11:25.0452 5272 SCMUSB (506756631a4775dc0e7ed61d24739df4) C:\Windows\system32\DRIVERS\stcusb.sys

2011/05/24 09:11:25.0537 5272 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\Windows\system32\DRIVERS\SCR3XX2K.sys

2011/05/24 09:11:25.0624 5272 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/05/24 09:11:25.0664 5272 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/24 09:11:25.0727 5272 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/24 09:11:25.0836 5272 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2011/05/24 09:11:25.0914 5272 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/05/24 09:11:26.0049 5272 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/05/24 09:11:26.0113 5272 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/24 09:11:26.0208 5272 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/24 09:11:26.0267 5272 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/05/24 09:11:26.0317 5272 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/05/24 09:11:26.0423 5272 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/05/24 09:11:26.0472 5272 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/05/24 09:11:26.0534 5272 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/05/24 09:11:26.0660 5272 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/05/24 09:11:26.0759 5272 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/05/24 09:11:27.0004 5272 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/24 09:11:27.0187 5272 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/24 09:11:27.0510 5272 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/24 09:11:27.0728 5272 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/05/24 09:11:27.0875 5272 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/05/24 09:11:27.0988 5272 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/05/24 09:11:28.0264 5272 SynTP (337eb83164f8bbf79c5d2e45da7bdc51) C:\Windows\system32\DRIVERS\SynTP.sys

2011/05/24 09:11:28.0588 5272 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/05/24 09:11:28.0721 5272 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/24 09:11:28.0850 5272 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/24 09:11:28.0911 5272 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/05/24 09:11:29.0038 5272 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/05/24 09:11:29.0099 5272 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/24 09:11:29.0136 5272 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/24 09:11:29.0268 5272 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys

2011/05/24 09:11:29.0375 5272 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/24 09:11:29.0459 5272 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/24 09:11:29.0590 5272 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/05/24 09:11:29.0656 5272 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/24 09:11:29.0708 5272 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/24 09:11:29.0823 5272 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/05/24 09:11:29.0891 5272 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/05/24 09:11:29.0991 5272 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/05/24 09:11:30.0081 5272 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/24 09:11:30.0138 5272 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/24 09:11:30.0242 5272 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys

2011/05/24 09:11:30.0313 5272 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/05/24 09:11:30.0427 5272 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/24 09:11:30.0484 5272 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/24 09:11:30.0515 5272 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/24 09:11:30.0619 5272 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2011/05/24 09:11:30.0706 5272 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/24 09:11:30.0706 5272 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: be3da31c191bc222d9ad503c5224f2ad

2011/05/24 09:11:30.0710 5272 USBSTOR - detected LockedFile.Multi.Generic (1)

2011/05/24 09:11:30.0801 5272 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/24 09:11:30.0905 5272 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/05/24 09:11:31.0091 5272 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/24 09:11:31.0256 5272 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/05/24 09:11:31.0447 5272 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/05/24 09:11:31.0668 5272 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/05/24 09:11:31.0822 5272 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/05/24 09:11:31.0928 5272 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/05/24 09:11:32.0128 5272 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/05/24 09:11:32.0449 5272 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys

2011/05/24 09:11:32.0451 5272 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093

2011/05/24 09:11:32.0457 5272 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/05/24 09:11:32.0567 5272 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/05/24 09:11:32.0637 5272 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/05/24 09:11:32.0671 5272 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 09:11:32.0682 5272 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 09:11:32.0802 5272 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/05/24 09:11:32.0856 5272 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/24 09:11:33.0059 5272 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/24 09:11:33.0205 5272 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/05/24 09:11:33.0289 5272 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/24 09:11:33.0414 5272 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/24 09:11:33.0479 5272 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/05/24 09:11:33.0487 5272 ================================================================================

2011/05/24 09:11:33.0487 5272 Scan finished

2011/05/24 09:11:33.0487 5272 ================================================================================

2011/05/24 09:11:33.0504 3832 Detected object count: 2

2011/05/24 09:11:33.0504 3832 Actual detected object count: 2

2011/05/24 09:11:51.0403 3832 LockedFile.Multi.Generic(USBSTOR) - User select action: Skip

2011/05/24 09:11:51.0537 3832 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys

2011/05/24 09:11:51.0539 3832 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093

2011/05/24 09:11:51.0916 3832 Backup copy found, using it..

2011/05/24 09:11:51.0949 3832 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot

2011/05/24 09:11:51.0949 3832 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure

2011/05/24 09:12:02.0170 5860 Deinitialize success

Link to post
Share on other sites

Hopefully this lasts more than a day

I'm sure it will!

Your Computer is Clean

mr-clean.gif

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Secunia software inspector & update checker

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.