Jump to content
NextUser

Windows Server 2003 R2 Browser Hijack

Recommended Posts

Windows Server 2003 R2 Browser Hijack

Our Windows Server (2003 R2) was hit with icityfind.com browser hijack. We have run Malwarebytes and it found the virus and successfully quarantined it. Additional scans using Malwarebytes show no infections. However, the browser hijack persists and it affects IE and Firefox and Chrome can't access the net.

We'd like to eliminate the lingering browser redirects. Any help would be greatly appreciated.

Action taken so far: DDS.scr does not run on Windows Server 2003 R2.

Share this post


Link to post
Share on other sites

Windows Server 2003 R2 Browser Hijack

Our Windows Server (2003 R2) was hit with icityfind.com browser hijack. We have run Malwarebytes and it found the virus and successfully quarantined it. Additional scans using Malwarebytes show no infections. However, the browser hijack persists and it affects IE and Firefox and Chrome can't access the net.

We'd like to eliminate the lingering browser redirects. Any help would be greatly appreciated.

Action taken so far: DDS.scr does not run on Windows Server 2003 R2.

Here is the Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:43:54 PM, on 6/7/2011

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.17096)

Boot mode: Normal

Running processes:

C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe

C:\WINDOWS\system32\Dfssvc.exe

C:\WINDOWS\System32\dns.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

C:\WINDOWS\system32\ntfrs.exe

D:\PVSW\BIN\W3SQLMGR.EXE

D:\PVSW\BIN\NTBTRV.EXE

D:\PVSW\BIN\NTDBSMGR.EXE

C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lserver.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\System32\logon.scr

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Windent6\AAI6.EXE

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Windent6\AAI6.EXE

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Windent6\AAI6.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Windent6\AAI6.EXE

D:\Windent6\AAI6.EXE

C:\WINDOWS\system32\scrnsave.scr

D:\Windent6\AAI6.EXE

D:\Windent6\AAI6.EXE

D:\Windent6\AAI6.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

C:\WINDOWS\system32\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1111\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1114\..\Run: [] (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1115\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1120\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1121\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1123\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1125\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1130\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-1136\..\Run: [] (User '?')

O4 - HKUS\S-1-5-21-527237240-706699826-1417001333-500\..\Run: [] (User '?')

O4 - HKUS\S-1-5-18\..\Run: [] (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing

O15 - ESC Trusted Zone: http://pv-mirror01.mozilla.org

O15 - ESC Trusted Zone: http://mozilla.c3sl.ufpr.br

O15 - ESC Trusted Zone: http://mozilla.cs.utah.edu

O15 - ESC Trusted Zone: http://m.webtrends.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207081610743

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213044543890

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = C.S.Com

O17 - HKLM\Software\..\Telephony: DomainName = C.S.Com

O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF67243-7EA6-4DDA-A280-28026EE95449}: Domain = C.S.Com

O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF67243-7EA6-4DDA-A280-28026EE95449}: NameServer = 192.168.1.20

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = C.S.Com

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\Administrator\WINDOWS\system32\browseui.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\Administrator\WINDOWS\system32\browseui.dll (file missing)

O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

O23 - Service: Citrix Secure Access Client Service (nsverctl) - Citrix Systems, Inc - C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

O23 - Service: Pervasive.SQL 2000 (relational) - Pervasive Software Inc. - D:\PVSW\BIN\W3SQLMGR.EXE

O23 - Service: Pervasive.SQL 2000 (transactional) - Unknown owner - D:\PVSW\BIN\NTBTRV.EXE

O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe

--

End of file - 10727 bytes

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Share this post


Link to post
Share on other sites

As requested, here is the log from TDSSKiller:

2011/06/07 22:07:43.0187 3852 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/07 22:07:43.0437 3852 ================================================================================

2011/06/07 22:07:43.0437 3852 SystemInfo:

2011/06/07 22:07:43.0437 3852

2011/06/07 22:07:43.0437 3852 OS Version: 5.2.3790 ServicePack: 2.0

2011/06/07 22:07:43.0437 3852 Product type: Domain controller

2011/06/07 22:07:43.0437 3852 ComputerName: SERVER

2011/06/07 22:07:43.0437 3852 UserName: administrator

2011/06/07 22:07:43.0437 3852 Windows directory: C:\Documents and Settings\Administrator\WINDOWS

2011/06/07 22:07:43.0437 3852 System windows directory: C:\WINDOWS

2011/06/07 22:07:43.0437 3852 Processor architecture: Intel x86

2011/06/07 22:07:43.0437 3852 Number of processors: 4

2011/06/07 22:07:43.0437 3852 Page size: 0x1000

2011/06/07 22:07:43.0437 3852 Boot type: Normal boot

2011/06/07 22:07:43.0437 3852 ================================================================================

2011/06/07 22:07:43.0687 3852 Initialize success

2011/06/07 22:07:50.0609 8168 ================================================================================

2011/06/07 22:07:50.0609 8168 Scan started

2011/06/07 22:07:50.0609 8168 Mode: Manual;

2011/06/07 22:07:50.0609 8168 ================================================================================

2011/06/07 22:07:51.0859 8168 acfva (65d3ea1def2036191668e933aad22445) C:\WINDOWS\system32\DRIVERS\acfva.sys

2011/06/07 22:07:51.0890 8168 ACPI (a0a850bac6f8a88ad0fc964c6bea170d) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/07 22:07:51.0906 8168 ACPIEC (043c89cc533ff546d835cb998b95b198) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/07 22:07:51.0968 8168 adpu160m (bbe35985c5e9e5ed87b8c1dad5b7d725) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/07 22:07:51.0984 8168 adpu320 (5a23754571bbfa93564c04e7a20b1762) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/06/07 22:07:52.0015 8168 afcnt (2dad567d6c05b12db4567860a6256ac2) C:\WINDOWS\system32\DRIVERS\afcnt.sys

2011/06/07 22:07:52.0046 8168 AFD (5b69998f9d6ac16e25ffd7c690de54f5) C:\WINDOWS\System32\drivers\afd.sys

2011/06/07 22:07:52.0093 8168 agp440 (b9985042687a43685fc64b282b627653) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/07 22:07:52.0109 8168 agpCPQ (4139c312858d6050489ade2984ceb648) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/07 22:07:52.0125 8168 aic78u2 (b06e2a2a7ceb0ef894520cafc2f1feaf) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/07 22:07:52.0156 8168 aic78xx (ec7d7f96e97bad83a0b8a96969d19f2d) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/07 22:07:52.0218 8168 AliIde (4790a743b00358c186e19f6b49791d6a) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/07 22:07:52.0234 8168 alim1541 (91b0a16ef9fc504865a94bbdb4623a1f) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/07 22:07:52.0265 8168 amdagp (557eaea1343554571456dc363feed2ee) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/07 22:07:52.0281 8168 AmdIde (d175d3c400a412b9cb2095e452afbbb0) C:\WINDOWS\system32\DRIVERS\amdide.sys

2011/06/07 22:07:52.0312 8168 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/06/07 22:07:52.0343 8168 arc (a9c7273645a06a01ac2ca070d7d7ec87) C:\WINDOWS\system32\DRIVERS\arc.sys

2011/06/07 22:07:52.0375 8168 AsyncMac (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/07 22:07:52.0390 8168 atapi (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/07 22:07:52.0546 8168 ati2mtag (fb61579b321953e2dfc92a1cc12be2c6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/07 22:07:52.0625 8168 Atmarpc (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/07 22:07:52.0656 8168 audstub (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/07 22:07:52.0703 8168 b06bdrv (90f73770f2330045ba975e943c584d2b) C:\WINDOWS\system32\DRIVERS\bxvbdx.sys

2011/06/07 22:07:52.0750 8168 Beep (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/07 22:07:52.0812 8168 cag (1c0733bb218bb9da1ac7281a9b3c727d) C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys

2011/06/07 22:07:52.0859 8168 cbidf (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/07 22:07:52.0875 8168 cbidf2k (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/07 22:07:52.0890 8168 cd20xrnt (431d1b3dc3de617da27055c87b424a21) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/07 22:07:52.0921 8168 Cdfs (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/07 22:07:52.0937 8168 Cdrom (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/07 22:07:53.0015 8168 ClusDisk (54308cdf97622fae1620bb1ec39ef014) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys

2011/06/07 22:07:53.0031 8168 CmdIde (c40fb2610969b282cb0873ca8030a884) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/07 22:07:53.0078 8168 Compbatt (1dcbf98f0fa712e384a1a2926f774673) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/07 22:07:53.0109 8168 Cpqarray (126d049a6e6b6cb8df1c69d3e2a8c0c4) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/07 22:07:53.0140 8168 cpqarry2 (d31cb94a4acad58abb6cf74b7ef1ce1f) C:\WINDOWS\system32\DRIVERS\cpqarry2.sys

2011/06/07 22:07:53.0156 8168 cpqcissm (0c5dcc2df112b7352b9427d943cf56bc) C:\WINDOWS\system32\DRIVERS\cpqcissm.sys

2011/06/07 22:07:53.0187 8168 cpqfcalm (fed86c9f250fc641b37c933e4c214a8a) C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys

2011/06/07 22:07:53.0203 8168 crcdisk (0ee27d9dbb208c13314f3c60f66aed26) C:\WINDOWS\system32\DRIVERS\crcdisk.sys

2011/06/07 22:07:53.0250 8168 ctxva51 (1207e2a67f5b11df34fb3dd9f0ec607f) C:\WINDOWS\system32\DRIVERS\ctxva51.sys

2011/06/07 22:07:53.0265 8168 dac2w2k (8ce90c5c311592273ab0fb39a2d23896) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/07 22:07:53.0281 8168 dac960nt (19b8202934b660c4ec2e64354437a854) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/07 22:07:53.0328 8168 DCDisk (11179bba0c9840f7f44cb786b5228bfa) C:\WINDOWS\system32\drivers\DCDisk.sys

2011/06/07 22:07:53.0359 8168 dcsnap (029f86c522b792e926cd05efadc01871) C:\WINDOWS\system32\drivers\dcsnap.sys

2011/06/07 22:07:53.0375 8168 dellcerc (264e592a99801b682c98984588a7d7b5) C:\WINDOWS\system32\DRIVERS\dellcerc.sys

2011/06/07 22:07:53.0421 8168 DfsDriver (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys

2011/06/07 22:07:53.0437 8168 Disk (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/07 22:07:53.0468 8168 dmboot (89fa376d83042f6f1aed505106a5719d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/07 22:07:53.0500 8168 dmio (15081421ee62dc1c95abb387d9081571) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/07 22:07:53.0515 8168 dmload (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/07 22:07:53.0562 8168 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/06/07 22:07:53.0593 8168 dpti2o (110406bc22a72e2dcbb0a86e0542ab1c) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/07 22:07:53.0703 8168 Fastfat (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/07 22:07:53.0718 8168 Fdc (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/07 22:07:53.0765 8168 Fips (b485ac2edc466c538bdff32bc3f2e506) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/07 22:07:53.0781 8168 Flpydisk (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/07 22:07:53.0796 8168 FltMgr (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/07 22:07:53.0828 8168 Fs_Rec (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/07 22:07:53.0843 8168 Ftdisk (4c533b70afa917416aec57fcbeecb57d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/07 22:07:53.0875 8168 Gpc (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/07 22:07:53.0906 8168 HidBatt (973deed6f882ae8282d4c4c69db7e85f) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

2011/06/07 22:07:53.0937 8168 HidUsb (90a325e14f9b95f17712707b1a7181b5) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/07 22:07:53.0968 8168 hpcisss (8a445379d6e73731a6a37318dbb0c880) C:\WINDOWS\system32\DRIVERS\hpcisss.sys

2011/06/07 22:07:54.0000 8168 hpdat (40d1a6846e9b49cf0d494ef02ad86197) C:\WINDOWS\system32\DRIVERS\hpdat.sys

2011/06/07 22:07:54.0015 8168 hpn (cf54b5f4192fa5f669d13ee700fc9dce) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/07 22:07:54.0046 8168 hpt3xx (d3704da43183412dfa0dc1f31051d447) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2011/06/07 22:07:54.0109 8168 HTTP (3bd2fe8101ba82f09ef3a35655ae52db) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/07 22:07:54.0125 8168 i2omgmt (f198c5ba41cd0f3983ddad09eaf77300) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/07 22:07:54.0156 8168 i2omp (615395fc46eeea7e7e822d4be8006862) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/07 22:07:54.0171 8168 i8042prt (68e8ff9eeaf8b37a66cac2c57835ffbd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/07 22:07:54.0203 8168 iirsp (aa9ab3b793401463bb938adef5fa8266) C:\WINDOWS\system32\DRIVERS\iirsp.sys

2011/06/07 22:07:54.0218 8168 imapi (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/07 22:07:54.0250 8168 IntelIde (1690a4be249ba6195ba7258943cada58) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/07 22:07:54.0281 8168 intelppm (7d7575b971b3a0fe26fac6f5d58f5180) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/07 22:07:54.0312 8168 Ip6Fw (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/07 22:07:54.0343 8168 IpNat (890e7a14a63aec2ea9257a79a88be784) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/07 22:07:54.0375 8168 IPSec (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/07 22:07:54.0390 8168 ipsraidn (c8594550880b16a31c99ec42b106e14f) C:\WINDOWS\system32\DRIVERS\ipsraidn.sys

2011/06/07 22:07:54.0406 8168 IRENUM (11407ee682a2d5b0248de8af0f1a6996) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/07 22:07:54.0437 8168 isapnp (b71ba04a3b5d4404225ccdbf1969078f) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/07 22:07:54.0468 8168 Kbdclass (e5097a07e14f36abc21fa18d88f93655) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/07 22:07:54.0500 8168 kbdhid (665f2ae9286dbb05b045ccc02f7bc2f8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/07 22:07:54.0546 8168 KSecDD (9a99005e1a41ab360de231fb8e2f6184) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/07 22:07:54.0562 8168 l2nd (a1a45ded2e4b9b92fe83a183347f0192) C:\WINDOWS\system32\DRIVERS\bxnd52x.sys

2011/06/07 22:07:54.0625 8168 lp6nds35 (fdd8ba3317e07f2e5af608468821a093) C:\WINDOWS\system32\DRIVERS\lp6nds35.sys

2011/06/07 22:07:54.0687 8168 mdmxsdk (9aa0aed1ae4dd6353b4b799d7e13af95) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/07 22:07:54.0718 8168 mnmdd (c35bb38904d843c0465858195b30dab7) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/07 22:07:54.0750 8168 Modem (81ec1c6d3798b36a92a6d7a355ba2c62) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/07 22:07:54.0781 8168 MODEMCSA (1d0e6fe331a7b0017dc8f624cb9e16ef) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/06/07 22:07:54.0796 8168 Mouclass (aa50da5ab638ce0bab5f7d5d633110c2) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/07 22:07:54.0812 8168 mouhid (6824b20127716121b53a2ec2bd6739b7) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/07 22:07:54.0843 8168 MountMgr (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/07 22:07:54.0859 8168 mraid35x (4fa93ba7ae719fb6c0a2be09ac357863) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/07 22:07:54.0906 8168 MRxDAV (ab6db63a1791f8e86b085291686464fd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/07 22:07:54.0937 8168 MRxSmb (47dd438866805cc6752456ec6b963c65) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/07 22:07:54.0984 8168 Msfs (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/07 22:07:55.0031 8168 MSKSSRV (baa279ecaaff6564ba289d38be2e1e83) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/07 22:07:55.0046 8168 MSPCLOCK (5d3de11af7f2adf006fb723b0f6b2afa) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/07 22:07:55.0062 8168 MSPQM (ee4171d3f3ceaa7386561aad262f8bd3) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/07 22:07:55.0093 8168 mssmbios (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/07 22:07:55.0125 8168 Mup (e0c7b0d27376d7341fc0a0797476adec) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/07 22:07:55.0140 8168 NDIS (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/07 22:07:55.0156 8168 NdisTapi (bbab8ce7a8d2b1302da0b03825d9cae4) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/07 22:07:55.0187 8168 Ndisuio (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/07 22:07:55.0203 8168 NdisWan (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/07 22:07:55.0234 8168 NDProxy (5298ed90bbe5c5eeedc363eed2888a25) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/07 22:07:55.0265 8168 NetBIOS (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/07 22:07:55.0281 8168 NetBT (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/07 22:07:55.0328 8168 nfrd960 (802ab2e85621288fe716a8c91df733fb) C:\WINDOWS\system32\DRIVERS\nfrd960.sys

2011/06/07 22:07:55.0375 8168 Npfs (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/07 22:07:55.0421 8168 Ntfs (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/07 22:07:55.0453 8168 Null (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys

2011/06/07 22:07:55.0484 8168 nv_agp (238114d2b9da5a26cd4f6aa7c7687b29) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2011/06/07 22:07:55.0500 8168 Parport (ee3333b36deb86a0d472f037172da10a) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/07 22:07:55.0531 8168 PartMgr (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/07 22:07:55.0546 8168 Parvdm (a9d29f3d7ae71b7ea721b53a0c436c66) C:\WINDOWS\system32\DRIVERS\parvdm.sys

2011/06/07 22:07:55.0593 8168 PCI (8217000e5c53ce823b3111f339e47c41) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/07 22:07:55.0609 8168 PCIIde (7e3fb50aa22d4ed883c6abdd40e9c60b) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/07 22:07:55.0640 8168 Pcmcia (fc9f4c9c73e9698357c836be4628a299) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/07 22:07:55.0765 8168 perc2 (3472492c0f61f4c5e5e79ee5617acf31) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/07 22:07:55.0796 8168 perc2hib (f7a93284fd163f337c931863c95bdd23) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/07 22:07:55.0828 8168 percsas (6d6cd2ca7c343aaed14ceaf6c84f6810) C:\WINDOWS\system32\DRIVERS\percsas.sys

2011/06/07 22:07:55.0906 8168 PptpMiniport (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/07 22:07:55.0921 8168 Processor (1872fd9ebf85d7375bfa53f36663a699) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/07 22:07:55.0953 8168 Ptilink (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/07 22:07:55.0984 8168 ql1080 (8485bd4c7a781fd1754ff42b1dc36a9a) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/07 22:07:56.0000 8168 Ql10wnt (fe6256e7714e96df9e8df44a9f3db791) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/07 22:07:56.0031 8168 ql12160 (ca811eaeb772d19a8d37db71564368f9) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/07 22:07:56.0046 8168 ql1240 (7e88fd1baa8b3e6510e83a62040582d6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/07 22:07:56.0062 8168 ql1280 (d78e91dace023a05faaf5ee6ce7f289c) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/07 22:07:56.0093 8168 ql2100 (e6bdb78d0f8108487709ead87ac848da) C:\WINDOWS\system32\DRIVERS\ql2100.sys

2011/06/07 22:07:56.0109 8168 ql2200 (c6587711b694feb0521ae2639307cf59) C:\WINDOWS\system32\DRIVERS\ql2200.sys

2011/06/07 22:07:56.0156 8168 ql2300 (5d60b4db95d1a85fe102217f815696a3) C:\WINDOWS\system32\DRIVERS\ql2300.sys

2011/06/07 22:07:56.0187 8168 RasAcd (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/07 22:07:56.0218 8168 Rasl2tp (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/07 22:07:56.0234 8168 RasPppoe (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/07 22:07:56.0265 8168 Raspti (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/07 22:07:56.0328 8168 Rdbss (4496b15c44ccb703fbc54f2cf5b67f15) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/07 22:07:56.0343 8168 RDPCDD (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/07 22:07:56.0390 8168 rdpdr (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/07 22:07:56.0406 8168 RDPWD (477d7af3c3583eb85e23375225650b1c) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/07 22:07:56.0437 8168 redbook (c6f8751f3263603935866e71629cfae4) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/07 22:07:56.0500 8168 sacdrv (34d79729d6e4d1289e08322405045085) C:\WINDOWS\system32\drivers\sacdrv.sys

2011/06/07 22:07:56.0546 8168 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys

2011/06/07 22:07:56.0593 8168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/07 22:07:56.0640 8168 serenum (b261d4597bf9a2723b7020207260c72a) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/07 22:07:56.0656 8168 Serial (95768fde08dd34089aa90dccb5537704) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/07 22:07:56.0687 8168 Sfloppy (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/07 22:07:56.0750 8168 sisagp (e7a36be30c0bd75eeefc4099ca5429aa) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/07 22:07:56.0796 8168 Srv (e8b1a07774a9e4fec3105cbad49bf289) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/07 22:07:56.0859 8168 swenum (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/07 22:07:56.0890 8168 symc810 (3d05bfdaef2d2d7eed998ba126fb3466) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/07 22:07:56.0906 8168 symc8xx (57f992062e8ff2d37572ec5823f956e7) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/07 22:07:56.0921 8168 symmpi (868204832e011e2d64281d7eabee572e) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2011/06/07 22:07:56.0953 8168 sym_hi (1fbddf0dc4583922c904195823ebd795) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/07 22:07:56.0968 8168 sym_u3 (ebd31469527afa05814b3d1a140c24e2) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/07 22:07:57.0031 8168 Tcpip (238dc2b879d1b37b91f8d5d44f3815d3) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/07 22:07:57.0062 8168 TDPIPE (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/07 22:07:57.0078 8168 TDTCP (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/07 22:07:57.0109 8168 TermDD (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/07 22:07:57.0156 8168 TosIde (d5a95a19ca6e79633afde86fb8d039fd) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/07 22:07:57.0203 8168 Udfs (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/07 22:07:57.0218 8168 uliagpkx (cba54e96b4f5ba978b325ae4cc58d392) C:\WINDOWS\system32\DRIVERS\uliagpkx.sys

2011/06/07 22:07:57.0234 8168 ultra (b4bfee4ae295853065f1695a196d9790) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/07 22:07:57.0265 8168 Update (424421053064846a85d32b048ea27e7e) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/07 22:07:57.0312 8168 usbccgp (185959a7fccfd38aa71a274ae6252b88) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/07 22:07:57.0328 8168 usbehci (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/07 22:07:57.0359 8168 usbhub (5b938480456d22531e3d4b5e0cb3a45d) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/07 22:07:57.0375 8168 usbohci (910b3b46da0fb5520988f351d0719342) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/07 22:07:57.0406 8168 USBSTOR (d0740ff9f7e819486e88096826b4dc37) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/07 22:07:57.0437 8168 usbuhci (cbd3053337bb475f442a892edf671312) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/07 22:07:57.0468 8168 vga (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys

2011/06/07 22:07:57.0484 8168 VgaSave (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys

2011/06/07 22:07:57.0515 8168 viaagp (8f411df1fc53e2f8581f125b40674ee1) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/07 22:07:57.0546 8168 ViaIde (19a9a290823d0fdf7316440922da175e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/07 22:07:57.0562 8168 VolSnap (030ff037bc02c2309ffaed83210a8c96) C:\WINDOWS\system32\DRIVERS\volsnap.sys

2011/06/07 22:07:57.0562 8168 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\volsnap.sys. Real md5: 030ff037bc02c2309ffaed83210a8c96, Fake md5: 45ae67c387a640ec6e228f30d421f088

2011/06/07 22:07:57.0578 8168 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/06/07 22:07:57.0625 8168 Wanarp (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/07 22:07:57.0656 8168 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/06/07 22:07:57.0750 8168 WLBS (d346e2f289f23e557ddfb9132d1dab35) C:\WINDOWS\system32\DRIVERS\wlbs.sys

2011/06/07 22:07:57.0843 8168 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/06/07 22:07:57.0843 8168 ================================================================================

2011/06/07 22:07:57.0843 8168 Scan finished

2011/06/07 22:07:57.0843 8168 ================================================================================

2011/06/07 22:07:57.0859 4992 Detected object count: 1

2011/06/07 22:07:57.0859 4992 Actual detected object count: 1

2011/06/07 22:08:26.0375 4992 VolSnap (030ff037bc02c2309ffaed83210a8c96) C:\WINDOWS\system32\DRIVERS\volsnap.sys

2011/06/07 22:08:26.0375 4992 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\volsnap.sys. Real md5: 030ff037bc02c2309ffaed83210a8c96, Fake md5: 45ae67c387a640ec6e228f30d421f088

2011/06/07 22:08:27.0031 4992 Backup copy found, using it..

2011/06/07 22:08:27.0031 4992 C:\WINDOWS\system32\DRIVERS\volsnap.sys - will be cured after reboot

2011/06/07 22:08:27.0031 4992 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure

2011/06/07 22:08:37.0359 5128 Deinitialize success

Share this post


Link to post
Share on other sites

An additional question: The Hijack.StartMenu that Malwarebytes found destroyed most of the Start Menu structure. Many of the previously populated walk-out menus just read "empty" now. Is there a tool to reverse the affects of the Start Menu Hijack?

Share this post


Link to post
Share on other sites

Hi,

That was actually caused by the infection and not by MBAM.

Please download Unhide.exe by Grinler and save it to your Desktop.

Run it, then restart your computer.

Share this post


Link to post
Share on other sites

Ok. I suspected it was the hijack that wiped out the menu and not MBAM. Thanks for suggesting the unhide program. The system appears to be stable now.

Thanks for your help! Its appreciated!

Share this post


Link to post
Share on other sites

Great!

Let's make sure everything is gone.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.