Jump to content

internet explorer home page hijacked


cmsaad

Recommended Posts

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

i cannot run gemr rootkit. first time gave me blue screen shut down. second time program shut down within windows.

Database version: 7659

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

9/5/2011 9:33:11 PM

mbam-log-2011-09-05 (21-33-11).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 340836

Time elapsed: 3 hour(s), 51 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Viviane A. Saad at 11:10:19 on 2011-09-08

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.775 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Windows\sttray.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Program Files\Skype\Phone\Skype.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.msn.cm/

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?bae73d1a2d7440708708acb16bb3049b

IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?bae73d1a2d7440708708acb16bb3049b

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

Trusted Zone: lbcgroup.tv\www

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{59E3D300-A325-4285-BDE0-DEA181990604} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{96C29FA6-47B1-4F5E-BFBC-54BEE3387C89} : DhcpNameServer = 192.168.132.1

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\windows\system32\guard32.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 69.10.51.38 a1.review.zdnet.com

Hosts: 69.10.51.38 d1.reviews.cnet.com

Hosts: 69.10.51.38 reviews.riverstreams.co.uk

Hosts: 69.10.51.38 reviews.download.com

Hosts: 69.10.51.38 review.2009softwarereviews.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-2-3 340016]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-2-3 652336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110901.001\BHDrvx86.sys [2011-9-1 815736]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110907.030\IDSvix86.sys [2011-9-8 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-2-3 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-2-3 330360]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-2-3 130000]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-4-25 29744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-08 12:32:35 -------- d-----w- c:\users\viviane a. saad\appdata\local\{5F5BD3C5-47E8-4485-BFB6-67CFDDBDE341}

2011-09-08 12:31:39 -------- d-----w- c:\users\viviane a. saad\appdata\local\{9F999F8B-0ECD-41CF-8095-9D1662E21575}

2011-09-07 21:58:59 -------- d-----w- c:\users\viviane a. saad\appdata\local\{4B93695E-37A3-4DDC-9DCA-34AD664CBF48}

2011-09-07 21:58:42 -------- d-----w- c:\users\viviane a. saad\appdata\local\{131C8ED1-6C36-47DE-824E-AAE5C8D5DEB0}

2011-09-07 07:39:24 -------- d-----w- c:\users\viviane a. saad\appdata\local\{798AA73A-710F-422A-9FE9-F328D6BA55F7}

2011-09-07 07:38:54 -------- d-----w- c:\users\viviane a. saad\appdata\local\{61ACC2E6-D854-462B-913D-D9B39699CCBA}

2011-09-06 15:25:28 -------- d-----w- c:\users\viviane a. saad\appdata\local\{7A3B211F-D7BE-4393-B90F-5D5832FE9889}

2011-09-06 15:25:09 -------- d-----w- c:\users\viviane a. saad\appdata\local\{7309AB81-6F19-45A7-A375-7B50BAD1434A}

2011-09-06 01:09:42 -------- d-----w- c:\users\viviane a. saad\appdata\local\{8AEAB428-7860-458A-A580-7F730EDFEE08}

2011-09-06 01:09:13 -------- d-----w- c:\users\viviane a. saad\appdata\local\{3DF5104D-A76F-44F7-8B3B-3ABB3AD3E097}

2011-09-05 20:28:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-05 20:28:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 20:28:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-05 07:53:44 -------- d-----w- c:\users\viviane a. saad\appdata\local\{D6F9D631-C40C-46FD-99F8-7ABD08F26879}

2011-09-05 07:53:17 -------- d-----w- c:\users\viviane a. saad\appdata\local\{6D750B03-60B8-40FF-94D1-55F0E4969CF3}

2011-09-04 09:27:12 -------- d-----w- c:\users\viviane a. saad\appdata\local\{621757A1-9184-4CCE-B90E-D9E3D21867DD}

2011-09-04 09:26:37 -------- d-----w- c:\users\viviane a. saad\appdata\local\{C200A9A1-F25C-448D-9ED2-2CF7F5277E06}

2011-09-03 08:00:31 -------- d-----w- c:\users\viviane a. saad\appdata\local\{AA6F1A2E-F1F9-4F4D-BEA6-F16A4BCF8B67}

2011-09-03 08:00:09 -------- d-----w- c:\users\viviane a. saad\appdata\local\{B64819C3-CA7C-4DE7-9A27-DDD96E0691CA}

2011-09-02 14:42:10 -------- d-----w- c:\users\viviane a. saad\appdata\local\{16900F0F-6FD9-4B71-BF86-789B4299779B}

2011-09-02 14:41:52 -------- d-----w- c:\users\viviane a. saad\appdata\local\{53F39774-64DC-4E3A-93BA-2F8E04BD6E2A}

2011-09-01 23:36:46 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A8C89F32-A96A-461A-818F-57B6BF46F87D}

2011-09-01 23:36:33 -------- d-----w- c:\users\viviane a. saad\appdata\local\{83F7370F-65FB-4336-92E6-8CEF8E237D5D}

2011-08-31 19:05:33 -------- d-----w- c:\users\viviane a. saad\appdata\local\{3AF157F6-C2E4-4D6A-B7D5-0B01F14A399D}

2011-08-31 19:05:19 -------- d-----w- c:\users\viviane a. saad\appdata\local\{8B6F4B0D-49D9-47A7-9544-0FF538D8B556}

2011-08-31 04:51:35 -------- d-----w- c:\users\viviane a. saad\appdata\local\{BEE439F7-DC00-41A9-ACFE-4AF675145B7F}

2011-08-31 04:51:09 -------- d-----w- c:\users\viviane a. saad\appdata\local\{937B6C40-E6BB-46CA-9CDB-EE69470802C9}

2011-08-30 11:41:57 -------- d-----w- c:\users\viviane a. saad\appdata\local\{FF0D8EEA-EC25-4042-9DD7-D1E494C3282B}

2011-08-30 11:41:31 -------- d-----w- c:\users\viviane a. saad\appdata\local\{4B380CE0-F678-45FA-AFAB-770C957EF00C}

2011-08-29 17:29:16 -------- d-----w- c:\users\viviane a. saad\appdata\local\{8CE0B6B5-1556-42E4-A8A4-8237DF2FA8E2}

2011-08-29 17:29:02 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A57FEAAD-3A30-4DD5-8020-6EE4EC7ECF69}

2011-08-29 05:28:32 -------- d-----w- c:\users\viviane a. saad\appdata\local\{1BD9E5ED-FBA5-4945-8BEC-808D85AE120A}

2011-08-29 05:28:17 -------- d-----w- c:\users\viviane a. saad\appdata\local\{2450753D-4255-4D00-84DF-C3634CE97897}

2011-08-29 04:11:52 -------- d-----w- c:\users\viviane a. saad\appdata\local\{72BC1A57-B21E-4C90-8AAF-6EDF0F558962}

2011-08-28 14:40:23 -------- d-----w- c:\users\viviane a. saad\appdata\local\{629883D2-3391-4CAE-A40A-2E1DFD80128C}

2011-08-28 14:40:08 -------- d-----w- c:\users\viviane a. saad\appdata\local\{DF37D496-4BB3-4F78-A36D-923CFD876DB9}

2011-08-28 02:39:05 -------- d-----w- c:\users\viviane a. saad\appdata\local\{74F7B7DE-40D6-46F3-B019-23FCC9D4C9DA}

2011-08-28 02:38:39 -------- d-----w- c:\users\viviane a. saad\appdata\local\{3F9469C3-8A87-4EDB-B2F8-76DABE061158}

2011-08-27 11:58:35 -------- d-----w- c:\users\viviane a. saad\appdata\local\{E80D6139-FDF9-4CA7-BAD9-E010B85F204E}

2011-08-27 11:58:06 -------- d-----w- c:\users\viviane a. saad\appdata\local\{EFA65954-91A8-4252-B93C-2D28FC2DEBFC}

2011-08-26 22:43:27 -------- d-----w- c:\users\viviane a. saad\appdata\local\{54185598-14BD-4D4B-B12A-3926FC0D81BF}

2011-08-26 22:43:11 -------- d-----w- c:\users\viviane a. saad\appdata\local\{4B852362-1CB8-4369-812A-369701ADD60F}

2011-08-26 10:28:33 -------- d-----w- c:\users\viviane a. saad\appdata\local\{6D598991-1431-40B8-B957-C6F69FCCB201}

2011-08-26 10:28:07 -------- d-----w- c:\users\viviane a. saad\appdata\local\{4E797480-5C1F-4A46-8D2B-F7251273494B}

2011-08-25 17:46:48 -------- d-----w- c:\users\viviane a. saad\appdata\local\{8509C335-0994-4897-884F-9A545E7C1D91}

2011-08-25 17:46:07 -------- d-----w- c:\users\viviane a. saad\appdata\local\{20336764-8498-478B-B33D-EE2D48659A00}

2011-08-24 17:19:45 -------- d-----w- c:\users\viviane a. saad\appdata\local\{3C31DFB7-41A7-487D-8325-A60265FCA0D7}

2011-08-24 17:19:32 -------- d-----w- c:\users\viviane a. saad\appdata\local\{69522A57-55CC-40AE-BE15-909EA757A256}

2011-08-24 16:45:49 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 05:18:43 -------- d-----w- c:\users\viviane a. saad\appdata\local\{5FC09377-C6E2-47C1-8D7A-BCAA43D89CE0}

2011-08-24 05:18:23 -------- d-----w- c:\users\viviane a. saad\appdata\local\{27B47C0B-E3AB-4D89-BDEA-372DD8E11F43}

2011-08-23 17:03:09 -------- d-----w- c:\users\viviane a. saad\appdata\local\{F7239A56-694C-4852-A025-8C7A39E2E1C2}

2011-08-23 17:02:48 -------- d-----w- c:\users\viviane a. saad\appdata\local\{B2AF7F69-3078-4931-B792-2D1FF3839D80}

2011-08-23 04:42:14 -------- d-----w- c:\users\viviane a. saad\appdata\local\{71756AC5-76B3-4716-B253-F12CAB6A0229}

2011-08-23 04:41:43 -------- d-----w- c:\users\viviane a. saad\appdata\local\{782CD9E4-CC31-49E9-8A22-16F9B197E354}

2011-08-22 16:40:54 -------- d-----w- c:\users\viviane a. saad\appdata\local\{FF5EF277-F616-4351-B95B-84B5F57D8E05}

2011-08-22 16:40:38 -------- d-----w- c:\users\viviane a. saad\appdata\local\{C8AC7461-47B7-4BF4-B178-AAC37D95B322}

2011-08-22 03:01:29 -------- d-----w- c:\users\viviane a. saad\appdata\local\{DC4F9751-774E-4112-9CAD-C3CA6086CC13}

2011-08-22 03:01:15 -------- d-----w- c:\users\viviane a. saad\appdata\local\{0ED78F88-C28F-4FC0-B0F9-CF1116578540}

2011-08-21 15:00:37 -------- d-----w- c:\users\viviane a. saad\appdata\local\{ED8B656D-98C5-4121-A4FE-47BB22B069C5}

2011-08-21 15:00:24 -------- d-----w- c:\users\viviane a. saad\appdata\local\{D150DA81-E67F-4353-89D6-523524629C69}

2011-08-21 01:42:56 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A8D93646-6A50-4E72-978B-CF32F2435047}

2011-08-21 01:42:34 -------- d-----w- c:\users\viviane a. saad\appdata\local\{B9E3E7CF-B4FB-4A40-AA57-422280DB37EC}

2011-08-20 08:50:49 -------- d-----w- c:\users\viviane a. saad\appdata\local\{52D4A46E-26E7-4FA4-8EEF-6C19DA8E5749}

2011-08-20 08:50:23 -------- d-----w- c:\users\viviane a. saad\appdata\local\{D3F7055D-0648-482F-8635-85479B89F57D}

2011-08-19 19:51:40 -------- d-----w- c:\users\viviane a. saad\appdata\local\{D143E56A-6451-4CF9-9E84-B0BFE1A5CE00}

2011-08-19 19:51:27 -------- d-----w- c:\users\viviane a. saad\appdata\local\{62279BDE-CEA2-45CA-AB7C-4B6C25E78BBB}

2011-08-19 07:50:05 -------- d-----w- c:\users\viviane a. saad\appdata\local\{17B02016-2843-4840-8CA2-6830BC24C23A}

2011-08-19 07:49:43 -------- d-----w- c:\users\viviane a. saad\appdata\local\{9E3C21E9-BBB8-406F-A347-24E852FDA992}

2011-08-18 15:58:38 -------- d-----w- c:\users\viviane a. saad\appdata\local\{845384C6-2003-4B6F-AAA6-873BD30A77C8}

2011-08-18 15:58:20 -------- d-----w- c:\users\viviane a. saad\appdata\local\{81C2D4A4-3B00-486C-B7D7-E470E5DE9899}

2011-08-18 03:27:00 -------- d-----w- c:\users\viviane a. saad\appdata\local\{1D989FCC-BDC8-4FB1-97FE-C4F2D41626B4}

2011-08-18 03:26:46 -------- d-----w- c:\users\viviane a. saad\appdata\local\{624EB214-C5E0-490D-ACD6-195A82A1D60C}

2011-08-17 13:49:46 -------- d-----w- c:\users\viviane a. saad\appdata\local\{3E63F6F4-4F24-4CDA-A671-2F40678268CA}

2011-08-17 13:48:57 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A74CB849-FC51-4826-B0AC-E310F265E7A2}

2011-08-17 01:35:56 -------- d-----w- c:\users\viviane a. saad\appdata\local\{AAD96421-8B38-4EBD-A009-C4255BD9F3E7}

2011-08-17 01:35:18 -------- d-----w- c:\users\viviane a. saad\appdata\local\{28EB0661-209F-4B50-AA67-D8E597D0A1C8}

2011-08-16 10:39:52 -------- d-----w- c:\users\viviane a. saad\appdata\local\{6C3E97BF-E226-47EA-AF08-AE9B705B628B}

2011-08-16 10:39:37 -------- d-----w- c:\users\viviane a. saad\appdata\local\{DB8FC2EB-1656-42EA-B305-1FD251EBF1F6}

2011-08-15 16:44:48 -------- d-----w- c:\users\viviane a. saad\appdata\local\{CA788CAD-EB79-42DB-B415-DE26F6F488C6}

2011-08-15 16:44:33 -------- d-----w- c:\users\viviane a. saad\appdata\local\{C4C88219-117B-4E65-A81A-2D7F22BF6F1F}

2011-08-15 03:57:59 -------- d-----w- c:\users\viviane a. saad\appdata\local\{FA716940-7756-4806-8C7F-67A5E4A84E81}

2011-08-15 03:57:31 -------- d-----w- c:\users\viviane a. saad\appdata\local\{31A40D19-2209-40DF-B886-1780FF4954DD}

2011-08-14 14:53:54 -------- d-----w- c:\users\viviane a. saad\appdata\local\{9FBA7A81-2DD7-41E3-AA72-062A338D5CF7}

2011-08-14 14:53:41 -------- d-----w- c:\users\viviane a. saad\appdata\local\{7CBFC0BE-FC2B-4A47-B399-4A1CD77627E5}

2011-08-14 02:52:49 -------- d-----w- c:\users\viviane a. saad\appdata\local\{1D51C1E7-BF37-45F7-B545-486E1A36DDBF}

2011-08-14 02:52:16 -------- d-----w- c:\users\viviane a. saad\appdata\local\{5AE92D2D-0A00-456B-BAFA-9953A736F0FF}

2011-08-13 09:13:50 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A1B51184-A1EA-43E5-84BC-C4C4CDA48544}

2011-08-13 09:13:36 -------- d-----w- c:\users\viviane a. saad\appdata\local\{6D788B52-F4A9-41AB-A0AD-85A887CC0E5E}

2011-08-12 15:45:25 -------- d-----w- c:\users\viviane a. saad\appdata\local\{9D1ABAA4-DEA5-4699-8BF1-D6037A6124FB}

2011-08-12 15:45:10 -------- d-----w- c:\users\viviane a. saad\appdata\local\{95C97093-80A7-45D8-ABB5-9177E4DFE77D}

2011-08-12 03:44:26 -------- d-----w- c:\users\viviane a. saad\appdata\local\{7BE9BB9D-C73C-4F2E-9C9E-3ACCBCF9AC50}

2011-08-12 03:44:07 -------- d-----w- c:\users\viviane a. saad\appdata\local\{1AF8004A-7DB9-439C-B591-8736BB50A16D}

2011-08-11 08:41:55 -------- d-----w- c:\users\viviane a. saad\appdata\local\{076CB182-6DA5-4FCD-BB93-F53CC847C1C7}

2011-08-11 08:41:28 -------- d-----w- c:\users\viviane a. saad\appdata\local\{A059A2A9-03BB-4327-BCCA-C87F15C569C2}

2011-08-10 15:33:34 -------- d-----w- c:\users\viviane a. saad\appdata\local\{AB49AA2A-8258-420D-95FE-58A1BCA8D7A1}

2011-08-10 15:33:17 -------- d-----w- c:\users\viviane a. saad\appdata\local\{5A358B23-ED93-4AC3-9F6D-B73C12DB5EB3}

2011-08-10 14:01:38 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-10 14:00:34 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 13:59:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-08-10 13:58:26 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 13:58:25 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 13:58:19 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 03:32:33 -------- d-----w- c:\users\viviane a. saad\appdata\local\{15A344B6-93EC-426C-BAA4-C9C2D7A32D75}

2011-08-10 03:32:15 -------- d-----w- c:\users\viviane a. saad\appdata\local\{8C954803-353A-4C2B-9AB9-6E98F0E4789F}

2011-08-10 01:26:46 -------- d-----w- c:\users\viviane a. saad\appdata\local\{865A6827-C9EB-4ED0-BF5D-679C92A9AE37}

.

==================== Find3M ====================

.

2011-08-14 17:20:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 11:12:46.02 ===============

Attach.zip

Files Infected:

(No malicious items detected)

*************************************************************************8

finally managed to get gemr to run so attaching the log as a zip file. this is my mother's laptop and she took it with her to lebanon for a month. when she returned i noticed that internet explorer was hijacked. When she starts it up her home page should be msn.com but instead it is arabia.msn.com. she also gets a pop up that is a 'you've won sweepstakes' pop up from takesurveylive.com. sometimes yahoo works, sometimes it doesn't. Just don't want her to use this computer until i figure this out. i really would love some help figuring this out!

ark.zip

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I will be unable to get to her computer tonight but will be able to in the morning. I will post logs then. I was able to clear the redirct issue within internet explorer by clicking the return to default settings but am not convinced it's "cured" the computer so I still want to run these scans as instructed.

Link to post
Share on other sites

After running the scans you requested i'm pretty confident i fixed the problem. Mom says it's running fine now too. Here are the logs for GooredFix and TDSSKiller

GooredFix by jpshortstuff (03.07.10.1)

Log created at 09:35 on 13/09/2011 (Viviane A. Saad)

Firefox version 3.5.2 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{3112ca9c-de6d-4884-a869-9855de68056c} [20:55 13/05/2007]

C:\Users\Viviane A. Saad\Application Data\Mozilla\Firefox\Profiles\agzuma48.default\extensions\

ChoiceGuard@Microsoft [13:25 30/05/2010]

{20a82645-c095-46ed-80e3-08825760534b} [15:47 02/09/2009]

{3112ca9c-de6d-4884-a869-9855de68056c} [21:31 10/12/2009]

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [13:27 17/01/2009]

{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [06:34 03/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:23 14/06/2009]

"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}" [15:26 21/11/2009]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\" [19:56 03/02/2011]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\" [20:13 03/02/2011]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [15:34 27/05/2011]

-=E.O.F=-

************************************************************

2011/09/13 09:36:57.0522 4936 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05

2011/09/13 09:36:59.0525 4936 ================================================================================

2011/09/13 09:36:59.0525 4936 SystemInfo:

2011/09/13 09:36:59.0525 4936

2011/09/13 09:36:59.0525 4936 OS Version: 6.0.6002 ServicePack: 2.0

2011/09/13 09:36:59.0525 4936 Product type: Workstation

2011/09/13 09:36:59.0526 4936 ComputerName: LAPTOP

2011/09/13 09:36:59.0526 4936 UserName: Viviane A. Saad

2011/09/13 09:36:59.0526 4936 Windows directory: C:\Windows

2011/09/13 09:36:59.0526 4936 System windows directory: C:\Windows

2011/09/13 09:36:59.0526 4936 Processor architecture: Intel x86

2011/09/13 09:36:59.0526 4936 Number of processors: 2

2011/09/13 09:36:59.0526 4936 Page size: 0x1000

2011/09/13 09:36:59.0526 4936 Boot type: Normal boot

2011/09/13 09:36:59.0526 4936 ================================================================================

2011/09/13 09:37:04.0029 4936 Initialize success

2011/09/13 09:37:07.0403 4848 ================================================================================

2011/09/13 09:37:07.0403 4848 Scan started

2011/09/13 09:37:07.0403 4848 Mode: Manual;

2011/09/13 09:37:07.0403 4848 ================================================================================

2011/09/13 09:37:10.0672 4848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/09/13 09:37:10.0795 4848 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/09/13 09:37:10.0870 4848 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/09/13 09:37:10.0917 4848 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/09/13 09:37:10.0956 4848 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/09/13 09:37:11.0095 4848 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/09/13 09:37:11.0172 4848 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/09/13 09:37:11.0208 4848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/09/13 09:37:11.0254 4848 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/09/13 09:37:11.0302 4848 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/09/13 09:37:11.0347 4848 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/09/13 09:37:11.0387 4848 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/09/13 09:37:11.0419 4848 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/09/13 09:37:11.0489 4848 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/09/13 09:37:11.0552 4848 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/09/13 09:37:11.0633 4848 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/13 09:37:11.0683 4848 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/09/13 09:37:11.0806 4848 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/09/13 09:37:11.0860 4848 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2011/09/13 09:37:11.0943 4848 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/09/13 09:37:12.0173 4848 BHDrvx86 (378a5e067c170dc6046226ba61ff205f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110901.001\BHDrvx86.sys

2011/09/13 09:37:12.0291 4848 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/13 09:37:12.0366 4848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/09/13 09:37:12.0398 4848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/09/13 09:37:12.0466 4848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/09/13 09:37:12.0507 4848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/09/13 09:37:12.0552 4848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/09/13 09:37:12.0587 4848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/09/13 09:37:12.0646 4848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/09/13 09:37:12.0796 4848 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/13 09:37:12.0854 4848 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/13 09:37:12.0902 4848 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/09/13 09:37:12.0964 4848 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/09/13 09:37:13.0085 4848 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/13 09:37:13.0120 4848 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/09/13 09:37:13.0182 4848 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/13 09:37:13.0215 4848 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/09/13 09:37:13.0265 4848 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/09/13 09:37:13.0359 4848 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/09/13 09:37:13.0489 4848 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/09/13 09:37:13.0589 4848 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS

2011/09/13 09:37:13.0642 4848 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS

2011/09/13 09:37:13.0676 4848 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS

2011/09/13 09:37:13.0715 4848 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS

2011/09/13 09:37:13.0748 4848 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS

2011/09/13 09:37:13.0776 4848 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS

2011/09/13 09:37:13.0811 4848 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS

2011/09/13 09:37:13.0841 4848 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS

2011/09/13 09:37:13.0872 4848 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS

2011/09/13 09:37:13.0909 4848 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS

2011/09/13 09:37:14.0006 4848 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/09/13 09:37:14.0034 4848 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS

2011/09/13 09:37:14.0060 4848 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS

2011/09/13 09:37:14.0191 4848 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/09/13 09:37:14.0286 4848 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys

2011/09/13 09:37:14.0402 4848 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/13 09:37:14.0463 4848 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/09/13 09:37:14.0532 4848 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/09/13 09:37:14.0621 4848 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/09/13 09:37:14.0754 4848 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/09/13 09:37:14.0851 4848 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/09/13 09:37:14.0997 4848 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/09/13 09:37:15.0094 4848 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/09/13 09:37:15.0174 4848 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/09/13 09:37:15.0240 4848 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/13 09:37:15.0331 4848 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/09/13 09:37:15.0375 4848 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/09/13 09:37:15.0413 4848 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/13 09:37:15.0484 4848 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/09/13 09:37:15.0625 4848 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/09/13 09:37:16.0114 4848 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/13 09:37:16.0224 4848 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/13 09:37:16.0388 4848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/09/13 09:37:16.0469 4848 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/13 09:37:16.0517 4848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/09/13 09:37:16.0555 4848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/09/13 09:37:16.0627 4848 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/13 09:37:16.0676 4848 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/09/13 09:37:16.0760 4848 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/09/13 09:37:16.0808 4848 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/09/13 09:37:16.0873 4848 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/09/13 09:37:16.0915 4848 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/09/13 09:37:16.0993 4848 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/13 09:37:17.0054 4848 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/09/13 09:37:17.0319 4848 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110912.030\IDSvix86.sys

2011/09/13 09:37:17.0433 4848 igfx (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/13 09:37:17.0490 4848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/09/13 09:37:17.0596 4848 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/09/13 09:37:17.0679 4848 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/13 09:37:17.0744 4848 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/13 09:37:17.0835 4848 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/09/13 09:37:17.0903 4848 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/09/13 09:37:17.0962 4848 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/09/13 09:37:18.0004 4848 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/09/13 09:37:18.0089 4848 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/13 09:37:18.0129 4848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/09/13 09:37:18.0164 4848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/09/13 09:37:18.0227 4848 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/13 09:37:18.0288 4848 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/13 09:37:18.0372 4848 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/13 09:37:18.0515 4848 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/09/13 09:37:18.0629 4848 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/13 09:37:18.0693 4848 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/09/13 09:37:18.0751 4848 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/13 09:37:18.0796 4848 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/13 09:37:18.0834 4848 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/13 09:37:18.0899 4848 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/09/13 09:37:18.0985 4848 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/09/13 09:37:19.0107 4848 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys

2011/09/13 09:37:19.0324 4848 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys

2011/09/13 09:37:19.0421 4848 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

2011/09/13 09:37:19.0528 4848 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys

2011/09/13 09:37:19.0593 4848 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys

2011/09/13 09:37:19.0657 4848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/09/13 09:37:19.0716 4848 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/09/13 09:37:19.0772 4848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/09/13 09:37:19.0862 4848 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/13 09:37:19.0907 4848 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/13 09:37:19.0960 4848 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/13 09:37:20.0022 4848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/09/13 09:37:20.0108 4848 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/09/13 09:37:20.0153 4848 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/13 09:37:20.0220 4848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/09/13 09:37:20.0283 4848 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/09/13 09:37:20.0344 4848 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/13 09:37:20.0404 4848 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/13 09:37:20.0429 4848 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/13 09:37:20.0476 4848 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2011/09/13 09:37:20.0507 4848 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/09/13 09:37:20.0600 4848 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/09/13 09:37:20.0661 4848 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/09/13 09:37:20.0747 4848 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/13 09:37:20.0794 4848 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/13 09:37:20.0857 4848 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/09/13 09:37:20.0912 4848 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/09/13 09:37:20.0959 4848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/13 09:37:21.0018 4848 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/09/13 09:37:21.0042 4848 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/09/13 09:37:21.0130 4848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/13 09:37:21.0835 4848 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110912.033\NAVENG.SYS

2011/09/13 09:37:22.0013 4848 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110912.033\NAVEX15.SYS

2011/09/13 09:37:22.0124 4848 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/09/13 09:37:22.0186 4848 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/13 09:37:22.0259 4848 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/13 09:37:22.0347 4848 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/13 09:37:22.0412 4848 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/09/13 09:37:22.0471 4848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/13 09:37:22.0532 4848 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/13 09:37:22.0612 4848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/09/13 09:37:22.0704 4848 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/09/13 09:37:22.0760 4848 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/13 09:37:22.0866 4848 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/09/13 09:37:22.0908 4848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/09/13 09:37:22.0942 4848 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/09/13 09:37:22.0998 4848 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/09/13 09:37:23.0043 4848 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/09/13 09:37:23.0088 4848 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/09/13 09:37:23.0231 4848 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/13 09:37:23.0298 4848 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/09/13 09:37:23.0353 4848 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/09/13 09:37:23.0395 4848 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/09/13 09:37:23.0467 4848 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/09/13 09:37:23.0522 4848 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\DRIVERS\pciide.sys

2011/09/13 09:37:23.0612 4848 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/09/13 09:37:23.0699 4848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/09/13 09:37:23.0761 4848 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys

2011/09/13 09:37:23.0947 4848 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS

2011/09/13 09:37:24.0065 4848 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/13 09:37:24.0116 4848 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/09/13 09:37:24.0229 4848 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/13 09:37:24.0279 4848 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

2011/09/13 09:37:24.0400 4848 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/09/13 09:37:24.0451 4848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/09/13 09:37:24.0523 4848 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/13 09:37:24.0688 4848 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/09/13 09:37:24.0748 4848 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/13 09:37:24.0808 4848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/13 09:37:24.0880 4848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/13 09:37:24.0936 4848 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/13 09:37:24.0988 4848 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/13 09:37:25.0055 4848 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/13 09:37:25.0119 4848 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2011/09/13 09:37:25.0142 4848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/13 09:37:25.0224 4848 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/09/13 09:37:25.0316 4848 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/09/13 09:37:25.0360 4848 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/09/13 09:37:25.0401 4848 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/09/13 09:37:25.0491 4848 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/13 09:37:25.0552 4848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/09/13 09:37:25.0636 4848 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/09/13 09:37:25.0688 4848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/13 09:37:25.0736 4848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/09/13 09:37:25.0797 4848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/09/13 09:37:25.0859 4848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/09/13 09:37:25.0948 4848 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/09/13 09:37:25.0988 4848 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/13 09:37:26.0022 4848 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/09/13 09:37:26.0053 4848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/09/13 09:37:26.0120 4848 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/09/13 09:37:26.0167 4848 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/09/13 09:37:26.0206 4848 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/09/13 09:37:26.0279 4848 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/09/13 09:37:26.0357 4848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/09/13 09:37:26.0498 4848 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS

2011/09/13 09:37:26.0551 4848 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS

2011/09/13 09:37:26.0625 4848 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/09/13 09:37:26.0691 4848 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/13 09:37:26.0748 4848 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/13 09:37:26.0863 4848 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

2011/09/13 09:37:26.0934 4848 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/13 09:37:27.0184 4848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/09/13 09:37:27.0236 4848 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS

2011/09/13 09:37:27.0304 4848 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS

2011/09/13 09:37:27.0380 4848 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/09/13 09:37:27.0420 4848 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS

2011/09/13 09:37:27.0465 4848 SYMTDIv (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS

2011/09/13 09:37:27.0515 4848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/09/13 09:37:27.0557 4848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/09/13 09:37:27.0633 4848 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys

2011/09/13 09:37:27.0748 4848 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

2011/09/13 09:37:27.0800 4848 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/13 09:37:27.0865 4848 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/13 09:37:27.0922 4848 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/09/13 09:37:27.0966 4848 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/09/13 09:37:28.0016 4848 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/13 09:37:28.0077 4848 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/13 09:37:28.0153 4848 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/13 09:37:28.0211 4848 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/09/13 09:37:28.0272 4848 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/13 09:37:28.0343 4848 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/09/13 09:37:28.0416 4848 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/13 09:37:28.0476 4848 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/13 09:37:28.0517 4848 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/09/13 09:37:28.0574 4848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/09/13 09:37:28.0625 4848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/09/13 09:37:28.0681 4848 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/13 09:37:28.0754 4848 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2011/09/13 09:37:28.0819 4848 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/13 09:37:28.0870 4848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/09/13 09:37:28.0932 4848 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/13 09:37:28.0974 4848 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/13 09:37:29.0008 4848 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/09/13 09:37:29.0060 4848 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/13 09:37:29.0101 4848 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/13 09:37:29.0146 4848 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/13 09:37:29.0215 4848 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/13 09:37:29.0296 4848 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/09/13 09:37:29.0339 4848 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/09/13 09:37:29.0379 4848 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/09/13 09:37:29.0420 4848 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/09/13 09:37:29.0474 4848 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/09/13 09:37:29.0551 4848 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/09/13 09:37:29.0596 4848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/09/13 09:37:29.0655 4848 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/09/13 09:37:29.0713 4848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/09/13 09:37:29.0796 4848 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/13 09:37:29.0827 4848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/13 09:37:29.0885 4848 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/09/13 09:37:29.0963 4848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/13 09:37:30.0092 4848 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/09/13 09:37:30.0230 4848 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/13 09:37:30.0315 4848 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/09/13 09:37:30.0366 4848 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/13 09:37:30.0487 4848 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/13 09:37:30.0540 4848 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/09/13 09:37:30.0610 4848 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/09/13 09:37:30.0654 4848 Boot (0x1200) (e4b1b66c67e93d9d5f1db9f145663cbf) \Device\Harddisk0\DR0\Partition0

2011/09/13 09:37:30.0670 4848 Boot (0x1200) (e67facce4cdb585332f31142c5e23380) \Device\Harddisk0\DR0\Partition1

2011/09/13 09:37:30.0684 4848 ================================================================================

2011/09/13 09:37:30.0684 4848 Scan finished

2011/09/13 09:37:30.0684 4848 ================================================================================

2011/09/13 09:37:30.0704 2960 Detected object count: 0

2011/09/13 09:37:30.0704 2960 Actual detected object count: 0

I'm hoping you agree with my assessment in that it is clean because it will make me feel better!

Thanks in advance!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.