BleepingComputer.com: W32/blaster.worm on win7 os

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

W32/blaster.worm on win7 os Removal of blaster virus

#1 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 24 August 2011 - 11:59 AM

Hello- i am desperately in need of help. I am running window 7 & have been infected with the w32/blaster.worm virus. I have used rkill & malwarebytes but the infection is strill there. Sometimes after doing the scan & removing whatever infections have been found, the virus will be dormant for a couple hours, then I will get the infection again. I have done about 8 scans not without success of removing the virus. All the info I see relating this virus, relate to os other than win7. The virus is also prohibiting me from running any anti spyware programs installed not the system. Any help that you can give would be greatly appreciated. Thanks.

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 24 August 2011 - 09:58 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.


IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 24 August 2011 - 11:33 PM

Thanks for the response. I will post as soon as I getbthe results. Thanks...

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 24 August 2011 - 11:35 PM

No problem :)
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#5 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 26 August 2011 - 07:29 PM

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

#6 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 26 August 2011 - 07:53 PM

niToolBox by Farbar
Ran by user (administrator) on 26-08-2011 at 19:33:37
Windows 7 Ultimate (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g Wireless Device
Physical Address. . . . . . . . . : 00-81-85-A1-98-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-24-08-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c9a6:d011:e9c4:3392%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 24, 2011 3:22:39 AM
Lease Expires . . . . . . . . . . : Tuesday, October 03, 2147 2:02:20 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 268441206
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-DA-7F-38-00-16-76-24-08-69
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1065:126c:b8ea:9ee(Preferred)
Link-local IPv6 Address . . . . . : fe80::1065:126c:b8ea:9ee%26(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1CBD11C1-7D4A-4649-8FD8-36519D60C799}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.73.105] with 32 bytes of data:
Reply from 74.125.73.105: bytes=32 time=112ms TTL=52
Reply from 74.125.73.105: bytes=32 time=647ms TTL=52

Ping statistics for 74.125.73.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 647ms, Average = 379ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=371ms TTL=53
Reply from 67.195.160.76: bytes=32 time=103ms TTL=54

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 371ms, Average = 237ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 81 85 a1 98 ce ......Realtek 8185 Extensible 802.11b/g Wireless Device
12...00 16 76 24 08 69 ......Intel® PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
26 58 ::/0 On-link
1 306 ::1/128 On-link
26 58 2001::/32 On-link
26 306 2001:0:4137:9e76:1065:126c:b8ea:9ee/128
On-link
12 276 fe80::/64 On-link
26 306 fe80::/64 On-link
26 306 fe80::1065:126c:b8ea:9ee/128
On-link
12 276 fe80::c9a6:d011:e9c4:3392/128
On-link
1 306 ff00::/8 On-link
26 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2011 07:20:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16839, time stamp: 0x4e0015ef
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab44
Exception code: 0xc0000005
Fault offset: 0x00028ab2
Faulting process id: 0x1818
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/26/2011 06:54:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16839, time stamp: 0x4e0015ef
Faulting module name: tbBit0.dll_unloaded, version: 0.0.0.0, time stamp: 0x4daaa6d9
Exception code: 0xc0000005
Fault offset: 0x059dd4c8
Faulting process id: 0x16ac
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/26/2011 05:28:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16839, time stamp: 0x4e0015ef
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab44
Exception code: 0xc0000374
Fault offset: 0x000c35e3
Faulting process id: 0x13c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/24/2011 09:07:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.
.

Error: (08/24/2011 03:30:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7600.16661, time stamp: 0x4c6f578f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03bf5702
Faulting process id: 0x11b8
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (08/24/2011 03:22:48 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (08/24/2011 03:22:48 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (08/22/2011 05:13:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16839, time stamp: 0x4e0015ef
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab44
Exception code: 0xc0000005
Fault offset: 0x00052073
Faulting process id: 0x8c0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/21/2011 07:00:18 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (08/19/2011 05:56:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (08/26/2011 05:55:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/26/2011 05:52:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/26/2011 05:52:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/26/2011 05:52:52 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (08/26/2011 05:52:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/26/2011 05:52:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/26/2011 03:05:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2556532).

Error: (08/25/2011 03:06:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2556532).

Error: (08/24/2011 05:04:19 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 05:04:19 AM) (Source: ipnathlp) (User: )
Description: 192.168.2.3192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================
Error: (08/26/2011 07:20:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.168394e0015efntdll.dll6.1.7600.166954cc7ab44c000000500028ab2181801cc644eee34ec4aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll6483da24-d042-11e0-8af9-001676240869

Error: (08/26/2011 06:54:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.168394e0015eftbBit0.dll_unloaded0.0.0.04daaa6d9c0000005059dd4c816ac01cc644b628bf6c6C:\Program Files\Internet Explorer\iexplore.exetbBit0.dllc0db24f1-d03e-11e0-8af9-001676240869

Error: (08/26/2011 05:28:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.168394e0015efntdll.dll6.1.7600.166954cc7ab44c0000374000c35e313c801cc6247fcc875f8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc1512239-d032-11e0-8af9-001676240869

Error: (08/24/2011 09:07:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (08/24/2011 03:30:01 AM) (Source: Application Error)(User: )
Description: spoolsv.exe6.1.7600.166614c6f578funknown0.0.0.000000000c000000503bf570211b801cc6237bb4ef3afC:\Windows\System32\spoolsv.exeunknown41cb100d-ce2b-11e0-8af9-001676240869

Error: (08/24/2011 03:22:48 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: -1

Error: (08/24/2011 03:22:48 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:

Error: (08/22/2011 05:13:37 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.168394e0015efntdll.dll6.1.7600.166954cc7ab44c0000005000520738c001cc5ebd1846a909C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll660d3d31-cca7-11e0-8889-001676240869

Error: (08/21/2011 07:00:18 PM) (Source: Windows Backup)(User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (08/19/2011 05:56:18 PM) (Source: SideBySide)(User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2


=========================== Installed Programs ============================

7-Zip 9.13 beta
Adobe AIR (Version: 1.5.3.9130)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Illustrator CS5 (Version: 15.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.3 (Version: 9.3.0)
Akamai NetSession Interface
Artisan Bakery Software 2.3.0604
Ask Toolbar (Version: 1.9.1.0)
AVG Free 9.0
BitTorrent
BitTorrentBar Toolbar (Version: 6.3.5.3)
Conduit Engine (Version: )
Cucusoft Video Converter Ultimate 8.08
Data Lifeguard Diagnostic for Windows 1.22
Desktop Decorator 01.00.031 - KopyKake
EASEUS Data Recovery Wizard Free Edition 5.0.1
EASEUS Data Recovery Wizard Professional 4.3.6 (Version: 4.3.6)
EASITax 2008
EPSON NX410 Series Printer Uninstall
EPSON Printer Software
EPSON Scan
File Helper 1.2.0.1
Free RAR Extract Frog (Version: 1.80)
Free Text Tool 0.1 (Version: 0.1)
Free Window Registry Repair
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
Google Toolbar for Internet Explorer (Version: 1.0.0)
Gupta SQLBase 9.0.1.3 Driverpack
HP Deskjet 3840 (Version: 1.00.0000)
HP Product Detection (Version: 10.7.4.0)
HP Software Update (Version: 3.0.1.25)
IPro 40.0.19 Foodservice Software Demo (Version: 40.0.19)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0)
Microsoft Search Enhancement Pack (Version: 2.0.264.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.2.3042.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSN Toolbar (Version: 4.0.0401.0)
MSN Toolbar Platform (Version: 4.0.0401.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nitro PDF Professional (Version: 5.4.1.7)
NVIDIA Drivers (Version: 1.10)
PC MightyMax 2011 (Version: 1.0.0.1)
PINPadDevice Files
ProChef Plus (Version: 9.0.0)
PVSonyDll (Version: 1.00.0001)
QuickBooks Premier: Mfg and Whsle Edition 2009 (Version: 19.0.4001.703)
QuickBooks Pro 2009 (Version: 19.0.4001.703)
RadioBar Toolbar
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Recover Files 3.26
Retail ICE
Retail STAR - Crystal Reports runtime (Version: 1.0.3)
SupportSoft Assisted Service (Version: 15)
T-Mobile webConnect Manager (Version: 2.05.0016.0)
The Mixing Bench 8
VideoLAN VLC media player 0.8.6h (Version: 0.8.6h)
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Xvid 1.2.1 final uninstall (Version: 1.2)

========================= Memory info: ===================================

Percentage of memory in use: 92%
Total physical RAM: 1022.8 MB
Available physical RAM: 75.73 MB
Total Pagefile: 2221.8 MB
Available Pagefile: 560.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.72 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:76.59 GB) (Free:0.36 GB) NTFS
3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
5 Drive f: () (Fixed) (Total:37.24 GB) (Free:2.43 GB) NTFS
6 Drive i: (My Passport) (Fixed) (Total:298.01 GB) (Free:48.66 GB) FAT32

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest QBDataServiceUser19
user


**** End of log ****

#7 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 26 August 2011 - 08:11 PM

I still need two other logs.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#8 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 29 August 2011 - 10:31 AM

I'm working on the other two. Having trouble with malwarebytes. Not running or locking up & sending the computer into a restar loop. I'm going to try and remove it them reinstall.

#9 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 29 August 2011 - 10:57 AM

OK...
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#10 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 30 August 2011 - 09:57 AM

Tried to ininstall and reinstall malwares, but no luck. As soon as I uninstalled and restarted, virus invection came up. I ran rkill to stop the craziness. Here is the rklill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/30/2011 at 9:46:26.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\ProgramData\defender.exe
C:\Users\user\Desktop\eXplorer.exe
C:\Windows\System32\spoolsv.exe


Rkill completed on 08/30/2011 at 9:46:33.

#11 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 30 August 2011 - 10:25 AM

here is the gmer log (I had to run it in safe mode)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-30 10:21:58
Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 HDS728080PLA380 rev.PF2OA6BA
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:216] 8A32FE80
Thread System [4:220] 8A32FE80
Thread System [4:224] 8A298105
Thread System [4:228] 8A298105

---- EOF - GMER 1.0.15 ----

#12 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 30 August 2011 - 12:02 PM

ok- Malwarebyteds is a no go. Cannot get it to run. It installs, but when I run it - after a few seconds it just disappears.

#13 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 30 August 2011 - 06:29 PM

OK, we have a rootkit there...

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#14 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 31 August 2011 - 12:23 PM

whne I ran TDS after it started I got a blue crasg screen & the computer rebooted. On the restart the virus cam upe again. I ran R kill and here is the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/31/2011 at 9:55:47.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\ProgramData\defender.exe
C:\Users\user\Desktop\eXplorer.exe
C:\Windows\System32\grpconv.exe


Rkill completed on 08/31/2011 at 9:55:53.

#15 User is offline   Srparmad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 24-August 11

Posted 31 August 2011 - 12:37 PM

ran tds after rkill. there is the log before the reboot:

11/08/31 09:03:17.0315 3140 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 09:03:17.0971 3140 ================================================================================
2011/08/31 09:03:17.0971 3140 SystemInfo:
2011/08/31 09:03:17.0971 3140
2011/08/31 09:03:17.0971 3140 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/31 09:03:17.0971 3140 Product type: Workstation
2011/08/31 09:03:17.0971 3140 ComputerName: USER-PC
2011/08/31 09:03:17.0971 3140 UserName: user
2011/08/31 09:03:17.0971 3140 Windows directory: C:\Windows
2011/08/31 09:03:17.0971 3140 System windows directory: C:\Windows
2011/08/31 09:03:17.0971 3140 Processor architecture: Intel x86
2011/08/31 09:03:17.0971 3140 Number of processors: 2
2011/08/31 09:03:17.0971 3140 Page size: 0x1000
2011/08/31 09:03:17.0971 3140 Boot type: Normal boot
2011/08/31 09:03:17.0971 3140 ================================================================================
2011/08/31 09:03:26.0174 3140 Initialize success
2011/08/31 09:03:51.0877 3188 ================================================================================
2011/08/31 09:03:51.0877 3188 Scan started
2011/08/31 09:03:51.0877 3188 Mode: Manual;
2011/08/31 09:03:51.0877 3188 ================================================================================
2011/08/31 09:03:54.0018 3188 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/31 09:03:54.0127 3188 a5ac303e (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\1043377317:1515442113.exe
2011/08/31 09:03:54.0127 3188 Suspicious file (Hidden): C:\Windows\1043377317:1515442113.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/31 09:03:54.0127 3188 a5ac303e - detected HiddenFile.Multi.Generic (1)
2011/08/31 09:03:54.0221 3188 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/31 09:03:54.0299 3188 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/31 09:03:54.0409 3188 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/31 09:03:54.0471 3188 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/31 09:03:54.0518 3188 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/31 09:03:54.0643 3188 AFD (a5e9dcdcb350bb5ac278a5fcea0149c1) C:\Windows\system32\drivers\afd.sys
2011/08/31 09:03:54.0659 3188 AFD - detected Rootkit.Win32.ZAccess.f (0)
2011/08/31 09:03:54.0706 3188 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/31 09:03:54.0784 3188 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/31 09:03:54.0909 3188 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/31 09:03:54.0971 3188 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/31 09:03:55.0018 3188 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/31 09:03:55.0112 3188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/31 09:03:55.0174 3188 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/31 09:03:55.0221 3188 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/31 09:03:55.0268 3188 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/31 09:03:55.0346 3188 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/31 09:03:55.0409 3188 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/31 09:03:55.0534 3188 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/31 09:03:55.0596 3188 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/31 09:03:55.0643 3188 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/31 09:03:55.0721 3188 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/31 09:03:55.0909 3188 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2011/08/31 09:03:55.0971 3188 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2011/08/31 09:03:56.0049 3188 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
2011/08/31 09:03:56.0143 3188 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/31 09:03:56.0252 3188 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/31 09:03:56.0331 3188 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/31 09:03:56.0424 3188 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/31 09:03:56.0487 3188 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/31 09:03:56.0549 3188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/31 09:03:56.0581 3188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/31 09:03:56.0831 3188 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/31 09:03:56.0893 3188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/31 09:03:56.0924 3188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/31 09:03:56.0956 3188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/31 09:03:57.0018 3188 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/31 09:03:57.0143 3188 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/31 09:03:57.0252 3188 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/31 09:03:57.0346 3188 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/31 09:03:57.0393 3188 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/31 09:03:57.0471 3188 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/31 09:03:57.0565 3188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/31 09:03:57.0612 3188 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/31 09:03:57.0643 3188 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/31 09:03:57.0706 3188 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/31 09:03:57.0909 3188 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/31 09:03:57.0987 3188 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/08/31 09:03:58.0127 3188 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/08/31 09:03:58.0190 3188 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/31 09:03:58.0268 3188 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/31 09:03:58.0393 3188 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/31 09:03:58.0471 3188 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/31 09:03:58.0549 3188 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2011/08/31 09:03:58.0752 3188 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/31 09:03:58.0956 3188 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/31 09:03:58.0987 3188 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/31 09:03:59.0112 3188 ewusbnet (7c18a6c99f4119d361a5ca028e788648) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/08/31 09:03:59.0221 3188 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/31 09:03:59.0268 3188 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/31 09:03:59.0331 3188 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/31 09:03:59.0440 3188 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/31 09:03:59.0471 3188 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/31 09:03:59.0518 3188 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/31 09:03:59.0565 3188 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/31 09:03:59.0674 3188 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/31 09:03:59.0721 3188 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/31 09:03:59.0768 3188 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/31 09:03:59.0877 3188 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/31 09:03:59.0940 3188 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/31 09:04:00.0002 3188 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/31 09:04:00.0127 3188 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/31 09:04:00.0174 3188 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/31 09:04:00.0206 3188 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/31 09:04:00.0268 3188 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/31 09:04:00.0409 3188 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/31 09:04:00.0471 3188 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/31 09:04:00.0549 3188 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/31 09:04:00.0659 3188 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/31 09:04:00.0706 3188 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/31 09:04:00.0768 3188 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/08/31 09:04:00.0877 3188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/31 09:04:00.0924 3188 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/31 09:04:00.0971 3188 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/31 09:04:01.0049 3188 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/31 09:04:01.0143 3188 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/31 09:04:01.0206 3188 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/31 09:04:01.0268 3188 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/31 09:04:01.0346 3188 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/31 09:04:01.0409 3188 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/31 09:04:01.0440 3188 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/31 09:04:01.0487 3188 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/31 09:04:01.0581 3188 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/31 09:04:01.0659 3188 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/31 09:04:01.0706 3188 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/31 09:04:01.0768 3188 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/31 09:04:02.0049 3188 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/31 09:04:02.0143 3188 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/31 09:04:02.0174 3188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/31 09:04:02.0221 3188 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/31 09:04:02.0268 3188 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/31 09:04:02.0362 3188 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/31 09:04:02.0440 3188 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/31 09:04:02.0581 3188 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/31 09:04:02.0627 3188 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/31 09:04:02.0690 3188 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/31 09:04:02.0784 3188 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/31 09:04:02.0846 3188 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/31 09:04:02.0909 3188 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/31 09:04:02.0987 3188 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/31 09:04:03.0049 3188 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/31 09:04:03.0081 3188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/31 09:04:03.0143 3188 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/31 09:04:03.0284 3188 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/31 09:04:03.0346 3188 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/31 09:04:03.0377 3188 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/31 09:04:03.0471 3188 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/31 09:04:03.0534 3188 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/31 09:04:03.0596 3188 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/31 09:04:03.0690 3188 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/31 09:04:03.0721 3188 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/31 09:04:03.0784 3188 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/31 09:04:03.0862 3188 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/31 09:04:03.0909 3188 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/31 09:04:03.0956 3188 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/31 09:04:04.0002 3188 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/31 09:04:04.0112 3188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/31 09:04:04.0159 3188 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/31 09:04:04.0206 3188 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/31 09:04:04.0284 3188 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/31 09:04:04.0393 3188 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/31 09:04:04.0487 3188 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/31 09:04:04.0565 3188 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/31 09:04:04.0612 3188 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/31 09:04:04.0659 3188 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/31 09:04:04.0706 3188 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/31 09:04:04.0799 3188 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/31 09:04:04.0846 3188 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/31 09:04:04.0956 3188 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/31 09:04:05.0049 3188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/31 09:04:05.0096 3188 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/31 09:04:05.0174 3188 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/08/31 09:04:05.0284 3188 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/31 09:04:05.0643 3188 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/31 09:04:06.0065 3188 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/31 09:04:06.0112 3188 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/31 09:04:06.0237 3188 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/31 09:04:06.0284 3188 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/31 09:04:06.0424 3188 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/31 09:04:06.0471 3188 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/31 09:04:06.0518 3188 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/31 09:04:06.0565 3188 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/31 09:04:06.0643 3188 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/31 09:04:06.0690 3188 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/31 09:04:06.0768 3188 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2011/08/31 09:04:06.0799 3188 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/31 09:04:06.0877 3188 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/31 09:04:07.0206 3188 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/31 09:04:07.0252 3188 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/31 09:04:07.0377 3188 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/31 09:04:07.0487 3188 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/31 09:04:07.0596 3188 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/31 09:04:07.0690 3188 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/31 09:04:07.0721 3188 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/31 09:04:07.0815 3188 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/31 09:04:07.0862 3188 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/31 09:04:07.0924 3188 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/31 09:04:07.0971 3188 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/31 09:04:08.0065 3188 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/31 09:04:08.0112 3188 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/31 09:04:08.0159 3188 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/31 09:04:08.0221 3188 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/08/31 09:04:08.0315 3188 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/31 09:04:08.0377 3188 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/31 09:04:08.0424 3188 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/31 09:04:08.0487 3188 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/31 09:04:08.0690 3188 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/31 09:04:08.0815 3188 RTL85n86 (d1956ff9b142bb98d50fb78655e3c462) C:\Windows\system32\DRIVERS\RTL85n86.sys
2011/08/31 09:04:08.0893 3188 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/08/31 09:04:09.0018 3188 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/31 09:04:09.0065 3188 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/31 09:04:09.0221 3188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/31 09:04:09.0299 3188 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/31 09:04:09.0409 3188 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/31 09:04:09.0456 3188 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/31 09:04:09.0518 3188 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/31 09:04:09.0549 3188 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/31 09:04:09.0581 3188 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/31 09:04:09.0627 3188 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/31 09:04:09.0674 3188 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/31 09:04:09.0784 3188 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/31 09:04:09.0815 3188 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/31 09:04:09.0862 3188 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/31 09:04:09.0940 3188 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/31 09:04:10.0112 3188 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/08/31 09:04:10.0159 3188 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/31 09:04:10.0206 3188 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/31 09:04:10.0346 3188 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/31 09:04:10.0393 3188 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/08/31 09:04:10.0424 3188 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/08/31 09:04:10.0534 3188 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/31 09:04:10.0706 3188 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
2011/08/31 09:04:10.0831 3188 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/31 09:04:10.0893 3188 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/31 09:04:10.0956 3188 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/31 09:04:10.0987 3188 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/31 09:04:11.0049 3188 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/31 09:04:11.0081 3188 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/31 09:04:11.0252 3188 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/31 09:04:11.0315 3188 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/31 09:04:11.0393 3188 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/31 09:04:11.0471 3188 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/31 09:04:11.0549 3188 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/31 09:04:11.0659 3188 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/31 09:04:11.0706 3188 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/31 09:04:11.0815 3188 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/08/31 09:04:11.0909 3188 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/31 09:04:11.0987 3188 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/31 09:04:12.0018 3188 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/31 09:04:12.0127 3188 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/31 09:04:12.0190 3188 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/31 09:04:12.0237 3188 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/31 09:04:12.0331 3188 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/31 09:04:12.0409 3188 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/31 09:04:12.0456 3188 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/31 09:04:12.0502 3188 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
2011/08/31 09:04:12.0627 3188 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/31 09:04:12.0690 3188 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/31 09:04:12.0721 3188 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/31 09:04:12.0768 3188 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/31 09:04:12.0877 3188 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/31 09:04:12.0924 3188 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/31 09:04:12.0956 3188 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/31 09:04:13.0002 3188 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/08/31 09:04:13.0112 3188 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/08/31 09:04:13.0159 3188 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/31 09:04:13.0206 3188 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/31 09:04:13.0284 3188 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/31 09:04:13.0409 3188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/31 09:04:13.0456 3188 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/31 09:04:13.0518 3188 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/31 09:04:13.0565 3188 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/31 09:04:13.0596 3188 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/31 09:04:13.0752 3188 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/31 09:04:13.0799 3188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/31 09:04:13.0971 3188 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/31 09:04:14.0002 3188 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/31 09:04:14.0190 3188 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/31 09:04:14.0284 3188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/31 09:04:14.0440 3188 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/31 09:04:14.0502 3188 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/31 09:04:14.0581 3188 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/31 09:04:14.0737 3188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/31 09:04:14.0893 3188 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk1\DR1
2011/08/31 09:04:14.0909 3188 \Device\Harddisk1\DR1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/31 09:04:15.0299 3188 MBR (0x1B8) (31cfc50fbd443daeec9a5c7ae8da8f6d) \Device\Harddisk2\DR2
2011/08/31 09:04:15.0971 3188 MBR (0x1B8) (eb7fd6fbda591f4f34203376e819b123) \Device\Harddisk3\DR3
2011/08/31 09:04:16.0018 3188 Boot (0x1200) (5dc31ebcbcf7e8396592fcec52746cd9) \Device\Harddisk0\DR0\Partition0
2011/08/31 09:04:16.0049 3188 Boot (0x1200) (ea20cb47a5fc4af73a05c1d7ce14ae14) \Device\Harddisk1\DR1\Partition0
2011/08/31 09:04:16.0065 3188 Boot (0x1200) (3452c79264bd107a8721ae920bbb1e24) \Device\Harddisk1\DR1\Partition1
2011/08/31 09:04:16.0096 3188 Boot (0x1200) (57a5d33610f8fe4c14632212ea35fd28) \Device\Harddisk2\DR2\Partition0
2011/08/31 09:04:16.0112 3188 ================================================================================
2011/08/31 09:04:16.0112 3188 Scan finished
2011/08/31 09:04:16.0112 3188 ================================================================================
2011/08/31 09:04:16.0143 1656 Detected object count: 3
2011/08/31 09:04:16.0143 1656 Actual detected object count: 3
2011/08/31 09:08:45.0659 1656 HiddenFile.Multi.Generic(a5ac303e) - User select action: Skip
2011/08/31 09:08:45.0784 1656 AFD (a5e9dcdcb350bb5ac278a5fcea0149c1) C:\Windows\system32\drivers\afd.sys

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users