Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random music and "Congratulations you won!" sound byte


  • This topic is locked This topic is locked
15 replies to this topic

#1 Forgotten_One

Forgotten_One

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 26 July 2010 - 06:00 PM

Hello again. I let someone else use my laptop and now I'm getting music and a sound byte that says "Congratulations, you won!"

I ran a full scan of Malwarebytes, which detected one thing. However, it didn't fix the problem. A log is available if requested. From Google, I understand iexplore.exe has something to do with this, but my Task Manager doesn't have anything.

I've also run SuperAntiSpyware, but the problem remains.

Edited by Forgotten_One, 26 July 2010 - 06:08 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 26 July 2010 - 11:38 PM

Hello and welcome.. Let's do an online scan and see if Unruy is here.

ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 27 July 2010 - 07:11 AM

C:\Users\dkim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\51761091-3fc00534 multiple threats deleted - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 27 July 2010 - 01:46 PM

I guess you still have it.. I need to know if this is XP or ???

What version of JAVA is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 27 July 2010 - 05:40 PM

I apologize. I was in a rush to get to work and I posted it before I left. I'm at home now, and I'll monitor the situation.

To answer your question, I'm running Windows Vista and Java 6 Update 18.

EDIT: I just heard the sound byte again.

Edited by Forgotten_One, 27 July 2010 - 07:02 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 27 July 2010 - 07:34 PM

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.




Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 27 July 2010 - 10:48 PM

I heard the sound byte again.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/27/2010 at 10:05 PM

Application Version : 4.41.1000

Core Rules Database Version : 5278
Trace Rules Database Version: 3090

Scan type : Complete Scan
Total Scan Time : 01:26:35

Memory items scanned : 353
Memory threats detected : 0
Registry items scanned : 8847
Registry threats detected : 0
File items scanned : 143064
File threats detected : 39

Trojan.Agent/Gen-MSFake
C:\USERS\DKIM\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\12\313123CC-111E612A

Adware.Tracking Cookie
.server.cpmstar.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.clickaider.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.hitbox.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.hitbox.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
.revsci.net [ C:\Users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBDLGHPA ]
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBDLGHPA ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBDLGHPA ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBDLGHPA ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluestreak[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@qnsr[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 28 July 2010 - 09:45 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 28 July 2010 - 05:17 PM

Here you go. The scanner said nothing was found.

2010/07/28 16:57:49.0652 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/28 16:57:49.0652 ================================================================================
2010/07/28 16:57:49.0652 SystemInfo:
2010/07/28 16:57:49.0652
2010/07/28 16:57:49.0652 OS Version: 6.0.6002 ServicePack: 2.0
2010/07/28 16:57:49.0652 Product type: Workstation
2010/07/28 16:57:49.0652 ComputerName: S054393
2010/07/28 16:57:49.0652 UserName: DKim
2010/07/28 16:57:49.0652 Windows directory: C:\Windows
2010/07/28 16:57:49.0652 System windows directory: C:\Windows
2010/07/28 16:57:49.0652 Processor architecture: Intel x86
2010/07/28 16:57:49.0652 Number of processors: 2
2010/07/28 16:57:49.0652 Page size: 0x1000
2010/07/28 16:57:49.0652 Boot type: Normal boot
2010/07/28 16:57:49.0652 ================================================================================
2010/07/28 16:59:26.0690 Initialize success
2010/07/28 16:59:33.0835 ================================================================================
2010/07/28 16:59:33.0835 Scan started
2010/07/28 16:59:33.0835 Mode: Manual;
2010/07/28 16:59:33.0835 ================================================================================
2010/07/28 16:59:38.0078 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/07/28 16:59:38.0671 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/07/28 16:59:39.0248 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/07/28 16:59:39.0545 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/07/28 16:59:39.0810 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/07/28 16:59:40.0184 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/07/28 16:59:40.0746 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/07/28 16:59:41.0261 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\DRIVERS\agp440.sys
2010/07/28 16:59:41.0510 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/07/28 16:59:41.0885 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/07/28 16:59:42.0041 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/07/28 16:59:42.0384 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/07/28 16:59:42.0634 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/07/28 16:59:42.0961 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/07/28 16:59:43.0273 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/07/28 16:59:43.0694 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/07/28 16:59:44.0053 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/07/28 16:59:44.0537 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/07/28 16:59:45.0161 athr (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
2010/07/28 16:59:46.0019 ATSWPDRV (002ecb6f1197a7754cc87f2073f41841) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/07/28 16:59:46.0253 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/07/28 16:59:46.0830 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/07/28 16:59:47.0173 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/07/28 16:59:47.0594 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/07/28 16:59:48.0016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/07/28 16:59:48.0437 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/07/28 16:59:49.0061 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/07/28 16:59:49.0466 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/07/28 16:59:49.0950 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/07/28 16:59:50.0418 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/07/28 16:59:51.0058 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/07/28 16:59:51.0650 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/07/28 16:59:52.0196 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/07/28 16:59:52.0883 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/07/28 16:59:53.0351 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/07/28 16:59:53.0460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/07/28 16:59:53.0725 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/07/28 16:59:54.0006 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/07/28 16:59:54.0302 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/07/28 16:59:54.0630 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2010/07/28 16:59:54.0926 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/07/28 16:59:55.0129 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/07/28 16:59:55.0597 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/07/28 16:59:55.0769 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/07/28 16:59:56.0112 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/07/28 16:59:56.0471 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/07/28 16:59:57.0157 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/07/28 16:59:58.0234 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/07/28 16:59:58.0889 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\Windows\system32\DRIVERS\eamon.sys
2010/07/28 16:59:59.0341 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\Windows\system32\DRIVERS\easdrv.sys
2010/07/28 16:59:59.0981 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/07/28 17:00:00.0620 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/07/28 17:00:01.0666 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\Windows\system32\DRIVERS\epfwtdir.sys
2010/07/28 17:00:02.0383 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/07/28 17:00:02.0820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/07/28 17:00:03.0304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/07/28 17:00:03.0803 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/07/28 17:00:04.0177 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/07/28 17:00:04.0645 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/07/28 17:00:05.0082 Fjbtndrv (7b9580b95ac706948a99164bdc4e0eff) C:\Windows\system32\DRIVERS\FjBtnDrv.sys
2010/07/28 17:00:05.0503 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/07/28 17:00:05.0768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/07/28 17:00:06.0205 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/07/28 17:00:06.0533 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
2010/07/28 17:00:06.0736 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\Windows\system32\DRIVERS\FUJ02E3.sys
2010/07/28 17:00:07.0250 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2010/07/28 17:00:07.0750 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/07/28 17:00:08.0327 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2010/07/28 17:00:08.0842 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/07/28 17:00:09.0622 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/07/28 17:00:10.0636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/07/28 17:00:11.0400 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/07/28 17:00:11.0868 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/07/28 17:00:12.0118 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/07/28 17:00:12.0866 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
2010/07/28 17:00:13.0927 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/07/28 17:00:14.0645 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/07/28 17:00:15.0222 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/07/28 17:00:16.0127 igfx (1b954f2bcb244596da704dc8c7729930) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/07/28 17:00:17.0515 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/07/28 17:00:18.0592 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
2010/07/28 17:00:20.0245 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/07/28 17:00:20.0869 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/07/28 17:00:21.0540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/07/28 17:00:22.0850 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/07/28 17:00:23.0708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/07/28 17:00:24.0707 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2010/07/28 17:00:25.0487 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/07/28 17:00:25.0908 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/07/28 17:00:26.0298 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/07/28 17:00:26.0719 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/07/28 17:00:27.0047 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/07/28 17:00:27.0530 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/07/28 17:00:27.0811 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/07/28 17:00:28.0279 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\Windows\system32\drivers\klmd.sys
2010/07/28 17:00:29.0106 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/07/28 17:00:29.0761 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/07/28 17:00:30.0245 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/07/28 17:00:30.0588 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/07/28 17:00:31.0352 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/07/28 17:00:31.0992 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/07/28 17:00:32.0632 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/07/28 17:00:32.0944 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/07/28 17:00:33.0412 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/07/28 17:00:33.0911 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/07/28 17:00:34.0519 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/07/28 17:00:34.0878 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/07/28 17:00:35.0330 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/07/28 17:00:35.0767 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/07/28 17:00:35.0970 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/07/28 17:00:36.0563 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/07/28 17:00:36.0875 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/07/28 17:00:37.0140 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/07/28 17:00:37.0904 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/07/28 17:00:38.0606 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/07/28 17:00:39.0199 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/07/28 17:00:39.0901 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/07/28 17:00:40.0120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/07/28 17:00:40.0354 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/07/28 17:00:40.0931 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/07/28 17:00:41.0212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/07/28 17:00:41.0773 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/07/28 17:00:42.0163 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/07/28 17:00:42.0600 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/07/28 17:00:43.0068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/07/28 17:00:43.0708 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/07/28 17:00:43.0973 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/07/28 17:00:44.0831 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/07/28 17:00:45.0814 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\Windows\system32\DRIVERS\NetMotCM.sys
2010/07/28 17:00:46.0172 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/07/28 17:00:46.0484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/07/28 17:00:46.0890 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/07/28 17:00:47.0296 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/07/28 17:00:47.0795 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/07/28 17:00:48.0029 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/07/28 17:00:48.0419 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/07/28 17:00:48.0996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/07/28 17:00:49.0417 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/07/28 17:00:50.0306 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/07/28 17:00:51.0133 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/07/28 17:00:51.0258 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/07/28 17:00:51.0461 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/07/28 17:00:51.0960 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/07/28 17:00:52.0100 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/07/28 17:00:52.0849 O2MDRDR (f4aa04f7ba01d54b31f14841386cc60b) C:\Windows\system32\DRIVERS\o2media.sys
2010/07/28 17:00:52.0990 O2SCBUS (2ec76cc78bf592e79e72e220a11aec97) C:\Windows\system32\DRIVERS\ozscr.sys
2010/07/28 17:00:53.0317 O2SDRDR (06b541d57b9b8ea2f0ebebcaebc90718) C:\Windows\system32\DRIVERS\o2sd.sys
2010/07/28 17:00:53.0816 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/07/28 17:00:54.0378 PAEAFLT.sys (301e92ce7fb606f94f124a76d8145622) C:\Windows\system32\DRIVERS\PAEAFLT.sys
2010/07/28 17:00:54.0940 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/07/28 17:00:55.0704 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/07/28 17:00:56.0188 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/07/28 17:00:56.0687 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/07/28 17:00:57.0342 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/07/28 17:00:58.0075 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/07/28 17:00:58.0746 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/07/28 17:00:59.0542 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/07/28 17:00:59.0978 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
2010/07/28 17:01:00.0431 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/07/28 17:01:01.0055 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/07/28 17:01:01.0460 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/07/28 17:01:02.0521 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/07/28 17:01:02.0786 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/07/28 17:01:03.0145 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/07/28 17:01:03.0566 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/07/28 17:01:03.0910 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/07/28 17:01:04.0159 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/07/28 17:01:04.0534 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/07/28 17:01:04.0814 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/07/28 17:01:05.0314 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/07/28 17:01:05.0766 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/07/28 17:01:06.0312 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/07/28 17:01:06.0920 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/07/28 17:01:07.0279 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/07/28 17:01:07.0685 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/07/28 17:01:07.0872 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/07/28 17:01:08.0418 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/07/28 17:01:09.0042 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/07/28 17:01:09.0229 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/07/28 17:01:09.0604 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/07/28 17:01:09.0884 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/07/28 17:01:10.0181 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/07/28 17:01:10.0399 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/07/28 17:01:10.0774 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/07/28 17:01:11.0242 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/07/28 17:01:11.0444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/07/28 17:01:11.0897 Sftfs (0c48c2ac1cfe16825d92f18acdbf32bf) C:\Windows\system32\DRIVERS\Sftfslh.sys
2010/07/28 17:01:12.0490 Sftplay (e11e4a372d3b6340a3078ed78bf97b57) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2010/07/28 17:01:12.0942 Sftredir (a4c15476e3bbbc5fe9c59b5af1e8af44) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2010/07/28 17:01:13.0441 Sftvol (fe6c7806cdb7d282e3c25968374f1a2e) C:\Windows\system32\DRIVERS\Sftvollh.sys
2010/07/28 17:01:13.0831 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/07/28 17:01:13.0909 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/07/28 17:01:14.0221 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/07/28 17:01:14.0580 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/07/28 17:01:14.0798 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
2010/07/28 17:01:15.0313 SPC230NC (2265d43d44cf9695c050e3b58f05295b) C:\Windows\system32\DRIVERS\SPC230NC.SYS
2010/07/28 17:01:15.0750 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/07/28 17:01:15.0984 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2010/07/28 17:01:16.0655 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2010/07/28 17:01:16.0920 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/07/28 17:01:17.0326 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/07/28 17:01:17.0575 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/07/28 17:01:17.0950 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/07/28 17:01:18.0168 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/07/28 17:01:18.0620 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2010/07/28 17:01:19.0572 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2010/07/28 17:01:20.0305 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2010/07/28 17:01:20.0711 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/07/28 17:01:20.0976 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/07/28 17:01:21.0304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/07/28 17:01:21.0460 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/07/28 17:01:21.0600 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/07/28 17:01:21.0974 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2010/07/28 17:01:22.0146 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/07/28 17:01:22.0474 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/07/28 17:01:22.0692 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/07/28 17:01:23.0191 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/07/28 17:01:23.0410 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/07/28 17:01:23.0940 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/07/28 17:01:24.0174 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/07/28 17:01:24.0626 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/07/28 17:01:25.0016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/07/28 17:01:25.0453 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/07/28 17:01:25.0640 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/07/28 17:01:26.0046 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/07/28 17:01:26.0233 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/07/28 17:01:26.0686 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/07/28 17:01:27.0029 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/07/28 17:01:27.0232 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/07/28 17:01:27.0512 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/07/28 17:01:28.0058 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/07/28 17:01:28.0324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/07/28 17:01:28.0526 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/07/28 17:01:28.0729 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/07/28 17:01:29.0010 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/07/28 17:01:29.0369 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/07/28 17:01:29.0587 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/07/28 17:01:29.0852 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/07/28 17:01:30.0258 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/07/28 17:01:30.0554 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/07/28 17:01:30.0944 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/07/28 17:01:31.0241 WacomPen (d35e6095ad0ee3b3393e6f3f1ecf168a) C:\Windows\system32\DRIVERS\wacompen.sys
2010/07/28 17:01:31.0600 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/28 17:01:31.0646 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/28 17:01:31.0912 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/07/28 17:01:32.0286 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/07/28 17:01:32.0848 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/07/28 17:01:33.0253 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/07/28 17:01:33.0487 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/07/28 17:01:33.0830 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/07/28 17:01:34.0236 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2010/07/28 17:01:34.0938 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/07/28 17:01:35.0000 ================================================================================
2010/07/28 17:01:35.0000 Scan finished
2010/07/28 17:01:35.0000 ================================================================================

Edited by Forgotten_One, 28 July 2010 - 05:17 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 29 July 2010 - 10:18 AM

Ok, one more try here. let' see the old MBAM log and a new one.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 29 July 2010 - 11:50 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 29 July 2010 - 10:53 AM

I want to clarify this. I going to run MBAM, update it, run a quick scan, and then reboot it? All in normal mode? I won't be able to do this until later today, but I want to make sure I am understanding the instructions.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 29 July 2010 - 11:50 AM

Yes, post that old log then this new one,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 29 July 2010 - 07:03 PM

I ran a full scan instead of a quick scan. Nothing came up. The old log was done as a complete scan.

New Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4368

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/29/2010 6:58:52 PM
mbam-log-2010-07-29 (18-58-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 309783
Time elapsed: 1 hour(s), 16 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Old Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4347

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/25/2010 5:32:36 PM
mbam-log-2010-07-25 (17-32-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 311031
Time elapsed: 2 hour(s), 14 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dkim\Downloads\PerfectOptimizer.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Edited by Forgotten_One, 29 July 2010 - 07:14 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 29 July 2010 - 08:21 PM

Appears we need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 29 July 2010 - 10:56 PM

Gmer scan went without a hitch. It detected something called UACd.sys.

Edited by Forgotten_One, 29 July 2010 - 10:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users