Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi


  • This topic is locked This topic is locked
15 replies to this topic

#1 CarmelOak

CarmelOak

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 07 August 2010 - 02:11 PM

Hi, new here hoping that this website and it's founders can help me out. Thanks. I have tried to post a new malware removal request but I keep getting an internet error. After several tries with the same errors, I tried and was able to post here with no problems. Went back to post a help request and get an internet error. Any ideas why I can post here but not there?

Edited by Budapest, 07 August 2010 - 04:33 PM.
Moved from Intros ~BP


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 07 August 2010 - 05:41 PM

Please post it here.. Can you also give the Internet error.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 07 August 2010 - 09:53 PM

Thanks so much for the fast response. Here is the exact error message I get, which is the same as when I try to perform a Windows Update which always fails:

"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information"

I know it's not an internet issue so I can only assume the malware is blocking you guys. I would assume that's a compliment to you. I tried to include the log here, but I keep getting the same error. I can't even preview the post. If I post without the log it lets me preview. If I include the log text it doesn't. I guess the malware is named and is programmed to not allow internet if the file name is listed? In fact, I just tried to create a help request post and attach all 3 files instead of pasting in the log text to see if I could preview the post. The other 2 files have no problem uploading, but when I try to upload the DDS text file it keeps saying Uploading File indefinitely. I have tried this twice and it happened both times.

Edited by CarmelOak, 07 August 2010 - 09:57 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 07 August 2010 - 09:58 PM

Hello,
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 07 August 2010 - 10:01 PM

Hello,
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.

Use a proxy was NOT checked so I did not have to change anything.

Log here:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4404

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/7/2010 10:30:14 PM
mbam-log-2010-08-07 (22-30-14).txt

Scan type: Quick scan
Objects scanned: 145568
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by CarmelOak, 07 August 2010 - 10:38 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 07 August 2010 - 10:39 PM

Looks good there. Let's do one more scan to be sure your clean. I'll look back in the morning.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 08 August 2010 - 07:43 AM

I did all this and saw the report in safe mode. When I restarted and went to Scanner Logs in SUPERAntiSpyware it was empty. The "keep a detailed log of scanning results" and "save empty/clean logs" are checked so I don't know why I don't have the log. I do know it quarantined 57 items, but nothing else. When I came to this website I got a popup ad for Registry Defender.

To see if anything changed I pasted the dds log text into a post here and tried to preview it. I still can't. I've been playing around and if I eliminate the Pseudo HJT Report it allows me to preview the rest of the log. When I get more time I will experiment and see if I can find out which specific text is causing it.

UPDATE: I found the entry that is causing the posting error. In order to be able to paste it I had to add SPACE to it in two places. Here it is:


DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microSPACEsoft.com/windowsSPACEupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162619903734

Hopefully this helps.

Edited by CarmelOak, 08 August 2010 - 09:37 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 08 August 2010 - 04:56 PM

Hello, I can open the link. What do you want me to see there? There are 3 folders
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 08 August 2010 - 06:09 PM

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microSPACEsoft.com/windowsSPACEupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162619903734

Hello, I can open the link. What do you want me to see there? There are 3 folders

That is not a link I've provided, it's a line from my dds log that forces the internet error whenever I try to post a topic with my dds log. The reason I could not post a new malware removal request topic was because I would get an internet error every time I tried to post my dds log. After trial and error, I found out that what was causing the error was the above line in my dds log. When I remove the above line (or alter it by adding the two SPACE) I am able to post the dds log and attach the attach and ark files. Somehow whatever I have will not allow me to post a log or message that has the above line.

What is my next step?

Edited by CarmelOak, 08 August 2010 - 06:13 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 09 August 2010 - 11:03 PM

Hello after a lot of looking around afew ooptions to see if we can get a log to post there.

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.Link 1 for 32-bit version
Link 2 for 32-bit version

Link 1 for 64-bit version
Link 2 for 64-bit version
This tool needs to run while the computer is connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everthing and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
-- Note: Do not post the contents of info.txt in your reply. Instead, just include it as an attachment to upload using the "Browse" button in the text editor when making your reply.

Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If RSIT did not work, then reply back here.



Or use OTL.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 10 August 2010 - 08:59 PM

Alright, I'm afraid I haven't been explaining myself well and I think I have you confused. I'm going to try to clearly explain what has been going on.

#1. I realized I had a problem when I could not update Windows or use Microsoft Update. I did not have any popups or redirects.

#2. I used Microsoft's scanner and Malicious Software Removal tools which identified an Alureon infection and also a Java exploit. The Microsoft tools and my Trend Micro Internet Security were only able to partially remove the problems.

#3. I found this website and used your Preparation Guide to:
Disable CD Emulation Software
Download and run DDS (DDS log created and Attach log created)
Download and run GMER (Ark log created)

#4. I logged into this forum and started a new malware removal topic. I described my problems, pasted in the DDS log, and uploaded the Attach and Ark files. When I clicked "Post New Topic" I received an internet error. I tried several more times over the course of hours to create the topic, but I kept getting the same internet error.

#5. I went to the Introductory forum and started a "Hi" post to see if it would allow it. I was able to post with no problem. I then again tried to create a malware removal topic and it would not let me. I updated my "Hi" post to include my inability to post a malware removal topic hoping someone could help me out.

#6. I was instructed to run Malwarebytes' Anti-Malware and post the log. I did.

#7. I was instructed to run ATF and SAS and post the log SUPERAntiSpyware Scan Log. I ran the programs but was not able to post the log, it showed the log in safe mode after running but upon restart there was no log. I do recall it quarantined/removed 57 items. When I logged back in to this website to post my results I got a popup for Registery Defender.

#8. While I was waiting for a response I played around with trying to post my malware removal topic. I copied the DDS log into a post one line at at time and checked to see if it would let me post it. I discovered that the entry in the DDS log that was not allowing me to post was this:

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microSPACEsoft.com/windowsSPACEupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162619903734

I am able to post it here by adding the SPACE's, without those I get an internet error.

#9. I am now not only getting more popups, but am also getting Internet Explorer redirects.

#10. What is my next step? It appears to me I can do 3 things:

A - Paste in the original DDS log using the SPACE trick and upload the Attach and Ark files in a new malware removal topic.

B - Re-run the preparation guide to generate new logs (DDS, Attach, and Ark) as running Malwarebytes' Anti-Malware , ATF, and SAS since then might have made my current logs out of date. Then use the SPACE trick to post the DDS log and upload the Attach and Ark files in a new malware removal topic.

C - Run the RSIT file that you have suggested, even though you said to do it only if I can't generate a DDS log, which I can.

Sorry I'm not better at precisely explaining myself.

Edited by CarmelOak, 10 August 2010 - 09:15 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 10 August 2010 - 09:17 PM

Hi, I see ,yes I was a bit confused..
I think if we run the tool in here we may just straighten this out.

How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 10 August 2010 - 10:52 PM

TDSSKiller.txt:
2010/08/10 22:29:35.0779 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/10 22:29:35.0779 ================================================================================
2010/08/10 22:29:35.0779 SystemInfo:
2010/08/10 22:29:35.0779
2010/08/10 22:29:35.0779 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/10 22:29:35.0779 Product type: Workstation
2010/08/10 22:29:35.0779 ComputerName: PRIMARY
2010/08/10 22:29:35.0779 UserName: HP_Administrator
2010/08/10 22:29:35.0779 Windows directory: C:\WINDOWS
2010/08/10 22:29:35.0779 System windows directory: C:\WINDOWS
2010/08/10 22:29:35.0779 Processor architecture: Intel x86
2010/08/10 22:29:35.0779 Number of processors: 2
2010/08/10 22:29:35.0779 Page size: 0x1000
2010/08/10 22:29:35.0779 Boot type: Normal boot
2010/08/10 22:29:35.0779 ================================================================================
2010/08/10 22:29:35.0982 Initialize success
2010/08/10 22:29:56.0795 ================================================================================
2010/08/10 22:29:56.0795 Scan started
2010/08/10 22:29:56.0795 Mode: Manual;
2010/08/10 22:29:56.0795 ================================================================================
2010/08/10 22:29:57.0155 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/10 22:29:57.0202 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/10 22:29:57.0264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/10 22:29:57.0327 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/10 22:29:57.0436 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/10 22:29:57.0498 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2010/08/10 22:29:57.0514 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2010/08/10 22:29:57.0545 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2010/08/10 22:29:57.0561 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2010/08/10 22:29:57.0608 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/10 22:29:57.0623 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2010/08/10 22:29:57.0733 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/10 22:29:57.0748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/10 22:29:57.0827 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/10 22:29:57.0842 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/10 22:29:57.0889 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/10 22:29:57.0967 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/08/10 22:29:57.0998 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/10 22:29:58.0030 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/10 22:29:58.0092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/10 22:29:58.0123 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/10 22:29:58.0139 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/10 22:29:58.0248 CnxTrLan (d1b80ebca699c5f059e7a79fa122baee) C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
2010/08/10 22:29:58.0295 CnxTrUsb (b8f24a0a1b1b26b62e6da44099433bc8) C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
2010/08/10 22:29:58.0405 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/10 22:29:58.0483 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/10 22:29:58.0577 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/10 22:29:58.0592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/10 22:29:58.0639 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/10 22:29:58.0702 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/10 22:29:58.0748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/10 22:29:58.0795 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/10 22:29:58.0858 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/10 22:29:58.0889 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/10 22:29:58.0905 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/10 22:29:58.0936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/10 22:29:58.0952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/10 22:29:58.0998 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/10 22:29:59.0077 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/10 22:29:59.0092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/10 22:29:59.0139 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/10 22:29:59.0186 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/10 22:29:59.0264 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2010/08/10 22:29:59.0311 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2010/08/10 22:29:59.0373 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/10 22:29:59.0452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/10 22:29:59.0483 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/10 22:29:59.0670 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/10 22:29:59.0733 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/10 22:29:59.0764 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/10 22:29:59.0780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/10 22:29:59.0795 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/10 22:29:59.0842 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/10 22:29:59.0889 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/10 22:29:59.0905 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/10 22:29:59.0952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/10 22:29:59.0967 isapnp (91e075cddf6684073734210b982f3518) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/10 22:29:59.0967 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 91e075cddf6684073734210b982f3518, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/10 22:29:59.0983 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/10 22:30:00.0014 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/10 22:30:00.0045 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/10 22:30:00.0077 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/10 22:30:00.0170 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/08/10 22:30:00.0249 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/10 22:30:00.0545 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/10 22:30:00.0827 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/10 22:30:00.0874 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/10 22:30:00.0920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/10 22:30:00.0983 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/10 22:30:00.0999 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/10 22:30:01.0061 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/10 22:30:01.0077 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/10 22:30:01.0124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/10 22:30:01.0186 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/10 22:30:01.0217 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/10 22:30:01.0249 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/10 22:30:01.0264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/10 22:30:01.0295 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/10 22:30:01.0342 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/10 22:30:01.0389 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/10 22:30:01.0405 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/10 22:30:01.0452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/10 22:30:01.0499 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/10 22:30:01.0530 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/10 22:30:01.0577 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/10 22:30:01.0608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/10 22:30:01.0624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/10 22:30:01.0655 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/10 22:30:01.0670 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/10 22:30:01.0702 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/10 22:30:01.0749 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/10 22:30:01.0764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/10 22:30:01.0811 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/10 22:30:01.0842 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/10 22:30:01.0967 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/10 22:30:02.0045 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/08/10 22:30:02.0077 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/08/10 22:30:02.0124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/10 22:30:02.0139 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/10 22:30:02.0202 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/10 22:30:02.0233 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/10 22:30:02.0249 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/10 22:30:02.0280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/10 22:30:02.0295 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/10 22:30:02.0342 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/10 22:30:02.0374 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/10 22:30:02.0545 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/10 22:30:02.0577 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/10 22:30:02.0639 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/08/10 22:30:02.0655 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/10 22:30:02.0670 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/10 22:30:02.0686 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/10 22:30:02.0749 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2010/08/10 22:30:02.0936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/10 22:30:02.0967 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/10 22:30:02.0983 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/10 22:30:03.0014 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/10 22:30:03.0045 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/10 22:30:03.0061 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/10 22:30:03.0092 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/10 22:30:03.0139 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/10 22:30:03.0186 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/10 22:30:03.0249 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/10 22:30:03.0358 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/10 22:30:03.0374 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/10 22:30:03.0436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/10 22:30:03.0483 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/10 22:30:03.0514 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/10 22:30:03.0577 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/10 22:30:03.0639 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/10 22:30:03.0670 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/10 22:30:03.0733 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/10 22:30:03.0780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/10 22:30:03.0827 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/10 22:30:03.0858 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/10 22:30:03.0983 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/10 22:30:04.0061 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/10 22:30:04.0108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/10 22:30:04.0139 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/10 22:30:04.0155 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/10 22:30:04.0217 tmactmon (333fd294e6c34232af115f3f11dcaa98) C:\WINDOWS\system32\drivers\tmactmon.sys
2010/08/10 22:30:04.0280 tmcfw (73d3b5d101e3202c268ffe851574b6eb) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/08/10 22:30:04.0327 tmcomm (310465d1ba3481b299247b38b2f5da84) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/10 22:30:04.0342 tmevtmgr (76920d2989848744b47b6de8c46fa175) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010/08/10 22:30:04.0405 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/08/10 22:30:04.0467 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/08/10 22:30:04.0530 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/08/10 22:30:04.0608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/10 22:30:04.0686 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/10 22:30:04.0749 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/10 22:30:04.0795 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/10 22:30:04.0874 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/10 22:30:04.0905 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/10 22:30:04.0952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/10 22:30:04.0999 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/10 22:30:05.0030 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/10 22:30:05.0077 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/10 22:30:05.0108 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/10 22:30:05.0139 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/10 22:30:05.0170 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/10 22:30:05.0217 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/10 22:30:05.0233 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/10 22:30:05.0264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/10 22:30:05.0358 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/08/10 22:30:05.0405 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/10 22:30:05.0467 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/10 22:30:05.0545 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/08/10 22:30:05.0639 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/10 22:30:05.0670 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/10 22:30:05.0702 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/10 22:30:05.0795 ================================================================================
2010/08/10 22:30:05.0795 Scan finished
2010/08/10 22:30:05.0795 ================================================================================
2010/08/10 22:30:05.0811 Detected object count: 1
2010/08/10 22:30:45.0124 isapnp (91e075cddf6684073734210b982f3518) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/10 22:30:45.0124 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 91e075cddf6684073734210b982f3518, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/10 22:30:45.0624 Backup copy found, using it..
2010/08/10 22:30:45.0640 C:\WINDOWS\system32\DRIVERS\isapnp.sys - will be cured after reboot
2010/08/10 22:30:45.0640 Rootkit.Win32.TDSS.tdl3(isapnp) - User select action: Cure
2010/08/10 22:31:38.0000 Deinitialize success

MalwareBytes scan log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/10/2010 10:51:39 PM
mbam-log-2010-08-10 (22-51-39).txt

Scan type: Quick scan
Objects scanned: 145521
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 10 August 2010 - 11:02 PM

Can you post a DDS log there now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 CarmelOak

CarmelOak
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 10 August 2010 - 11:26 PM

Success! I was able to post my malware removal request here. THANKS!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users