Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 biglat1595

biglat1595

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 13 December 2010 - 09:01 PM

Hi, since few days there's a lot of pop-up appearing in FF 3.6.12 I'm using Windows 7 Ultimate 64 bits.

I just installed Malwarebytes Anti-Malware and he blocks most of those pop-up who are annoying.

I'm trying to find where it comes and I can't figure out. Can you please help me !

Here it's the DDS log


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Phil at 8:24:14,52 on 2010-12-13
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.2.1036.18.5055.898 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Phil\AppData\Local\Temp\Rar$EX00.992\procexp.exe
C:\Users\Phil\AppData\Local\Temp\Rar$EX00.992\procexp64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe
D:\APPZ\Win7\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
D:\APPZ\Win7\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [<NO NAME>]
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: climoilou.qc.ca\acces
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5opswati.cab#Version=7000,2010,611,2025
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://acces.climoilou.qc.ca/vdesk/cachecleaner.cab#version=7000,2010,0611,2020
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/urxvpn.cab#version=7000,2010,611,2100
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5opswati.cab#Version=7000,2010,611,2025
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5tunsrv.cab#version=7000,2010,611,2051
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/InstallerControl.cab#version=7000,2010,0611,2124
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5opswati.cab#Version=7000,2010,611,2025
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,0611,2024
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/urxshost.cab#version=7000,2010,611,2044
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/urxhost.cab#version=7000,2010,611,2119
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://acces.climoilou.qc.ca/vdesk/terminal/f5opswati.cab#Version=7000,2010,611,2025
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun-x64: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
AppInit_DLLs-X64: acaptuser64.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\x03lyukt.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\x03lyukt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\x03lyukt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: F5 Networks Host Plugin: {DBBB3167-6E81-400f-BBFD-BD8921726F52} - %profile%\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-16 465792]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-11-13 279136]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2010-10-23 1261568]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-16 118688]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2010-11-7 18512]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-16 75800]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-12-12 23:43:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-12 23:43:41 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-12 23:32:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2010-12-12 14:44:03 -------- d-----w- C:\Users\Phil\AppData\Local\Apps
2010-12-12 14:35:16 -------- d-----w- C:\PROGRA~3\TomTom
2010-12-12 14:35:07 -------- d-----w- C:\Users\Phil\AppData\Roaming\TomTom
2010-12-12 14:35:07 -------- d-----w- C:\Users\Phil\AppData\Local\TomTom
2010-12-12 14:34:26 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2010-12-12 14:34:12 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2010-12-10 08:29:51 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C4687303-9CFB-4B7C-8AFE-2954F480E5D4}\mpengine.dll
2010-12-09 11:55:43 -------- d-----w- C:\Users\Phil\AppData\Roaming\Malwarebytes
2010-12-09 11:52:55 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-09 11:52:53 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-09 11:52:49 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-09 11:52:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-09 10:47:06 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-12-08 20:36:04 -------- d-----w- C:\Program Files (x86)\CA-SupportBridge
2010-12-08 20:35:47 -------- d-----w- C:\PROGRA~3\CA-SupportBridge
2010-12-01 01:37:46 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2010-12-01 01:31:18 -------- d-----w- C:\NVIDIA
2010-11-30 19:58:26 -------- d-----w- C:\Windows\System32\appmgmt
2010-11-30 02:04:00 -------- d-----w- C:\Users\Phil\AppData\Local\VMware
2010-11-30 01:12:45 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2010-11-30 01:12:38 30832 ----a-w- C:\Windows\System32\drivers\VMparport.sys
2010-11-30 01:12:37 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2010-11-30 01:12:03 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2010-11-30 01:11:59 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2010-11-30 01:11:58 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2010-11-30 01:11:54 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2010-11-30 01:11:46 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2010-11-30 01:11:43 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2010-11-30 01:02:22 -------- d-----w- C:\Program Files\iPod
2010-11-30 01:02:13 -------- d-----w- C:\Program Files\iTunes
2010-11-30 01:02:13 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-30 00:46:37 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2010-11-30 00:42:54 -------- d-----w- C:\Program Files (x86)\VMware
2010-11-28 13:59:39 -------- d-----w- C:\QUARANTINE
2010-11-25 05:03:11 -------- d-----w- C:\Users\Phil\AppData\Roaming\GARMIN
2010-11-25 05:03:11 -------- d-----w- C:\PROGRA~3\GARMIN
2010-11-25 04:59:48 -------- d-----w- C:\Program Files (x86)\Garmin
2010-11-24 01:16:55 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 01:16:55 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-24 00:30:11 -------- d-----w- C:\Users\Phil\AppData\Roaming\AVS4YOU
2010-11-24 00:28:35 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2010-11-24 00:28:17 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-11-24 00:28:17 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2010-11-24 00:28:16 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2010-11-24 00:28:16 -------- d-----w- C:\PROGRA~3\AVS4YOU
2010-11-22 18:04:56 69632 ----a-r- C:\Users\Phil\AppData\Roaming\Microsoft\Installer\{ED1B169D-F33E-4EB2-AB5E-F5C85FC3325C}\BlackBerry.exe
2010-11-20 22:19:29 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2010-11-20 22:18:12 112056 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2010-11-14 23:04:14 -------- d-----w- C:\Users\Phil\AppData\Local\Google
2010-11-14 22:58:44 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-11-13 14:22:06 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-13 14:22:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-13 13:27:27 279136 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2010-11-13 13:27:25 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2010-11-13 13:27:23 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2010-11-13 13:27:17 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys

==================== Find3M ====================

2010-12-01 01:25:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-11-11 17:04:36 252528 ----a-w- C:\Windows\SysWow64\vmnc.dll
2010-11-11 15:04:52 56880 ----a-w- C:\Windows\System32\vmnetbridge.dll
2010-11-11 15:04:52 55344 ----a-w- C:\Windows\System32\vnetinst.dll
2010-11-11 15:04:52 45104 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2010-11-11 15:04:52 24112 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2010-11-11 15:04:52 20016 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2010-11-08 01:20:40 6918144 ----a-w- C:\Users\Phil\PCPE_3.0.msi
2010-10-24 03:29:10 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-24 03:29:10 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-24 03:29:09 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-24 03:29:09 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-18 18:00:00 136704 ----a-w- C:\Windows\System32\ff_vfw.dll
2010-10-18 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-10-16 18:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 18:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 18:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 18:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-14 23:44:02 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

============= FINISH: 8:27:05,88 ===============

Edited by Andrew, 13 December 2010 - 10:42 PM.
Mod Edit: Moved From Windows 7 to logs forum - AA


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 22 December 2010 - 09:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 December 2010 - 11:24 AM

Hi m0le,

I'm alive! I was out of town. I'll be out of town 25-26th of december 2010.

Merry xmas

Big_lat15

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 24 December 2010 - 08:32 PM

When you're back please run TDSSKiller. It sounds like a rootkit is holding the malware and regenerating it when MBAM removes it.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 26 December 2010 - 05:12 PM

Hi M0le,

Happy x-mas !

TDSSKiller found something that it cures. After I rebooted, I did another scan and there is the log. The problem is gone for now.

Really thank you for the help !


Happy new year to all of you at bleepingcomputer.com

big_lat15

2010/12/26 17:04:01.0568 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/26 17:04:01.0568 ================================================================================
2010/12/26 17:04:01.0568 SystemInfo:
2010/12/26 17:04:01.0568
2010/12/26 17:04:01.0568 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/26 17:04:01.0568 Product type: Workstation
2010/12/26 17:04:01.0568 ComputerName: PHIL-WIN7
2010/12/26 17:04:01.0569 UserName: Phil
2010/12/26 17:04:01.0569 Windows directory: C:\Windows
2010/12/26 17:04:01.0569 System windows directory: C:\Windows
2010/12/26 17:04:01.0569 Running under WOW64
2010/12/26 17:04:01.0569 Processor architecture: Intel x64
2010/12/26 17:04:01.0569 Number of processors: 2
2010/12/26 17:04:01.0569 Page size: 0x1000
2010/12/26 17:04:01.0569 Boot type: Normal boot
2010/12/26 17:04:01.0569 ================================================================================
2010/12/26 17:04:01.0569 Utility is running under WOW64
2010/12/26 17:04:02.0728 Initialize success
2010/12/26 17:04:05.0238 ================================================================================
2010/12/26 17:04:05.0238 Scan started
2010/12/26 17:04:05.0238 Mode: Manual;
2010/12/26 17:04:05.0238 ================================================================================
2010/12/26 17:05:01.0852 ================================================================================
2010/12/26 17:05:01.0852 Scan started
2010/12/26 17:05:01.0852 Mode: Manual;
2010/12/26 17:05:01.0852 ================================================================================
2010/12/26 17:05:16.0540 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/26 17:05:17.0290 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/26 17:05:18.0080 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/26 17:05:19.0479 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/26 17:05:20.0214 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/26 17:05:20.0671 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/26 17:05:21.0400 afcdp (cc946c4ebf60cb6dc8816e5f8a941ead) C:\Windows\system32\DRIVERS\afcdp.sys
2010/12/26 17:05:22.0182 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/26 17:05:22.0915 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/26 17:05:23.0430 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/26 17:05:23.0612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/26 17:05:23.0917 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/26 17:05:24.0441 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/26 17:05:24.0794 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/26 17:05:25.0385 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/26 17:05:25.0751 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/26 17:05:26.0432 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/26 17:05:27.0249 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/26 17:05:27.0832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/26 17:05:28.0939 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/26 17:05:29.0809 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/26 17:05:30.0740 AtcL001 (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
2010/12/26 17:05:32.0349 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/26 17:05:33.0709 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/26 17:05:35.0339 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/26 17:05:36.0863 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/26 17:05:37.0983 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/26 17:05:39.0038 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/26 17:05:39.0695 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/26 17:05:40.0873 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/26 17:05:41.0578 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/26 17:05:42.0317 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/26 17:05:43.0051 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/26 17:05:44.0541 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/26 17:05:45.0251 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/26 17:05:45.0595 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/26 17:05:46.0416 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2010/12/26 17:05:47.0390 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/26 17:05:48.0258 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
2010/12/26 17:05:49.0048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/26 17:05:49.0687 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/26 17:05:50.0471 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/26 17:05:50.0991 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/26 17:05:52.0225 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/26 17:05:52.0589 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/26 17:05:52.0980 cmudaxp (62b8ec0cb4c2e4afb2207e5a8dde48dc) C:\Windows\system32\drivers\cmudaxp.sys
2010/12/26 17:05:54.0563 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/26 17:05:54.0986 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/26 17:05:55.0134 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/26 17:05:55.0368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/26 17:05:55.0635 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/12/26 17:05:56.0177 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/26 17:05:56.0341 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/26 17:05:56.0546 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/26 17:05:56.0675 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/26 17:05:57.0006 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/26 17:05:57.0740 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/26 17:05:58.0505 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/26 17:05:58.0710 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/26 17:05:59.0099 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/26 17:05:59.0304 f5ipfw (bb18cb1acaa1de0290087281fc0c09bc) C:\Windows\system32\drivers\urfltv64.sys
2010/12/26 17:05:59.0555 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/26 17:05:59.0676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/26 17:05:59.0965 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/26 17:06:00.0123 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/26 17:06:00.0311 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/26 17:06:00.0429 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/26 17:06:00.0649 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/26 17:06:00.0704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/26 17:06:01.0060 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/26 17:06:01.0382 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/26 17:06:01.0710 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/26 17:06:02.0185 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
2010/12/26 17:06:02.0710 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
2010/12/26 17:06:03.0144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/26 17:06:03.0559 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/26 17:06:03.0895 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/26 17:06:04.0140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/26 17:06:04.0322 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/26 17:06:04.0707 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/26 17:06:04.0983 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/26 17:06:05.0712 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/26 17:06:06.0702 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/26 17:06:07.0202 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/26 17:06:07.0597 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/26 17:06:07.0988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/26 17:06:08.0475 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/26 17:06:09.0298 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/26 17:06:09.0558 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/26 17:06:09.0794 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/26 17:06:10.0160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/26 17:06:10.0367 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/26 17:06:10.0430 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/26 17:06:10.0493 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/26 17:06:10.0572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/26 17:06:10.0628 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/26 17:06:10.0705 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/26 17:06:10.0823 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/26 17:06:10.0952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/26 17:06:11.0202 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/26 17:06:11.0639 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/26 17:06:11.0898 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/26 17:06:12.0019 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/26 17:06:12.0089 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/26 17:06:12.0173 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/26 17:06:12.0288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/26 17:06:12.0337 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/26 17:06:12.0422 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
2010/12/26 17:06:12.0513 MBAMProtector (de5d0dd632ee6977979799de64ce0951) C:\Windows\system32\drivers\mbam.sys
2010/12/26 17:06:12.0578 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/26 17:06:12.0627 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/26 17:06:12.0707 mfeapfk (4dea3f2dc347dea7cb4535680c0e03f1) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/26 17:06:12.0780 mfeavfk (e555fed8762cbee0a91c47450f81654e) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/26 17:06:12.0939 mfehidk (f3ce7173922b89cfa909695a489a0e9e) C:\Windows\system32\drivers\mfehidk.sys
2010/12/26 17:06:13.0217 mferkdet (a4f8465b956571ab296eb70c167754db) C:\Windows\system32\drivers\mferkdet.sys
2010/12/26 17:06:13.0285 mfetdik (4339aee8f042ecb4292cd36d84a7cc2f) C:\Windows\system32\drivers\mfetdik.sys
2010/12/26 17:06:13.0368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/26 17:06:13.0435 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/26 17:06:13.0488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/26 17:06:13.0545 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/26 17:06:13.0595 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/26 17:06:13.0708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/26 17:06:13.0795 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/26 17:06:13.0879 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/26 17:06:13.0958 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/26 17:06:14.0087 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/26 17:06:14.0270 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/26 17:06:14.0385 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/26 17:06:14.0482 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/26 17:06:14.0564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/26 17:06:14.0629 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/26 17:06:14.0698 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/26 17:06:14.0760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/26 17:06:14.0833 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/26 17:06:14.0963 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/26 17:06:15.0009 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/26 17:06:15.0117 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/26 17:06:15.0158 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/26 17:06:15.0229 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/26 17:06:15.0289 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/26 17:06:15.0377 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/26 17:06:15.0434 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/26 17:06:15.0579 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/26 17:06:15.0624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/26 17:06:15.0748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/26 17:06:15.0794 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/26 17:06:16.0160 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/26 17:06:16.0620 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/26 17:06:16.0705 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/26 17:06:16.0921 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/26 17:06:17.0103 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/26 17:06:17.0187 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/26 17:06:17.0233 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/26 17:06:17.0396 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/26 17:06:17.0794 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/26 17:06:19.0515 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/26 17:06:20.0343 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/26 17:06:20.0715 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/26 17:06:20.0791 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/26 17:06:20.0881 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/26 17:06:21.0516 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/26 17:06:21.0732 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/26 17:06:21.0947 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/26 17:06:22.0038 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/26 17:06:22.0194 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/26 17:06:22.0384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/26 17:06:22.0965 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/26 17:06:23.0358 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/26 17:06:23.0800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/26 17:06:24.0281 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/26 17:06:25.0084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/26 17:06:25.0270 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/26 17:06:25.0350 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/26 17:06:25.0420 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/26 17:06:25.0462 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/26 17:06:25.0497 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/26 17:06:25.0539 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/26 17:06:25.0569 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/26 17:06:25.0607 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/26 17:06:25.0637 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/26 17:06:25.0685 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/26 17:06:25.0746 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/12/26 17:06:25.0774 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/26 17:06:25.0818 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/26 17:06:25.0845 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/26 17:06:25.0907 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/26 17:06:26.0022 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/26 17:06:26.0075 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2010/12/26 17:06:26.0152 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/26 17:06:26.0201 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/26 17:06:26.0235 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/26 17:06:26.0279 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/26 17:06:26.0343 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/26 17:06:26.0396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/26 17:06:26.0465 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/26 17:06:26.0549 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/26 17:06:26.0635 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/26 17:06:26.0746 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/26 17:06:26.0796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/26 17:06:26.0831 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/26 17:06:26.0891 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/26 17:06:26.0940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/26 17:06:26.0971 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/26 17:06:27.0023 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/26 17:06:27.0138 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
2010/12/26 17:06:27.0239 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/26 17:06:27.0565 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/26 17:06:27.0862 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/26 17:06:28.0066 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/26 17:06:28.0309 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/26 17:06:28.0552 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/26 17:06:28.0903 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/26 17:06:29.0223 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/26 17:06:29.0697 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/26 17:06:30.0189 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/26 17:06:30.0458 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/26 17:06:30.0611 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/26 17:06:30.0783 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
2010/12/26 17:06:31.0044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/26 17:06:31.0086 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/26 17:06:31.0127 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/26 17:06:31.0213 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
2010/12/26 17:06:31.0798 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/26 17:06:32.0123 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/26 17:06:32.0199 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/26 17:06:32.0258 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/26 17:06:32.0362 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/26 17:06:32.0424 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/26 17:06:32.0468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/26 17:06:32.0514 urvpndrv (170f07decb66b626c607d0b378a34b1d) C:\Windows\system32\DRIVERS\covpnv64.sys
2010/12/26 17:06:32.0561 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/26 17:06:32.0590 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/26 17:06:32.0631 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/26 17:06:32.0670 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/26 17:06:32.0774 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/26 17:06:32.0957 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/26 17:06:33.0074 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/26 17:06:33.0110 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/26 17:06:33.0148 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/26 17:06:33.0220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/26 17:06:33.0275 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/26 17:06:33.0304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/26 17:06:33.0344 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/26 17:06:33.0382 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/26 17:06:33.0463 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/26 17:06:33.0502 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/26 17:06:33.0666 vmci (b49cb94db99519f9dc7f77d2d1f215b5) C:\Windows\system32\drivers\vmci.sys
2010/12/26 17:06:33.0880 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
2010/12/26 17:06:34.0050 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/12/26 17:06:34.0137 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/12/26 17:06:34.0511 VMnetuserif (163b05050fcd9635242ec5206c19a182) C:\Windows\system32\drivers\vmnetuserif.sys
2010/12/26 17:06:34.0788 VMparport (c8eb96d0c78b1cf67167dafc617ee960) C:\Windows\system32\drivers\VMparport.sys
2010/12/26 17:06:34.0893 vmx86 (f2a8ee62d7161e1598cdd269bf22a03d) C:\Windows\system32\drivers\vmx86.sys
2010/12/26 17:06:35.0060 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/26 17:06:35.0116 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/26 17:06:35.0154 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/26 17:06:35.0195 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/26 17:06:35.0337 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2010/12/26 17:06:35.0604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/26 17:06:35.0854 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/26 17:06:35.0951 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/26 17:06:35.0979 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/26 17:06:36.0042 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/26 17:06:36.0191 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/26 17:06:36.0322 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/26 17:06:36.0358 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/26 17:06:36.0445 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/26 17:06:36.0501 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/26 17:06:36.0562 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/26 17:06:36.0863 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/26 17:06:36.0902 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/26 17:06:37.0962 ================================================================================
2010/12/26 17:06:37.0962 Scan finished
2010/12/26 17:06:37.0962 ================================================================================
2010/12/26 17:06:45.0236 Deinitialize success

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 26 December 2010 - 09:08 PM

You're welcome, but we need to make sure. Please run MBAM and ESET

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

We're probably good but this will make sure. :)
Posted Image
m0le is a proud member of UNITE

#7 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 29 December 2010 - 05:17 PM

Hi M0le,

Here it's the first log from mbam ! It found nothing but I still have problem and pop-up from iexplore.exe, firefox.exe, scvhost.exe

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5401

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-12-28 13:24:26
mbam-log-2010-12-28 (13-24-26).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|Y:\|Z:\|)
Objects scanned: 1006687
Time elapsed: 21 hour(s), 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'm starting a scan from ESET

#8 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 01 January 2011 - 09:05 AM

Here the scan from ESET

G:\Emilie\TÚlÚchargements\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
Y:\Emilie\TÚlÚchargements\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
Z:\Logiciels\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
Z:\Logiciels\Win7\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
Z:\Logiciels\Win7\Magic.ISO.Maker.v5.5.0281.Incl.Keygen.and.Patch-DI.zip a variant of Win32/Keygen.AR application deleted - quarantined

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 01 January 2011 - 11:48 AM

Your C drive is clean. What are your G, Y and Z drives?
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 04 January 2011 - 08:49 PM

You still there?
Posted Image
m0le is a proud member of UNITE

#11 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 04 January 2011 - 10:08 PM

Yeah sorry I saw your message on my BB but forgot to reply !

I still have some bleep blocked by Malware-antybite for iexplorer.exe, firefox.exe and scvhost.

G is for my data
c is only windows 7
z and y are my DNS-323 d-link.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 05 January 2011 - 01:20 PM

I still have some bleep blocked by Malware-antybite for iexplorer.exe, firefox.exe and scvhost.


What do you mean? MBAM's last scan came up clean so where are these messages being displayed?
Posted Image
m0le is a proud member of UNITE

#13 biglat1595

biglat1595
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 05 January 2011 - 06:32 PM

I'll take a screenshot of what is happening.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 05 January 2011 - 07:55 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 PM

Posted 08 January 2011 - 09:38 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users