Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible MBR rootkit infection found.


  • This topic is locked This topic is locked
12 replies to this topic

#1 ivorygull

ivorygull

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 18 December 2010 - 04:45 AM

Good morning,

having had difficulty with installing Flightsim programs over the past couple of day due to what Windows claimed were "operating sysytem incompatabilities", MBAM found an infected file which had cured that issue but our computer guy at work suggested I ran Combofix which has flagged up this possible rootkit infection.

Inintially it would not let me run GMER and failed halfway through but has been fine this morning.

Logs included as per Prep Guide. Your input would be much appreciated.

Many thanks in advance,

Dave.

***************************************************


DDS (Ver_10-12-12.02) - NTFSx86
Run by Dave at 8:53:27.86 on 18/12/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1730 [GMT 0:00]

AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Device Integrator\wldi.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Device Integrator\DI_HIDServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [nHancer] "c:\program files\nhancer\nHancer.exe" /tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WindowsLiveDeviceIntegrator] c:\program files\windows live\device integrator\wldi.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-7-8 14976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-20 21504]
R3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 132232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-1-4 25704]

=============== Created Last 30 ================

2010-12-18 00:37:06 -------- d-s---w- C:\ComboFix
2010-12-18 00:32:28 -------- d-----w- c:\users\dave\appdata\local\temp
2010-12-18 00:31:31 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-17 19:40:57 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-17 19:40:57 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-17 19:40:57 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-17 19:40:56 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-17 19:40:56 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-17 19:40:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-17 19:40:56 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-17 19:40:55 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-17 19:04:39 98816 ----a-w- c:\windows\sed.exe
2010-12-17 19:04:39 89088 ----a-w- c:\windows\MBR.exe
2010-12-17 19:04:39 256512 ----a-w- c:\windows\PEV.exe
2010-12-17 19:04:39 161792 ----a-w- c:\windows\SWREG.exe
2010-12-17 18:44:30 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ac15ff25-bc0a-4f38-9e86-2c794045eb26}\mpengine.dll
2010-12-15 18:11:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-15 18:09:48 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 18:09:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 18:09:47 389632 ----a-w- c:\windows\system32\html.iec
2010-12-15 18:09:39 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 18:07:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 18:07:12 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 18:07:11 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 18:07:11 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 18:07:11 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 18:06:22 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 18:06:21 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 18:06:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 18:06:20 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 18:06:05 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 18:06:05 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 18:06:05 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 18:06:04 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-12 17:01:58 -------- d-----w- c:\users\dave\appdata\roaming\NVIDIA
2010-12-12 17:01:54 -------- d-sh--w- c:\progra~2\DSS
2010-12-12 15:37:02 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-12-09 20:02:18 746496 ----a-w- c:\windows\SysWOW64
2010-12-01 19:57:33 -------- d-----w- c:\users\dave\appdata\local\Activision
2010-11-24 20:03:04 -------- d-----w- c:\progra~2\vsosdk
2010-11-23 23:50:48 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-11-23 23:50:48 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-11-23 23:50:48 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-11-23 23:50:48 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-11-23 23:50:48 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-11-23 23:50:48 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-11-23 23:50:48 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-11-23 23:50:45 -------- d-----w- c:\program files\VSO
2010-11-21 17:52:54 -------- d-----w- c:\users\dave\appdata\roaming\TS3Client

==================== Find3M ====================

2010-12-12 15:39:04 138056 ----a-w- c:\users\dave\appdata\roaming\PnkBstrK.sys
2010-12-12 15:38:49 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 15:37:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-27 17:15:42 286720 ----a-w- c:\windows\iun506.exe
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll

============= FINISH: 8:54:07.40 ===============


*************************

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 18 December 2010 - 05:48 PM

Hello Dave ,

Posted Image

Could you please post up the ComboFix report for me? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 ivorygull

ivorygull
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2010 - 07:00 AM

Good morning Tea,

thanks for the reply and welcome.

Combo Report attached here.

ATB,
Dave.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 19 December 2010 - 12:06 PM

Good morning :)

Let's see what this has to say :

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

How is it running today?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 ivorygull

ivorygull
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2010 - 01:12 PM

Good afternoon Teacup!

TDSS Killer run and log below.

In answer to your question, I've not really seen any poor performance in how it runs, in fact if I'd not run Combofix on the advice of our computer guy, I'd probably never have found it?! :mellow: :o

Log pasted below, thanks again for the help so far.

Dave.

***************************

2010/12/19 17:40:44.0029 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/19 17:40:44.0029 ================================================================================
2010/12/19 17:40:44.0029 SystemInfo:
2010/12/19 17:40:44.0029
2010/12/19 17:40:44.0029 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/19 17:40:44.0029 Product type: Workstation
2010/12/19 17:40:44.0029 ComputerName: BEEESTMACHINE
2010/12/19 17:40:44.0029 UserName: Dave
2010/12/19 17:40:44.0029 Windows directory: C:\Windows
2010/12/19 17:40:44.0029 System windows directory: C:\Windows
2010/12/19 17:40:44.0029 Processor architecture: Intel x86
2010/12/19 17:40:44.0029 Number of processors: 4
2010/12/19 17:40:44.0029 Page size: 0x1000
2010/12/19 17:40:44.0029 Boot type: Normal boot
2010/12/19 17:40:44.0029 ================================================================================
2010/12/19 17:40:48.0178 Initialize success
2010/12/19 17:41:03.0232 ================================================================================
2010/12/19 17:41:03.0232 Scan started
2010/12/19 17:41:03.0232 Mode: Manual;
2010/12/19 17:41:03.0232 ================================================================================
2010/12/19 17:41:04.0090 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/19 17:41:04.0137 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/19 17:41:04.0168 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/19 17:41:04.0199 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/19 17:41:04.0215 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/19 17:41:04.0277 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/19 17:41:04.0324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/19 17:41:04.0371 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/19 17:41:04.0433 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/12/19 17:41:04.0449 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/19 17:41:04.0465 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/12/19 17:41:04.0480 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/19 17:41:04.0511 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/19 17:41:04.0574 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/19 17:41:04.0589 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/19 17:41:04.0667 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/19 17:41:04.0730 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/19 17:41:04.0777 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys
2010/12/19 17:41:04.0839 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/19 17:41:04.0901 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/19 17:41:04.0933 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/19 17:41:04.0948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/19 17:41:04.0979 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/19 17:41:04.0995 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/19 17:41:05.0011 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/19 17:41:05.0026 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/19 17:41:05.0042 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/19 17:41:05.0182 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/19 17:41:05.0245 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/19 17:41:05.0260 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/19 17:41:05.0323 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/19 17:41:05.0401 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/12/19 17:41:05.0479 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2010/12/19 17:41:05.0494 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/19 17:41:05.0525 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/19 17:41:05.0557 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/19 17:41:05.0619 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2010/12/19 17:41:05.0650 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2010/12/19 17:41:05.0681 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2010/12/19 17:41:05.0728 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2010/12/19 17:41:05.0759 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2010/12/19 17:41:05.0791 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2010/12/19 17:41:05.0822 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2010/12/19 17:41:05.0869 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2010/12/19 17:41:05.0900 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2010/12/19 17:41:05.0915 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2010/12/19 17:41:05.0962 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2010/12/19 17:41:06.0009 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2010/12/19 17:41:06.0025 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2010/12/19 17:41:06.0056 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2010/12/19 17:41:06.0087 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2010/12/19 17:41:06.0149 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/19 17:41:06.0212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/19 17:41:06.0305 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/19 17:41:06.0383 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/19 17:41:06.0430 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/19 17:41:06.0493 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/19 17:41:06.0539 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
2010/12/19 17:41:06.0602 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/19 17:41:06.0664 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/12/19 17:41:06.0727 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/19 17:41:06.0789 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2010/12/19 17:41:06.0836 epfw (39f48a0784be8465cd1ac80b36d61613) C:\Windows\system32\DRIVERS\epfw.sys
2010/12/19 17:41:06.0883 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
2010/12/19 17:41:06.0929 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\Windows\system32\DRIVERS\epfwwfp.sys
2010/12/19 17:41:07.0023 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/19 17:41:07.0070 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/19 17:41:07.0117 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/19 17:41:07.0179 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/19 17:41:07.0226 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/19 17:41:07.0257 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/19 17:41:07.0304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/19 17:41:07.0335 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/19 17:41:07.0366 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/19 17:41:07.0475 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2010/12/19 17:41:07.0538 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/12/19 17:41:07.0600 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/19 17:41:07.0616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/19 17:41:07.0647 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/19 17:41:07.0678 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/19 17:41:07.0725 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/19 17:41:07.0787 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/19 17:41:07.0803 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/19 17:41:07.0881 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/19 17:41:07.0912 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/19 17:41:07.0959 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/19 17:41:07.0990 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/12/19 17:41:08.0053 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/19 17:41:08.0115 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/19 17:41:08.0177 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/19 17:41:08.0224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/19 17:41:08.0271 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/19 17:41:08.0302 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/19 17:41:08.0349 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/19 17:41:08.0380 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/19 17:41:08.0396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/19 17:41:08.0443 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/19 17:41:08.0521 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/19 17:41:08.0567 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/19 17:41:08.0645 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/19 17:41:08.0708 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/19 17:41:08.0786 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/19 17:41:08.0817 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/19 17:41:08.0864 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/19 17:41:08.0879 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/19 17:41:08.0911 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/19 17:41:08.0957 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/19 17:41:08.0989 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/19 17:41:09.0035 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/19 17:41:09.0160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/19 17:41:09.0223 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/19 17:41:09.0269 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/19 17:41:09.0301 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/19 17:41:09.0347 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/19 17:41:09.0379 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/19 17:41:09.0394 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/19 17:41:09.0441 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/19 17:41:09.0472 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/19 17:41:09.0519 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/19 17:41:09.0535 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/19 17:41:09.0566 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/12/19 17:41:09.0597 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/19 17:41:09.0659 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/19 17:41:09.0706 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/19 17:41:09.0784 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/19 17:41:09.0800 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/19 17:41:09.0831 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/19 17:41:09.0893 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/19 17:41:09.0925 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/19 17:41:09.0940 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/19 17:41:09.0971 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/19 17:41:10.0065 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/19 17:41:10.0112 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/19 17:41:10.0174 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/19 17:41:10.0221 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/19 17:41:10.0268 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/19 17:41:10.0315 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/19 17:41:10.0361 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/19 17:41:10.0408 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/19 17:41:10.0455 NetworkX (0705c593a7dc0bb75f26f67002483a6b) C:\Windows\system32\ckldrv.sys
2010/12/19 17:41:10.0502 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/19 17:41:10.0580 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/19 17:41:10.0611 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/19 17:41:10.0673 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/19 17:41:10.0705 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/19 17:41:10.0720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/19 17:41:10.0985 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/19 17:41:11.0173 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2010/12/19 17:41:11.0188 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2010/12/19 17:41:11.0251 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/19 17:41:11.0344 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/19 17:41:11.0438 ossrv (1018385d44f084509027494f763630bd) C:\Windows\system32\drivers\ctoss2k.sys
2010/12/19 17:41:11.0500 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/19 17:41:11.0547 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/19 17:41:11.0578 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/19 17:41:11.0641 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/19 17:41:11.0672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/19 17:41:11.0687 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/19 17:41:11.0750 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/19 17:41:11.0859 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/19 17:41:11.0890 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/19 17:41:11.0953 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/19 17:41:11.0999 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/19 17:41:12.0062 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/19 17:41:12.0093 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/19 17:41:12.0140 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/19 17:41:12.0187 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/19 17:41:12.0218 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/19 17:41:12.0280 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/19 17:41:12.0343 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/19 17:41:12.0374 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/19 17:41:12.0405 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/19 17:41:12.0436 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/19 17:41:12.0452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/19 17:41:12.0483 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/19 17:41:12.0577 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/19 17:41:12.0670 SaiH075C (de7a2fc379671998865122a08fd9db52) C:\Windows\system32\DRIVERS\SaiH075C.sys
2010/12/19 17:41:12.0717 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2010/12/19 17:41:12.0795 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2010/12/19 17:41:12.0842 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/19 17:41:12.0873 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/19 17:41:12.0920 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/19 17:41:12.0967 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
2010/12/19 17:41:12.0998 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/19 17:41:13.0060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/19 17:41:13.0076 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/19 17:41:13.0107 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/19 17:41:13.0154 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/19 17:41:13.0216 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
2010/12/19 17:41:13.0247 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/19 17:41:13.0263 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/19 17:41:13.0279 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/19 17:41:13.0310 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2010/12/19 17:41:13.0325 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/19 17:41:13.0357 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
2010/12/19 17:41:13.0388 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/19 17:41:13.0403 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/19 17:41:13.0419 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/19 17:41:13.0481 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/19 17:41:13.0544 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/19 17:41:13.0606 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/19 17:41:13.0606 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/19 17:41:13.0606 sptd - detected Locked file (1)
2010/12/19 17:41:13.0637 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/19 17:41:13.0669 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/19 17:41:13.0700 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/19 17:41:13.0793 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/19 17:41:13.0825 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/19 17:41:13.0840 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/19 17:41:13.0871 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/19 17:41:13.0949 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/19 17:41:13.0981 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/19 17:41:14.0027 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/19 17:41:14.0074 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/19 17:41:14.0090 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/19 17:41:14.0152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/19 17:41:14.0215 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/19 17:41:14.0339 TPkd (465dc203ad69d56f290480dae756a9f9) C:\Windows\system32\drivers\TPkd.sys
2010/12/19 17:41:14.0386 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/19 17:41:14.0449 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/19 17:41:14.0480 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/19 17:41:14.0511 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/19 17:41:14.0558 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/19 17:41:14.0620 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/19 17:41:14.0636 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/19 17:41:14.0683 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/19 17:41:14.0714 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/19 17:41:14.0776 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/19 17:41:14.0854 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/19 17:41:14.0917 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/19 17:41:14.0932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/19 17:41:14.0963 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/19 17:41:15.0026 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/19 17:41:15.0041 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/19 17:41:15.0073 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/19 17:41:15.0119 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/19 17:41:15.0166 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/19 17:41:15.0229 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/19 17:41:15.0260 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/19 17:41:15.0307 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/19 17:41:15.0338 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/19 17:41:15.0353 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/19 17:41:15.0400 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2010/12/19 17:41:15.0447 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/19 17:41:15.0509 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/19 17:41:15.0556 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/19 17:41:15.0603 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/19 17:41:15.0634 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/19 17:41:15.0697 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:41:15.0712 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:41:15.0743 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/19 17:41:15.0806 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/19 17:41:15.0899 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/12/19 17:41:15.0931 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/19 17:41:16.0009 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/19 17:41:16.0071 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/19 17:41:16.0118 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2010/12/19 17:41:16.0165 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2010/12/19 17:41:16.0227 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2010/12/19 17:41:16.0274 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2010/12/19 17:41:16.0321 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2010/12/19 17:41:16.0399 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/19 17:41:16.0445 ================================================================================
2010/12/19 17:41:16.0445 Scan finished
2010/12/19 17:41:16.0445 ================================================================================
2010/12/19 17:41:16.0461 Detected object count: 1
2010/12/19 17:41:25.0369 Locked file(sptd) - User select action: Skip
2010/12/19 17:42:27.0987 ================================================================================
2010/12/19 17:42:27.0987 Scan started
2010/12/19 17:42:27.0987 Mode: Manual;
2010/12/19 17:42:27.0987 ================================================================================
2010/12/19 17:42:28.0143 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/19 17:42:28.0190 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/19 17:42:28.0221 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/19 17:42:28.0252 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/19 17:42:28.0268 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/19 17:42:28.0330 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/19 17:42:28.0361 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/19 17:42:28.0377 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/19 17:42:28.0424 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/12/19 17:42:28.0439 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/19 17:42:28.0455 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/12/19 17:42:28.0486 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/19 17:42:28.0502 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/19 17:42:28.0549 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/19 17:42:28.0564 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/19 17:42:28.0627 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/19 17:42:28.0705 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/19 17:42:28.0767 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys
2010/12/19 17:42:28.0845 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/19 17:42:28.0876 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/19 17:42:28.0892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/19 17:42:28.0907 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/19 17:42:28.0939 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/19 17:42:28.0954 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/19 17:42:28.0985 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/19 17:42:28.0985 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/19 17:42:29.0017 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/19 17:42:29.0110 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/19 17:42:29.0141 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/19 17:42:29.0173 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/19 17:42:29.0219 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/19 17:42:29.0266 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/12/19 17:42:29.0313 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2010/12/19 17:42:29.0344 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/19 17:42:29.0360 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/19 17:42:29.0391 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/19 17:42:29.0422 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2010/12/19 17:42:29.0485 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2010/12/19 17:42:29.0516 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2010/12/19 17:42:29.0547 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2010/12/19 17:42:29.0578 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2010/12/19 17:42:29.0594 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2010/12/19 17:42:29.0625 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2010/12/19 17:42:29.0641 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2010/12/19 17:42:29.0656 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2010/12/19 17:42:29.0687 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2010/12/19 17:42:29.0719 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2010/12/19 17:42:29.0750 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2010/12/19 17:42:29.0765 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2010/12/19 17:42:29.0797 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2010/12/19 17:42:29.0828 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2010/12/19 17:42:29.0906 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/19 17:42:29.0937 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/19 17:42:29.0984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/19 17:42:30.0062 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/19 17:42:30.0124 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/19 17:42:30.0187 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/19 17:42:30.0218 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
2010/12/19 17:42:30.0280 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/19 17:42:30.0327 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/12/19 17:42:30.0374 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/19 17:42:30.0436 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2010/12/19 17:42:30.0483 epfw (39f48a0784be8465cd1ac80b36d61613) C:\Windows\system32\DRIVERS\epfw.sys
2010/12/19 17:42:30.0499 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
2010/12/19 17:42:30.0530 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\Windows\system32\DRIVERS\epfwwfp.sys
2010/12/19 17:42:30.0592 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/19 17:42:30.0639 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/19 17:42:30.0670 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/19 17:42:30.0701 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/19 17:42:30.0733 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/19 17:42:30.0748 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/19 17:42:30.0779 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/19 17:42:30.0795 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/19 17:42:30.0811 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/19 17:42:30.0873 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2010/12/19 17:42:30.0935 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/12/19 17:42:30.0998 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/19 17:42:31.0013 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/19 17:42:31.0029 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/19 17:42:31.0060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/19 17:42:31.0091 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/19 17:42:31.0216 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/19 17:42:31.0232 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/19 17:42:31.0279 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/19 17:42:31.0310 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/19 17:42:31.0325 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/19 17:42:31.0372 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/12/19 17:42:31.0435 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/19 17:42:31.0481 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/19 17:42:31.0513 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/19 17:42:31.0575 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/19 17:42:31.0622 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/19 17:42:31.0637 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/19 17:42:31.0669 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/19 17:42:31.0684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/19 17:42:31.0731 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/19 17:42:31.0809 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/19 17:42:31.0840 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/19 17:42:31.0903 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/19 17:42:31.0965 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/19 17:42:32.0027 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/19 17:42:32.0074 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/19 17:42:32.0105 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/19 17:42:32.0137 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/19 17:42:32.0152 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/19 17:42:32.0168 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/19 17:42:32.0215 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/19 17:42:32.0246 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/19 17:42:32.0261 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/19 17:42:32.0277 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/19 17:42:32.0308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/19 17:42:32.0371 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/19 17:42:32.0402 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/19 17:42:32.0449 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/19 17:42:32.0480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/19 17:42:32.0511 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/19 17:42:32.0573 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/19 17:42:32.0620 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/19 17:42:32.0636 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/19 17:42:32.0651 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/19 17:42:32.0698 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/12/19 17:42:32.0729 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/19 17:42:32.0792 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/19 17:42:32.0823 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/19 17:42:32.0870 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/19 17:42:32.0885 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/19 17:42:32.0901 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/19 17:42:32.0963 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/19 17:42:32.0979 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/19 17:42:32.0995 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/19 17:42:33.0026 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/19 17:42:33.0073 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/19 17:42:33.0104 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/19 17:42:33.0151 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/19 17:42:33.0166 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/19 17:42:33.0213 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/19 17:42:33.0260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/19 17:42:33.0291 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/19 17:42:33.0338 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/19 17:42:33.0385 NetworkX (0705c593a7dc0bb75f26f67002483a6b) C:\Windows\system32\ckldrv.sys
2010/12/19 17:42:33.0431 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/19 17:42:33.0494 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/19 17:42:33.0509 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/19 17:42:33.0587 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/19 17:42:33.0603 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/19 17:42:33.0634 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/19 17:42:33.0884 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/19 17:42:34.0071 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2010/12/19 17:42:34.0087 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2010/12/19 17:42:34.0149 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/19 17:42:34.0227 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/19 17:42:34.0289 ossrv (1018385d44f084509027494f763630bd) C:\Windows\system32\drivers\ctoss2k.sys
2010/12/19 17:42:34.0336 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/19 17:42:34.0383 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/19 17:42:34.0414 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/19 17:42:34.0461 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/19 17:42:34.0477 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/19 17:42:34.0508 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/19 17:42:34.0539 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/19 17:42:34.0617 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/19 17:42:34.0648 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/19 17:42:34.0711 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/19 17:42:34.0773 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/19 17:42:34.0820 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/19 17:42:34.0835 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/19 17:42:34.0898 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/19 17:42:34.0945 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/19 17:42:34.0960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/19 17:42:35.0023 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/19 17:42:35.0085 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/19 17:42:35.0116 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/19 17:42:35.0147 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/19 17:42:35.0179 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/19 17:42:35.0194 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/19 17:42:35.0241 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/19 17:42:35.0350 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/19 17:42:35.0397 SaiH075C (de7a2fc379671998865122a08fd9db52) C:\Windows\system32\DRIVERS\SaiH075C.sys
2010/12/19 17:42:35.0459 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2010/12/19 17:42:35.0506 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2010/12/19 17:42:35.0584 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/19 17:42:35.0615 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/19 17:42:35.0631 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/19 17:42:35.0678 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
2010/12/19 17:42:35.0693 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/19 17:42:35.0740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/19 17:42:35.0756 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/19 17:42:35.0787 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/19 17:42:35.0834 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/19 17:42:35.0896 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
2010/12/19 17:42:35.0912 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/19 17:42:35.0927 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/19 17:42:35.0943 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/19 17:42:35.0959 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2010/12/19 17:42:35.0974 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/19 17:42:36.0005 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
2010/12/19 17:42:36.0037 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/19 17:42:36.0052 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/19 17:42:36.0068 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/19 17:42:36.0130 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/19 17:42:36.0161 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/19 17:42:36.0239 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/19 17:42:36.0239 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/19 17:42:36.0239 sptd - detected Locked file (1)
2010/12/19 17:42:36.0271 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/19 17:42:36.0317 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/19 17:42:36.0349 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/19 17:42:36.0427 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/19 17:42:36.0442 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/19 17:42:36.0458 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/19 17:42:36.0489 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/19 17:42:36.0583 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/19 17:42:36.0614 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/19 17:42:36.0661 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/19 17:42:36.0707 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/19 17:42:36.0739 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/19 17:42:36.0785 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/19 17:42:36.0832 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/19 17:42:36.0895 TPkd (465dc203ad69d56f290480dae756a9f9) C:\Windows\system32\drivers\TPkd.sys
2010/12/19 17:42:36.0926 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/19 17:42:36.0988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/19 17:42:37.0019 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/19 17:42:37.0051 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/19 17:42:37.0097 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/19 17:42:37.0129 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/19 17:42:37.0175 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/19 17:42:37.0207 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/19 17:42:37.0222 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/19 17:42:37.0285 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/19 17:42:37.0363 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/19 17:42:37.0394 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/19 17:42:37.0425 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/19 17:42:37.0441 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/19 17:42:37.0519 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/19 17:42:37.0534 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/19 17:42:37.0565 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/19 17:42:37.0612 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/19 17:42:37.0659 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/19 17:42:37.0690 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/19 17:42:37.0721 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/19 17:42:37.0768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/19 17:42:37.0784 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/19 17:42:37.0815 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/19 17:42:37.0877 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2010/12/19 17:42:37.0924 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/19 17:42:37.0971 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/19 17:42:38.0049 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/19 17:42:38.0096 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/19 17:42:38.0127 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/19 17:42:38.0174 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:42:38.0174 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:42:38.0205 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/19 17:42:38.0252 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/19 17:42:38.0345 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/12/19 17:42:38.0361 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/19 17:42:38.0439 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/19 17:42:38.0470 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/19 17:42:38.0517 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2010/12/19 17:42:38.0579 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2010/12/19 17:42:38.0626 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2010/12/19 17:42:38.0673 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2010/12/19 17:42:38.0735 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2010/12/19 17:42:38.0798 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/19 17:42:38.0845 ================================================================================
2010/12/19 17:42:38.0845 Scan finished
2010/12/19 17:42:38.0845 ================================================================================
2010/12/19 17:42:38.0860 Detected object count: 1
2010/12/19 17:43:00.0841 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/12/19 17:43:00.0856 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2010/12/19 17:43:00.0872 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2010/12/19 17:43:00.0872 Locked file(sptd) - User select action: Delete
2010/12/19 17:43:10.0622 Deinitialize success

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 19 December 2010 - 01:16 PM

Hi Dave,

Glad it's running well so we can do this. :thumbup2: I'm not convinced that file is bad, really. Will you upload it so it can be tested please? I don't want to go nuking things that legit! :blink:

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Copy and paste the following filepath in the box:

    C:\Windows\system32\Drivers\sptd.sys


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Thank you!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 ivorygull

ivorygull
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2010 - 02:09 PM

Hi Tea,

that file was deleted in the scanning / curing by TDSS Killer (3rd line up from bottom of scan report with registry entries above it).

Is it worth running the combofix scan again to see if it show the system as being clear now?

Dave.

Edited by ivorygull, 19 December 2010 - 02:10 PM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 19 December 2010 - 02:20 PM

You can, yes. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 ivorygull

ivorygull
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2010 - 02:49 PM

Combofix report below - looks clean to my untrained eye.... :huh:

Dave.

ComboFix 10-12-18.02 - Dave 19/12/2010 19:28:57.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1936 [GMT 0:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 19:38 . 2010-12-19 19:38 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-12-19 19:38 . 2010-12-19 19:38 -------- d-----w- c:\users\Suzanne\AppData\Local\temp
2010-12-19 19:38 . 2010-12-19 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-18 20:38 . 2010-12-18 20:38 -------- d-----w- c:\users\Suzanne\AppData\Local\WLDI
2010-12-18 17:49 . 2010-11-09 14:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2010-12-18 16:32 . 2010-12-18 16:32 -------- d--h--w- c:\programdata\CanonIJScan
2010-12-17 19:40 . 2010-06-02 04:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-17 19:40 . 2010-06-02 04:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-17 19:40 . 2010-06-02 04:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-17 19:40 . 2010-05-26 11:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-17 19:40 . 2010-05-26 11:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-17 19:40 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-17 19:40 . 2010-05-26 11:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-17 19:40 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-17 18:44 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC15FF25-BC0A-4F38-9E86-2C794045EB26}\mpengine.dll
2010-12-15 18:11 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 18:09 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 18:09 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-15 18:09 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 18:09 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 18:07 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 18:07 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 18:07 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 18:07 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 18:07 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 18:06 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 18:06 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 18:06 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 18:06 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 18:06 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 18:06 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 18:06 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 18:06 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-12 17:01 . 2010-12-12 17:01 -------- d-----w- c:\users\Dave\AppData\Roaming\NVIDIA
2010-12-12 17:01 . 2010-12-12 17:01 -------- d-sh--w- c:\programdata\DSS
2010-12-12 15:37 . 2010-09-16 07:13 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-12-09 20:02 . 2006-11-02 10:46 746496 ----a-w- c:\windows\SysWOW64
2010-12-01 19:57 . 2010-12-01 19:57 -------- d-----w- c:\users\Dave\AppData\Local\Activision
2010-11-24 20:03 . 2010-11-24 20:03 -------- d-----w- c:\programdata\vsosdk
2010-11-23 23:52 . 2010-11-25 00:23 -------- d-----w- c:\users\Dave\AppData\Roaming\Vso
2010-11-23 23:50 . 2009-09-02 12:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-11-23 23:50 . 2009-09-02 12:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-11-23 23:50 . 2009-09-02 12:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-11-23 23:50 . 2009-09-02 12:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-11-23 23:50 . 2009-09-02 12:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-11-23 23:50 . 2009-09-02 12:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-11-23 23:50 . 2009-09-02 12:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-11-23 23:50 . 2010-11-23 23:50 -------- d-----w- c:\program files\VSO
2010-11-23 19:38 . 2010-11-23 20:00 -------- d-----w- c:\programdata\NCH Software
2010-11-21 17:52 . 2010-11-21 17:58 -------- d-----w- c:\users\Dave\AppData\Roaming\TS3Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 15:39 . 2008-11-26 19:00 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-12 15:39 . 2008-11-26 19:00 138056 ----a-w- c:\users\Dave\AppData\Roaming\PnkBstrK.sys
2010-12-12 15:38 . 2008-11-26 19:00 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 15:37 . 2008-11-26 19:00 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-29 17:42 . 2010-09-28 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:42 . 2010-09-28 21:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 17:15 . 2008-11-28 18:58 286720 ----a-w- c:\windows\iun506.exe
2010-10-19 10:41 . 2009-10-05 08:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"nHancer"="c:\program files\nHancer\nHancer.exe" [2010-05-02 1385472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"WindowsLiveDeviceIntegrator"="c:\program files\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-18 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 00:04 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\System32\Drivers\p1c1394.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-18 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-04 25704]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-06 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-18 67656]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 08:03]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:43]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:43]

2008-02-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-02-10 15:31]

2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{8952EC44-F8FC-4829-A970-B203805DDCBD}.job
- c:\windows\system32\msfeedssync.exe [2008-03-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 19:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2927175148-3456612215-1506272052-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:da,43,48,b0,ca,d4,09,30,a6,83,d1,d9,69,0c,6e,3e,b4,26,a6,67,a7,fe,59,
50,51,52,7d,bb,06,2b,f8,77,6f,a2,4b,48,a4,6e,3b,62,fc,64,6c,9a,4d,21,cd,7d,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-2927175148-3456612215-1506272052-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,37,27,f7,6d,21,79,d4,1c,cf,e3,20,8d,fe,8f,69,14,aa,24,61,13,
e7,44,71,e8,94,c3,24,72,96,a8,c0,a5,4c,17,a4,c3,bd,d5,69,05,29,d0,92,e7,d5,\
"rkeysecu"=hex:2f,6b,fd,28,fa,ba,43,f6,e6,32,6a,1b,ef,ef,ea,b8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5576)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-12-19 19:39:57
ComboFix-quarantined-files.txt 2010-12-19 19:39
ComboFix2.txt 2010-12-19 11:49
ComboFix3.txt 2010-12-18 00:32
ComboFix4.txt 2010-12-17 21:30
ComboFix5.txt 2010-12-19 19:28

Pre-Run: 140,621,205,504 bytes free
Post-Run: 140,571,250,688 bytes free

- - End Of File - - CFF8625388A90717E2944329D71A799D

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 19 December 2010 - 03:28 PM

Hi Dave,

All gone. :thumbup2:

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

If you have any questions, please feel free to ask. Otherwise, have the happiest of holidays!

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 ivorygull

ivorygull
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2010 - 03:42 PM

'Tis done! :clapping: :clapping:

Thanks for everything you've done, have a great time over the next few weeks and hope there aren't too many viruses for you!

ATB.
Dave.

Over and out. :busy:

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 19 December 2010 - 03:54 PM

Most welcome. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:15 PM

Posted 27 December 2010 - 12:04 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users