Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help cleaning out a virus


  • Please log in to reply
13 replies to this topic

#1 RE90

RE90

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 25 January 2011 - 11:43 AM

So I'd appreciate if someone can look through logs for me and help me clean the rest of my computer.

Some symptoms: Yontoo Layers keeps installing itself on my computer, my computer at one point switched from aero to a weird visual style and started to lag until I freaked out and shut down my internet, my screen flashes something very quickly every so often that I can't tell what it is, MSE will NOT start and neither will google chrome.

I used malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5590

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/24/2011 9:51:07 AM
mbam-log-2011-01-24 (09-51-07).txt

Scan type: Quick scan
Objects scanned: 148564
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\isasodamape.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fggsntaa (Trojan.Downloader) -> Value: fggsntaa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ubapopudu (Trojan.Agent.U) -> Value: Ubapopudu -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\temp\lfkcioqpl\cdxucwpsjmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Ari\AppData\Local\temp\cleanupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\uegsg.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\temp\CDE2.tmp (PUP.BHO) -> Quarantined and deleted successfully.
c:\Windows\temp\CE6F.tmp (PUP.BHO) -> Quarantined and deleted successfully.
c:\Windows\temp\dxfh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\temp\mpqte.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\isasodamape.dll (Trojan.Agent.U) -> Delete on reboot.

This log above was a couple days ago -- I just ran combofix today:
Just kidding. I just got blue screened with blurry text at the top and my computer restarted when I ran it just now. Now I really need help. I'm in safemode with networking.

Thanks

Edited by hamluis, 25 January 2011 - 12:42 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 25 January 2011 - 03:41 PM

Hello and welcome. Did you get a blue screen running ComboFix??

Let's do these next..

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Now an Online scan:
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 26 January 2011 - 03:53 AM

Thanks! That ESET scan took forever but I finally have all the logs you asked for:

TDSS Killer:
2011/01/25 22:23:19.0791	TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 22:23:19.0791	================================================================================
2011/01/25 22:23:19.0791	SystemInfo:
2011/01/25 22:23:19.0791	
2011/01/25 22:23:19.0791	OS Version: 6.1.7600 ServicePack: 0.0
2011/01/25 22:23:19.0791	Product type: Workstation
2011/01/25 22:23:19.0791	ComputerName: EZEKIEL
2011/01/25 22:23:19.0791	UserName: Ari
2011/01/25 22:23:19.0791	Windows directory: C:\Windows
2011/01/25 22:23:19.0791	System windows directory: C:\Windows
2011/01/25 22:23:19.0791	Processor architecture: Intel x86
2011/01/25 22:23:19.0791	Number of processors: 2
2011/01/25 22:23:19.0791	Page size: 0x1000
2011/01/25 22:23:19.0791	Boot type: Normal boot
2011/01/25 22:23:19.0791	================================================================================
2011/01/25 22:23:20.0573	Initialize success
2011/01/25 22:23:33.0010	================================================================================
2011/01/25 22:23:33.0010	Scan started
2011/01/25 22:23:33.0010	Mode: Manual; 
2011/01/25 22:23:33.0010	================================================================================
2011/01/25 22:23:33.0604	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/25 22:23:33.0666	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/25 22:23:33.0713	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/25 22:23:33.0791	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/25 22:23:33.0901	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/25 22:23:33.0963	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/25 22:23:34.0073	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/25 22:23:34.0120	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/25 22:23:34.0166	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/25 22:23:34.0276	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/25 22:23:34.0307	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/25 22:23:34.0354	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/25 22:23:34.0416	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/25 22:23:34.0463	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/25 22:23:34.0510	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/25 22:23:34.0573	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/25 22:23:34.0620	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/25 22:23:34.0760	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/25 22:23:34.0838	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/25 22:23:34.0885	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/25 22:23:35.0010	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/25 22:23:35.0073	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/25 22:23:35.0213	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/25 22:23:35.0291	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/25 22:23:35.0604	bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/01/25 22:23:35.0713	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/25 22:23:35.0791	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/25 22:23:35.0854	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/25 22:23:35.0901	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/25 22:23:35.0932	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/25 22:23:36.0073	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/25 22:23:36.0120	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/25 22:23:36.0151	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/25 22:23:36.0182	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/25 22:23:36.0245	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/25 22:23:36.0307	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/25 22:23:36.0338	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/25 22:23:36.0370	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/01/25 22:23:36.0432	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/25 22:23:36.0635	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/25 22:23:36.0698	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/25 22:23:36.0760	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/25 22:23:36.0823	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/25 22:23:36.0948	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/25 22:23:36.0995	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/25 22:23:37.0057	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/25 22:23:37.0120	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/25 22:23:37.0151	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/25 22:23:37.0213	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/25 22:23:37.0291	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/25 22:23:37.0448	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/25 22:23:37.0495	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/25 22:23:37.0557	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/25 22:23:37.0651	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/25 22:23:37.0713	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/25 22:23:37.0948	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/25 22:23:38.0166	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/25 22:23:38.0198	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/25 22:23:38.0291	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/25 22:23:38.0338	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/25 22:23:38.0401	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/25 22:23:38.0541	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/25 22:23:38.0588	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/25 22:23:38.0651	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/25 22:23:38.0698	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/25 22:23:38.0760	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/25 22:23:38.0823	fssfltr         (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/25 22:23:38.0932	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/25 22:23:38.0995	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/25 22:23:39.0073	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/25 22:23:39.0120	GEARAspiWDM     (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/25 22:23:39.0245	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/25 22:23:39.0323	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/25 22:23:39.0370	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/25 22:23:39.0416	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/25 22:23:39.0479	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/25 22:23:39.0557	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/25 22:23:39.0635	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/25 22:23:39.0729	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/25 22:23:39.0791	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/25 22:23:39.0854	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/25 22:23:39.0948	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/25 22:23:40.0010	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/25 22:23:40.0213	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/25 22:23:40.0432	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/25 22:23:40.0510	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/25 22:23:40.0573	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/25 22:23:40.0698	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/25 22:23:40.0760	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/25 22:23:40.0807	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/25 22:23:40.0870	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/25 22:23:40.0963	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/25 22:23:41.0010	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/25 22:23:41.0073	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/25 22:23:41.0120	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/25 22:23:41.0182	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/25 22:23:41.0229	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/25 22:23:41.0401	lfsfilt         (762ba43f094a026b70c2eb06e3599d4f) C:\Windows\system32\DRIVERS\lfsfilt.sys
2011/01/25 22:23:41.0479	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/25 22:23:41.0541	lpx             (56374187a4e25b6e176988db1d8db457) C:\Windows\system32\DRIVERS\lpx6x.sys
2011/01/25 22:23:41.0651	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/25 22:23:41.0698	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/25 22:23:41.0729	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/25 22:23:41.0760	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/25 22:23:41.0807	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/25 22:23:41.0885	LVUSBSta        (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
2011/01/25 22:23:42.0026	MAUSBFASTTRACKPRO (f3131ec724ede4093374110c445e9358) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
2011/01/25 22:23:42.0073	mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/01/25 22:23:42.0120	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/25 22:23:42.0182	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/25 22:23:42.0245	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/25 22:23:42.0307	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/25 22:23:42.0354	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/25 22:23:42.0463	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/25 22:23:42.0526	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/25 22:23:42.0588	MpFilter        (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/25 22:23:42.0635	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/25 22:23:42.0666	MpNWMon         (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/25 22:23:42.0729	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/25 22:23:42.0791	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/25 22:23:42.0885	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/25 22:23:42.0932	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/25 22:23:42.0979	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/25 22:23:43.0026	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/25 22:23:43.0073	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/25 22:23:43.0166	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/25 22:23:43.0213	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/25 22:23:43.0260	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/25 22:23:43.0370	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/25 22:23:43.0432	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/25 22:23:43.0479	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/25 22:23:43.0526	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/25 22:23:43.0588	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/25 22:23:43.0635	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/25 22:23:43.0666	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/25 22:23:43.0745	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/25 22:23:43.0807	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/25 22:23:43.0885	ndasbus         (c5cfa28cdb752d71a3f1940458886ed4) C:\Windows\system32\DRIVERS\ndasbus.sys
2011/01/25 22:23:43.0948	ndasfat         (1f5872cd8eea9f3906c4b01c70a11dc4) C:\Windows\system32\DRIVERS\ndasfat.sys
2011/01/25 22:23:44.0041	ndasfs          (343756f332eb1159c60b175bf49a0858) C:\Windows\system32\DRIVERS\ndasfs.sys
2011/01/25 22:23:44.0135	ndasrofs        (2ee444370ef4a542282aa96789ea50e6) C:\Windows\system32\DRIVERS\ndasrofs.sys
2011/01/25 22:23:44.0245	ndasscsi        (6f4ec815a7fa64c2f4531042c6d3d54d) C:\Windows\system32\DRIVERS\ndasscsi.sys
2011/01/25 22:23:44.0401	ndfs            (92f9538a25a055705a4ec910aab8af70) S:\System\Program Files\NetDrive\ndfs.sys
2011/01/25 22:23:44.0479	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/25 22:23:44.0620	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/25 22:23:44.0651	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/25 22:23:44.0698	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/25 22:23:44.0745	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/25 22:23:44.0776	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/25 22:23:44.0838	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/25 22:23:44.0901	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/25 22:23:45.0135	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/01/25 22:23:45.0338	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/25 22:23:45.0432	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/25 22:23:45.0479	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/25 22:23:45.0573	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/25 22:23:45.0666	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/25 22:23:45.0745	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/25 22:23:45.0916	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/25 22:23:45.0963	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/25 22:23:46.0041	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/25 22:23:46.0135	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/25 22:23:46.0166	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/25 22:23:46.0276	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/25 22:23:46.0416	pbfilter        (2f6e885c432927a186c2e352c8a1cbf4) S:\System\Program Files\PeerBlock\pbfilter.sys
2011/01/25 22:23:46.0495	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/25 22:23:46.0541	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/25 22:23:46.0635	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/25 22:23:46.0682	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/25 22:23:46.0745	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/25 22:23:46.0932	PID_PEPI        (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/01/25 22:23:47.0182	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/25 22:23:47.0213	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/25 22:23:47.0307	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/25 22:23:47.0401	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/25 22:23:47.0541	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/25 22:23:47.0604	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/25 22:23:47.0651	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/25 22:23:47.0713	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/25 22:23:47.0776	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/25 22:23:47.0838	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/25 22:23:47.0870	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/25 22:23:47.0979	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/25 22:23:48.0026	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/25 22:23:48.0073	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/25 22:23:48.0135	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/25 22:23:48.0198	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/25 22:23:48.0245	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/25 22:23:48.0307	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/25 22:23:48.0354	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/25 22:23:48.0510	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/25 22:23:48.0557	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/01/25 22:23:48.0651	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/25 22:23:48.0698	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/25 22:23:48.0838	SbieDrv         (2cdab8553e703c7754be9ce1c4454eb5) S:\System\Program Files\Sandboxie\SbieDrv.sys
2011/01/25 22:23:48.0963	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/25 22:23:49.0026	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/25 22:23:49.0120	sdbus           (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/25 22:23:49.0198	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/25 22:23:49.0276	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/25 22:23:49.0385	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/25 22:23:49.0432	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/25 22:23:49.0526	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/25 22:23:49.0588	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/25 22:23:49.0635	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/25 22:23:49.0666	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/25 22:23:49.0729	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/25 22:23:49.0823	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/25 22:23:49.0870	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/25 22:23:49.0916	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/25 22:23:50.0010	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/25 22:23:50.0151	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
2011/01/25 22:23:50.0151	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/01/25 22:23:50.0166	sptd - detected Locked file (1)
2011/01/25 22:23:50.0260	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/25 22:23:50.0323	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/25 22:23:50.0401	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/01/25 22:23:50.0479	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/01/25 22:23:50.0651	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/01/25 22:23:50.0713	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/25 22:23:50.0823	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/25 22:23:50.0870	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2011/01/25 22:23:51.0135	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/25 22:23:51.0182	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/25 22:23:51.0229	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/25 22:23:51.0307	SynTP           (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/25 22:23:51.0495	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/25 22:23:51.0604	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/25 22:23:51.0666	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/25 22:23:51.0729	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/25 22:23:51.0823	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/25 22:23:51.0870	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/25 22:23:51.0916	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/25 22:23:52.0041	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/25 22:23:52.0088	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/25 22:23:52.0151	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/25 22:23:52.0198	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/25 22:23:52.0291	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/25 22:23:52.0401	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/25 22:23:52.0448	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/25 22:23:52.0557	USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/25 22:23:52.0635	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/01/25 22:23:52.0745	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/25 22:23:52.0807	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/25 22:23:52.0854	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/25 22:23:52.0916	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/25 22:23:52.0963	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/25 22:23:53.0010	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/25 22:23:53.0104	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/25 22:23:53.0166	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/25 22:23:53.0213	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/25 22:23:53.0260	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/01/25 22:23:53.0354	uxpatch         (628c632710ab55747cb5bcc68716be21) C:\Windows\system32\drivers\uxpatch.sys
2011/01/25 22:23:53.0495	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/25 22:23:53.0557	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/25 22:23:53.0604	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/25 22:23:53.0651	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/25 22:23:53.0713	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/25 22:23:53.0760	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/25 22:23:53.0823	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/25 22:23:53.0916	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/25 22:23:53.0979	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/25 22:23:54.0026	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/25 22:23:54.0073	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/25 22:23:54.0120	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/25 22:23:54.0182	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/25 22:23:54.0245	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/25 22:23:54.0370	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/25 22:23:54.0448	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/25 22:23:54.0479	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/25 22:23:54.0604	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/25 22:23:54.0666	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/25 22:23:54.0854	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/25 22:23:54.0901	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/25 22:23:55.0057	WINUSB          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/01/25 22:23:55.0151	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/25 22:23:55.0307	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/25 22:23:55.0416	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/25 22:23:55.0479	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/25 22:23:55.0635	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/25 22:23:55.0651	================================================================================
2011/01/25 22:23:55.0651	Scan finished
2011/01/25 22:23:55.0651	================================================================================
2011/01/25 22:23:55.0682	Detected object count: 2
2011/01/25 22:26:10.0766	Locked file(sptd) - User select action: Skip 
2011/01/25 22:26:10.0812	\HardDisk0 - will be cured after reboot
2011/01/25 22:26:10.0814	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/01/25 22:26:24.0746	Deinitialize success

ESET
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volmgrx.sys.vir	Win32/Olmarik.ZC trojan	cleaned - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\15aaba50-231ed92d	multiple threats	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34b8f51-6f6111dc	multiple threats	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4066ce91-50a5e16c	Java/TrojanDownloader.Agent.NBJ trojan	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2dfa82de-1199f135	Java/TrojanDownloader.Agent.NBJ trojan	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2938ae1-6bc4ce9d	Java/TrojanDownloader.Agent.NAM trojan	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2d0009e1-6a6d936d	multiple threats	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\48bacde4-309e3102	a variant of Java/TrojanDownloader.Agent.NAN trojan	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\796607e6-66bbd2e3	multiple threats	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6cce12f-240217ad	multiple threats	deleted - quarantined
C:\Users\Ari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\360dd006-1e43c9c8	multiple threats	deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YQBP95B\softupdate107_2164[1].exe	Win32/TrojanDownloader.FakeAlert.BHH trojan	cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YQBP95B\softupdate107_2164[2].exe	Win32/TrojanDownloader.FakeAlert.BHH trojan	cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YQBP95B\softupdate107_2164[3].exe	Win32/TrojanDownloader.FakeAlert.BHH trojan	cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\63b3978b-62dbe376	multiple threats	deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\4e84bf83-31d33d02	multiple threats	deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c8c35eb-7bae4e62	multiple threats	deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34db286c-64118b56	multiple threats	deleted - quarantined
C:\Windows\temp\Icw.exe	Win32/TrojanDownloader.FakeAlert.BGV trojan	cleaned by deleting - quarantined
C:\Windows\temp\Icx.exe	Win32/TrojanDownloader.FakeAlert.BGV trojan	cleaned by deleting - quarantined
C:\Windows\temp\Icy.exe	a variant of Win32/Kryptik.JXZ trojan	cleaned by deleting - quarantined
S:\Downloads\Applications\Cubase_SX_3.1.1.944\Cubase_SX_3.1.1.944\Cubase_SX_3.1.1.944_Setup.exe	NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan	deleted
S:\My Dropbox\Misc\Mackie.Tracktion.v3.0.4.8.Incl.Keygen-AiR\a-t3048\Keygen.exe	probably a variant of Win32/Agent.LKAWEMC trojan	cleaned by deleting
S:\Storage\recup_dir.52\f25079264_WEXTRACT.EXE	Win32/Olmarik.ACL trojan	cleaned by deleting


Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5608

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/26/2011 12:47:54 AM
mbam-log-2011-01-26 (00-47-54).txt

Scan type: Quick scan
Objects scanned: 148795
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again for all your help...where do I go from here? I'm not completely virus free yet right?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 26 January 2011 - 10:42 AM

This looks pretty good,ESET and Combofix got the real trouble makers.

I think we should now run a Safe mode scan ti be sure. You were infected by using a Crack or Keygen..

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!



Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 26 January 2011 - 10:03 PM

SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2011 at 01:25 PM

Application Version : 4.48.1000

Core Rules Database Version : 6281
Trace Rules Database Version: 4093

Scan type       : Complete Scan
Total Scan Time : 02:46:51

Memory items scanned      : 396
Memory threats detected   : 0
Registry items scanned    : 8971
Registry threats detected : 4
File items scanned        : 312732
File threats detected     : 182

Adware.Tracking Cookie
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@invitemedia[2].txt
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@hitbox[2].txt
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@interclick[2].txt
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@eset.122.2o7[1].txt
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@ad.yieldmanager[2].txt
	C:\Users\Ari\AppData\Roaming\Microsoft\Windows\Cookies\ari@ehg-eset.hitbox[2].txt
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.seedpeer.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.xiti.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.doubleclick.net [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Ari\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tribalfusion.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.doubleclick.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.kontera.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.at.atwola.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.tacoda.at.atwola.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.tacoda.at.atwola.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.tacoda.at.atwola.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.at.atwola.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.trafficmp.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.trafficmp.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.advertising.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.advertising.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.questionmarket.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pro-market.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pro-market.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.www.burstnet.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pro-market.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.trafficmp.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.apmebf.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.liveperson.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.liveperson.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.bs.serving-sys.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.questionmarket.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	counters.gigya.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.zedo.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.zedo.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.zedo.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	n-traffic.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.adultswim.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	ads.adultswim.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	www.burstnet.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.burstnet.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	www.burstbeacon.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.burstbeacon.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	statse.webtrendslive.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.questionmarket.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.pro-market.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.questionmarket.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.advertise.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.kaspersky.122.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.chitika.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.hitbox.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ehg-eset.hitbox.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.hitbox.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.eset.122.2o7.net [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ru4.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.ru4.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	games.adultswim.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	.bestsearchfind.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	clicks.bestsearchfind.com [ C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\o4rv0py6.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VYCHJSLT ]
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bighealthtree[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.shorttail[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstbeacon[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt

Malware.Trace
	HKU\.DEFAULT\SOFTWARE\XML
	HKU\S-1-5-18\SOFTWARE\XML

PUP.Whitesmoke
	HKU\.DEFAULT\Software\WhiteSmokeTranslator
	HKU\S-1-5-18\Software\WhiteSmokeTranslator

Trojan.Agent/Gen-Frauder[Startup]
	C:\USERS\ARI\DOCUMENTS\RAINMETER\SKINS\IPHONECLOCK\LOCKED\IPHONECLOCKSLIDE\HIDETASKBAR.EXE

Trojan.Agent/Gen-Goo
	C:\USERS\ARI\DOCUMENTS\RAINMETER\SKINS\IPHONECLOCK\TOPBAR\ADDONS\SPEEDFAN\CONFIG.EXE
	C:\USERS\ARI\DOCUMENTS\RAINMETER\SKINS\IPHONECLOCK\TOPBAR\ADDONS\WEATHER\CONFIG.EXE

Trojan.Agent/Gen-SVC[Fake]
	S:\STORAGE\RECUP_DIR.97\F43538720.EXE

Gaobot.AFJ Virus Variant
	S:\SYSTEM\PROGRAM FILES\MEDIAMONKEY\WINAMP.EXE


CKScanner
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\ari\documents\frostwire\torrents\windows_xp_activation_crack.3468960.tpb.torrent
c:\windows\system32\slmgr.vbs.removewat
scanner sequence 3.AA.11
 ----- EOF ----- 

Wow so does this mean I'm clean? Are there particular programs you recommend I keep around to scan files with / run scans every so often? I use Windows Security Essentials so I don't need any other antivirus running to hog memory, right?

#6 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 26 January 2011 - 11:47 PM

Also, Windows Security Essentials still doesn't open.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 27 January 2011 - 06:53 PM

Hi, due to the Whitesmoke infection I want to rerun this. If it finds something that may also be stopping MSE.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 January 2011 - 12:24 AM

2011/01/27 21:10:09.0333	TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/27 21:10:09.0333	================================================================================

2011/01/27 21:10:09.0333	SystemInfo:

2011/01/27 21:10:09.0333	

2011/01/27 21:10:09.0333	OS Version: 6.1.7600 ServicePack: 0.0

2011/01/27 21:10:09.0333	Product type: Workstation

2011/01/27 21:10:09.0333	ComputerName: EZEKIEL

2011/01/27 21:10:09.0351	UserName: Ari

2011/01/27 21:10:09.0351	Windows directory: C:\Windows

2011/01/27 21:10:09.0351	System windows directory: C:\Windows

2011/01/27 21:10:09.0351	Processor architecture: Intel x86

2011/01/27 21:10:09.0351	Number of processors: 2

2011/01/27 21:10:09.0351	Page size: 0x1000

2011/01/27 21:10:09.0351	Boot type: Normal boot

2011/01/27 21:10:09.0351	================================================================================

2011/01/27 21:10:13.0687	Initialize success

2011/01/27 21:12:27.0295	================================================================================

2011/01/27 21:12:27.0295	Scan started

2011/01/27 21:12:27.0295	Mode: Manual; 

2011/01/27 21:12:27.0295	================================================================================

2011/01/27 21:12:27.0758	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/01/27 21:12:27.0828	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/01/27 21:12:27.0861	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/01/27 21:12:27.0913	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/01/27 21:12:27.0964	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/01/27 21:12:28.0053	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/01/27 21:12:28.0133	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/01/27 21:12:28.0171	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/01/27 21:12:28.0217	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/01/27 21:12:28.0268	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/01/27 21:12:28.0303	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/01/27 21:12:28.0388	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/01/27 21:12:28.0433	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/01/27 21:12:28.0469	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/01/27 21:12:28.0512	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2011/01/27 21:12:28.0566	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/01/27 21:12:28.0613	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2011/01/27 21:12:28.0709	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/01/27 21:12:28.0772	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/01/27 21:12:28.0819	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/01/27 21:12:28.0914	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/01/27 21:12:28.0954	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/01/27 21:12:29.0032	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/01/27 21:12:29.0148	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/01/27 21:12:29.0201	bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2011/01/27 21:12:29.0251	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/01/27 21:12:29.0309	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/01/27 21:12:29.0352	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/01/27 21:12:29.0502	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/01/27 21:12:29.0545	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/01/27 21:12:29.0633	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/01/27 21:12:29.0722	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/01/27 21:12:29.0754	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/01/27 21:12:29.0777	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/01/27 21:12:29.0832	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/01/27 21:12:29.0865	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/01/27 21:12:29.0893	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/01/27 21:12:29.0936	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/01/27 21:12:29.0980	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/01/27 21:12:30.0214	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/01/27 21:12:30.0286	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/01/27 21:12:30.0342	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/01/27 21:12:30.0389	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/01/27 21:12:30.0499	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/01/27 21:12:30.0550	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/01/27 21:12:30.0608	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/01/27 21:12:30.0645	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/01/27 21:12:30.0675	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/01/27 21:12:30.0721	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/01/27 21:12:30.0777	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/01/27 21:12:30.0843	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/01/27 21:12:30.0951	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/01/27 21:12:31.0005	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/01/27 21:12:31.0081	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/01/27 21:12:31.0137	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/01/27 21:12:31.0483	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/01/27 21:12:31.0669	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/01/27 21:12:31.0704	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/01/27 21:12:31.0768	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/01/27 21:12:31.0809	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/01/27 21:12:31.0862	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/01/27 21:12:31.0967	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/01/27 21:12:32.0020	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/01/27 21:12:32.0084	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/01/27 21:12:32.0148	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/01/27 21:12:32.0203	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/01/27 21:12:32.0274	fssfltr         (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/01/27 21:12:32.0365	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/01/27 21:12:32.0421	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/01/27 21:12:32.0464	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/01/27 21:12:32.0500	GEARAspiWDM     (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/01/27 21:12:32.0575	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/01/27 21:12:32.0668	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/01/27 21:12:32.0725	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/01/27 21:12:32.0756	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/01/27 21:12:32.0794	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/01/27 21:12:32.0831	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/01/27 21:12:32.0898	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/01/27 21:12:32.0980	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/01/27 21:12:33.0062	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/01/27 21:12:33.0115	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/01/27 21:12:33.0170	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/01/27 21:12:33.0240	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/01/27 21:12:33.0433	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/01/27 21:12:33.0619	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/01/27 21:12:33.0687	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/01/27 21:12:33.0732	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/01/27 21:12:33.0778	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/01/27 21:12:33.0830	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/01/27 21:12:33.0863	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/01/27 21:12:33.0957	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/01/27 21:12:34.0007	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/01/27 21:12:34.0047	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/01/27 21:12:34.0088	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/01/27 21:12:34.0135	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/01/27 21:12:34.0185	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/01/27 21:12:34.0220	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/01/27 21:12:34.0358	lfsfilt         (762ba43f094a026b70c2eb06e3599d4f) C:\Windows\system32\DRIVERS\lfsfilt.sys

2011/01/27 21:12:34.0429	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/01/27 21:12:34.0494	lpx             (56374187a4e25b6e176988db1d8db457) C:\Windows\system32\DRIVERS\lpx6x.sys

2011/01/27 21:12:34.0625	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/01/27 21:12:34.0707	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/01/27 21:12:34.0741	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/01/27 21:12:34.0778	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/01/27 21:12:34.0821	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/01/27 21:12:34.0886	LVUSBSta        (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys

2011/01/27 21:12:35.0014	MAUSBFASTTRACKPRO (f3131ec724ede4093374110c445e9358) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys

2011/01/27 21:12:35.0072	mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/01/27 21:12:35.0122	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/01/27 21:12:35.0168	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/01/27 21:12:35.0213	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/01/27 21:12:35.0245	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/01/27 21:12:35.0278	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/01/27 21:12:35.0352	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/01/27 21:12:35.0402	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/01/27 21:12:35.0458	MpFilter        (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/01/27 21:12:35.0513	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/01/27 21:12:35.0564	MpNWMon         (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/01/27 21:12:35.0599	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/01/27 21:12:35.0645	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/01/27 21:12:35.0740	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/01/27 21:12:35.0781	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/01/27 21:12:35.0820	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/01/27 21:12:35.0856	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/01/27 21:12:35.0899	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/01/27 21:12:35.0962	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/01/27 21:12:35.0988	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/01/27 21:12:36.0033	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/01/27 21:12:36.0141	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/01/27 21:12:36.0190	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/01/27 21:12:36.0224	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/01/27 21:12:36.0269	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/01/27 21:12:36.0314	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/01/27 21:12:36.0353	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/01/27 21:12:36.0391	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/01/27 21:12:36.0433	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/01/27 21:12:36.0523	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/01/27 21:12:36.0591	ndasbus         (c5cfa28cdb752d71a3f1940458886ed4) C:\Windows\system32\DRIVERS\ndasbus.sys

2011/01/27 21:12:36.0639	ndasfat         (1f5872cd8eea9f3906c4b01c70a11dc4) C:\Windows\system32\DRIVERS\ndasfat.sys

2011/01/27 21:12:36.0696	ndasfs          (343756f332eb1159c60b175bf49a0858) C:\Windows\system32\DRIVERS\ndasfs.sys

2011/01/27 21:12:36.0811	ndasrofs        (2ee444370ef4a542282aa96789ea50e6) C:\Windows\system32\DRIVERS\ndasrofs.sys

2011/01/27 21:12:36.0882	ndasscsi        (6f4ec815a7fa64c2f4531042c6d3d54d) C:\Windows\system32\DRIVERS\ndasscsi.sys

2011/01/27 21:12:37.0015	ndfs            (92f9538a25a055705a4ec910aab8af70) S:\System\Program Files\NetDrive\ndfs.sys

2011/01/27 21:12:37.0147	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/01/27 21:12:37.0217	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/01/27 21:12:37.0266	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/01/27 21:12:37.0296	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/01/27 21:12:37.0331	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/01/27 21:12:37.0413	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/01/27 21:12:37.0468	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/01/27 21:12:37.0508	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/27 21:12:37.0688	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

2011/01/27 21:12:37.0857	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/01/27 21:12:37.0964	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/01/27 21:12:38.0005	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/01/27 21:12:38.0068	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/01/27 21:12:38.0160	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/01/27 21:12:38.0226	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/01/27 21:12:38.0259	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/01/27 21:12:38.0298	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/01/27 21:12:38.0342	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/01/27 21:12:38.0415	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/01/27 21:12:38.0494	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/01/27 21:12:38.0546	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/01/27 21:12:38.0666	pbfilter        (2f6e885c432927a186c2e352c8a1cbf4) S:\System\Program Files\PeerBlock\pbfilter.sys

2011/01/27 21:12:38.0729	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/01/27 21:12:38.0762	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/01/27 21:12:38.0854	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/01/27 21:12:38.0905	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/01/27 21:12:38.0946	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/01/27 21:12:39.0111	PID_PEPI        (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS

2011/01/27 21:12:39.0309	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/01/27 21:12:39.0351	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/01/27 21:12:39.0428	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/01/27 21:12:39.0508	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/01/27 21:12:39.0646	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/01/27 21:12:39.0692	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/01/27 21:12:39.0747	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/01/27 21:12:39.0800	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/01/27 21:12:39.0840	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/01/27 21:12:39.0890	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/01/27 21:12:39.0968	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/01/27 21:12:40.0027	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/01/27 21:12:40.0058	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/01/27 21:12:40.0086	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/01/27 21:12:40.0132	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/01/27 21:12:40.0174	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/01/27 21:12:40.0208	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/01/27 21:12:40.0264	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/01/27 21:12:40.0333	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/01/27 21:12:40.0419	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/01/27 21:12:40.0462	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/01/27 21:12:40.0525	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/01/27 21:12:40.0560	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/01/27 21:12:40.0688	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) S:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/01/27 21:12:40.0743	SASKUTIL        (61db0d0756a99506207fd724e3692b25) S:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/01/27 21:12:40.0869	SbieDrv         (2cdab8553e703c7754be9ce1c4454eb5) S:\System\Program Files\Sandboxie\SbieDrv.sys

2011/01/27 21:12:40.0984	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/01/27 21:12:41.0045	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/01/27 21:12:41.0120	sdbus           (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys

2011/01/27 21:12:41.0182	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/01/27 21:12:41.0242	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/01/27 21:12:41.0335	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/01/27 21:12:41.0373	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/01/27 21:12:41.0454	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/01/27 21:12:41.0489	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/01/27 21:12:41.0536	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/01/27 21:12:41.0570	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/01/27 21:12:41.0625	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/01/27 21:12:41.0668	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/01/27 21:12:41.0764	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/01/27 21:12:41.0818	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/01/27 21:12:41.0908	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/01/27 21:12:42.0023	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys

2011/01/27 21:12:42.0023	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

2011/01/27 21:12:42.0040	sptd - detected Locked file (1)

2011/01/27 21:12:42.0132	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/01/27 21:12:42.0175	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/01/27 21:12:42.0238	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/01/27 21:12:42.0298	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/01/27 21:12:42.0412	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/01/27 21:12:42.0466	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/01/27 21:12:42.0556	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/01/27 21:12:42.0648	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys

2011/01/27 21:12:42.0714	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/01/27 21:12:42.0749	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/01/27 21:12:42.0784	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/01/27 21:12:42.0853	SynTP           (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys

2011/01/27 21:12:42.0958	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/01/27 21:12:43.0106	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/01/27 21:12:43.0172	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/01/27 21:12:43.0218	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/01/27 21:12:43.0250	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/01/27 21:12:43.0295	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/01/27 21:12:43.0330	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/01/27 21:12:43.0422	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/01/27 21:12:43.0534	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/01/27 21:12:43.0586	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/01/27 21:12:43.0628	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/01/27 21:12:43.0695	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/01/27 21:12:43.0728	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/01/27 21:12:43.0761	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/01/27 21:12:43.0905	USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2011/01/27 21:12:43.0958	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

2011/01/27 21:12:44.0000	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/01/27 21:12:44.0048	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/01/27 21:12:44.0086	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/01/27 21:12:44.0132	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/01/27 21:12:44.0172	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/01/27 21:12:44.0281	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/01/27 21:12:44.0333	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/01/27 21:12:44.0371	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/01/27 21:12:44.0411	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/01/27 21:12:44.0458	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/01/27 21:12:44.0578	uxpatch         (628c632710ab55747cb5bcc68716be21) C:\Windows\system32\drivers\uxpatch.sys

2011/01/27 21:12:44.0645	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/01/27 21:12:44.0694	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/01/27 21:12:44.0731	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/01/27 21:12:44.0771	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/01/27 21:12:44.0818	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/01/27 21:12:44.0853	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/01/27 21:12:44.0930	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/01/27 21:12:44.0971	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/01/27 21:12:45.0012	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/01/27 21:12:45.0056	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/01/27 21:12:45.0097	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/01/27 21:12:45.0133	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/01/27 21:12:45.0194	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/01/27 21:12:45.0233	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/01/27 21:12:45.0287	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/01/27 21:12:45.0384	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/27 21:12:45.0408	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/27 21:12:45.0512	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/01/27 21:12:45.0554	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/01/27 21:12:45.0647	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/01/27 21:12:45.0698	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/01/27 21:12:45.0854	WINUSB          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS

2011/01/27 21:12:45.0927	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/01/27 21:12:46.0007	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/01/27 21:12:46.0077	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/01/27 21:12:46.0129	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/01/27 21:12:46.0248	================================================================================

2011/01/27 21:12:46.0248	Scan finished

2011/01/27 21:12:46.0248	================================================================================

2011/01/27 21:12:46.0267	Detected object count: 1

2011/01/27 21:23:44.0709	Locked file(sptd) - User select action: Skip 

2011/01/27 21:23:52.0179	Deinitialize success



#9 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 30 January 2011 - 08:55 PM

So am I done? Does this mean I'm clean?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 30 January 2011 - 10:59 PM

Hello, sorry I did not get the last post notification. This looks clean to me now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 01 February 2011 - 03:51 AM

Thank you very much for your help -- you're a lifesaver! Do you recommend a particular antivirus to keep running or a particular software to scan suspicious files?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 01 February 2011 - 10:36 AM

You're most welcome! I do not know which AV you have now but I recommmend either Avira or Avast. I would also keep MBAM and SAS as on demand scanners. Update and scan weekly. All can be found here.
Freeware Replacements for Common Commercial Apps

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 RE90

RE90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 04 February 2011 - 05:44 AM

Thank you so much -- you're help is greatly appreciated. Thanks for saving my computer.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:41 AM

Posted 04 February 2011 - 12:05 PM

:thumbup2: my pleasure!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users