Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for help with a browser/network redirect


  • Please log in to reply
13 replies to this topic

#1 cmoore42

cmoore42

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 February 2011 - 09:08 PM

My environment:

Windows 7 64 bit
McAfee SecurityCenter Beta

My problem:
I've got something that's redirecting my browser through a proxy. The virus does this:
- Sets my proxy to 127.0.0.1:(some port). The port is usually 50022, but not always
- Starts up processes called conhost.exe, csrss.exe, dwm.exe. At least one of these is listening on the above port. Although these are the same name as normal Windows processes I can tell that they are bogus
- Sets up an autostart for csrss.exe
- Connections are getting redirected to applian.securesites.com

What I've done so far:
- Using HijackThis I've removed the proxy entry. It comes back.
- Killed the processes
- Removed the executable files
- using HijackThis, removed the autostart entry

Reboot makes all of the above come back, so there's some piece that I'm missing.

Any help would be appreciated. You guys have helped me in the past, and you're always awesome. Thanks in advance.

Edited by Orange Blossom, 16 February 2011 - 09:26 PM.
Moved to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 16 February 2011 - 11:00 PM

Hello and welcome.

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 17 February 2011 - 10:25 AM

The problem appears to be solved now, but I should monitor it for a few days to make sure.

Here is the SuperAntiSpyware Scan log. (I removed the section with cookies removed.
For the same reason that I don't want those cookies tracking me, I also don't want
to post them to a public forum).

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2011 at 11:24 PM

Application Version : 4.48.1000

Core Rules Database Version : 6385
Trace Rules Database Version: 4197

Scan type : Complete Scan
Total Scan Time : 02:23:58

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 15188
Registry threats detected : 3
File items scanned : 386386
File threats detected : 458

Trojan.Agent/Gen-FakeAlert[ConHost]
(x86) [conhost] C:\USERS\CHRISTOPHER_MOORE\APPDATA\ROAMING\MICROSOFT\CONHOST.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\ROAMING\MICROSOFT\CONHOST.EXE

Trojan.Agent/Gen-Backdoor
(x86) [Load] C:\USERS\CHRIST~1\APPDATA\LOCAL\TEMP\CSRSS.EXE
C:\USERS\CHRIST~1\APPDATA\LOCAL\TEMP\CSRSS.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\CSRSS.EXE
C:\Windows\Prefetch\CSRSS.EXE-DB089C20.pf


Malware.Trace
(x86) HKU\S-1-5-21-4053922836-4143027966-2168014183-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Rogue.AntivirusStudio
C:\Users\christopher_moore\LOCAL SETTINGS\TEMP\JDHELLWO3.EXE
C:\Users\christopher_moore\LOCAL SETTINGS\TEMP\JKbleepFU.EXE
C:\Users\christopher_moore\LOCAL SETTINGS\TEMP\DESTROYER.EXE
C:\Users\christopher_moore\LOCAL SETTINGS\TEMP\COCKSUCKER.EXE
C:\Users\christopher_moore\LOCAL SETTINGS\TEMP\COSOCK.EXE

Trojan.Agent/Gen-IEFake
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\CHRISTOPHER_MOORE\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE

Here's the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5783

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/17/2011 6:45:49 AM
mbam-log-2011-02-17 (06-45-49).txt

Scan type: Quick scan
Objects scanned: 182177
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\christopher_moore\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-4053922836-4143027966-2168014183-1000\$RD7UYN3.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-4053922836-4143027966-2168014183-1000\$RKQ6ZOB.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\christopher_moore\AppData\Local\Temp\6C9F.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\christopher_moore\AppData\Local\Temp\9AFB.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 17 February 2011 - 11:30 AM

Hi I think it is only fair I post this advice.
One or more of the identified infections is a backdoor trojan/Bot.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 17 February 2011 - 12:53 PM

Thanks for the advice. I'll consider reformatting - I haven't made a definite decision yet. In the end that may be the best approach.

For now I'd like to continue trying to clean it as best we can.

Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 17 February 2011 - 02:19 PM

Fair enough.. let's scan for TDss malware

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Now an Online scan.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 17 February 2011 - 11:50 PM

Logs are below. TDSSKiller reported no threats but one "suspicious entry".
ESET scanner reported it found and removed 19 threats.

2011/02/17 11:33:03.0513 6528 ================================================================================
2011/02/17 11:33:03.0513 6528 Scan started
2011/02/17 11:33:03.0513 6528 Mode: Manual;
2011/02/17 11:33:03.0513 6528 ================================================================================
2011/02/17 11:33:03.0809 6528 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/17 11:33:03.0866 6528 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2011/02/17 11:33:03.0898 6528 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/17 11:33:03.0923 6528 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/17 11:33:03.0964 6528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/17 11:33:03.0993 6528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/17 11:33:04.0014 6528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/17 11:33:04.0054 6528 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/17 11:33:04.0078 6528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/17 11:33:04.0115 6528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/17 11:33:04.0140 6528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/17 11:33:04.0166 6528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/17 11:33:04.0202 6528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/17 11:33:04.0228 6528 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/17 11:33:04.0262 6528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/17 11:33:04.0293 6528 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/17 11:33:04.0314 6528 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/17 11:33:04.0353 6528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/17 11:33:04.0377 6528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/17 11:33:04.0422 6528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/17 11:33:04.0447 6528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/17 11:33:04.0580 6528 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/17 11:33:04.0675 6528 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2011/02/17 11:33:04.0708 6528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/17 11:33:04.0751 6528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/17 11:33:04.0779 6528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/17 11:33:04.0803 6528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/17 11:33:04.0823 6528 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/17 11:33:04.0855 6528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/17 11:33:04.0875 6528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/17 11:33:04.0941 6528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/17 11:33:04.0967 6528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/17 11:33:05.0007 6528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/17 11:33:05.0030 6528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/17 11:33:05.0062 6528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/17 11:33:05.0099 6528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/17 11:33:05.0131 6528 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/17 11:33:05.0175 6528 cfwids (de6e14735643a31a74401b026e541bf4) C:\Windows\system32\drivers\cfwids.sys
2011/02/17 11:33:05.0203 6528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/17 11:33:05.0240 6528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/17 11:33:05.0282 6528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/17 11:33:05.0331 6528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/17 11:33:05.0361 6528 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/17 11:33:05.0391 6528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/17 11:33:05.0413 6528 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/17 11:33:05.0436 6528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/17 11:33:05.0471 6528 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/17 11:33:05.0509 6528 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/17 11:33:05.0539 6528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/17 11:33:05.0562 6528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/17 11:33:05.0602 6528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/17 11:33:05.0658 6528 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/17 11:33:05.0786 6528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/17 11:33:05.0854 6528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/17 11:33:05.0886 6528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/17 11:33:05.0922 6528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/17 11:33:05.0948 6528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/17 11:33:05.0968 6528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/17 11:33:06.0000 6528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/17 11:33:06.0031 6528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/17 11:33:06.0043 6528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/17 11:33:06.0077 6528 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/17 11:33:06.0099 6528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/17 11:33:06.0132 6528 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/17 11:33:06.0179 6528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/17 11:33:06.0200 6528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/17 11:33:06.0258 6528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/17 11:33:06.0291 6528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/17 11:33:06.0329 6528 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/17 11:33:06.0357 6528 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/17 11:33:06.0377 6528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/17 11:33:06.0400 6528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/17 11:33:06.0423 6528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/17 11:33:06.0445 6528 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/17 11:33:06.0478 6528 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/17 11:33:06.0517 6528 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/17 11:33:06.0532 6528 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/17 11:33:06.0563 6528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/17 11:33:06.0598 6528 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/17 11:33:06.0618 6528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/17 11:33:06.0698 6528 IntcAzAudAddService (5e7092c34f6a5d28c5a3d5570b5622f9) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/17 11:33:06.0734 6528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/17 11:33:06.0754 6528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/17 11:33:06.0784 6528 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/17 11:33:06.0810 6528 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/17 11:33:06.0838 6528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/17 11:33:06.0874 6528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/17 11:33:06.0894 6528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/17 11:33:06.0940 6528 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/17 11:33:06.0964 6528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/17 11:33:06.0993 6528 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/17 11:33:07.0018 6528 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/17 11:33:07.0064 6528 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/17 11:33:07.0086 6528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/17 11:33:07.0147 6528 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/02/17 11:33:07.0186 6528 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/02/17 11:33:07.0206 6528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/17 11:33:07.0248 6528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/17 11:33:07.0273 6528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/17 11:33:07.0312 6528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/17 11:33:07.0333 6528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/17 11:33:07.0349 6528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/17 11:33:07.0403 6528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/17 11:33:07.0428 6528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/17 11:33:07.0482 6528 mfeapfk (3bfbf608b5f0d4c724621e52f6c20b6b) C:\Windows\system32\drivers\mfeapfk.sys
2011/02/17 11:33:07.0530 6528 mfeavfk (20e8a200c6dea63f93235023b30cd84d) C:\Windows\system32\drivers\mfeavfk.sys
2011/02/17 11:33:07.0654 6528 mfefirek (e430d565ce85f81d8ea10b293507da89) C:\Windows\system32\drivers\mfefirek.sys
2011/02/17 11:33:07.0689 6528 mfehidk (b124e34c4a0de7317e938b3f1cb2eec3) C:\Windows\system32\drivers\mfehidk.sys
2011/02/17 11:33:07.0708 6528 mfenlfk (cb9686df89f120850104e950eb874837) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/02/17 11:33:07.0729 6528 mferkdet (9c61b98dac439db725171233b9469e24) C:\Windows\system32\drivers\mferkdet.sys
2011/02/17 11:33:07.0780 6528 mfewfpk (8ece5170e8d8b50cc0731d8759a240cf) C:\Windows\system32\drivers\mfewfpk.sys
2011/02/17 11:33:07.0809 6528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/17 11:33:07.0844 6528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/17 11:33:07.0866 6528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/17 11:33:07.0896 6528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/17 11:33:07.0919 6528 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/17 11:33:07.0965 6528 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/17 11:33:07.0991 6528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/17 11:33:08.0031 6528 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/17 11:33:08.0087 6528 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/17 11:33:08.0132 6528 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/17 11:33:08.0161 6528 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/17 11:33:08.0181 6528 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/17 11:33:08.0207 6528 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/17 11:33:08.0258 6528 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/02/17 11:33:08.0282 6528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/17 11:33:08.0304 6528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/17 11:33:08.0323 6528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/17 11:33:08.0362 6528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/17 11:33:08.0381 6528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/17 11:33:08.0416 6528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/17 11:33:08.0451 6528 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/17 11:33:08.0475 6528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/17 11:33:08.0502 6528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/17 11:33:08.0521 6528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/17 11:33:08.0547 6528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/17 11:33:08.0595 6528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/17 11:33:08.0634 6528 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/17 11:33:08.0679 6528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/17 11:33:08.0699 6528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/17 11:33:08.0733 6528 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/17 11:33:08.0772 6528 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/17 11:33:08.0794 6528 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/17 11:33:08.0816 6528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/17 11:33:08.0840 6528 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/17 11:33:08.0885 6528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/17 11:33:08.0934 6528 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
2011/02/17 11:33:08.0989 6528 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/02/17 11:33:09.0008 6528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/17 11:33:09.0033 6528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/17 11:33:09.0086 6528 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/17 11:33:09.0105 6528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/17 11:33:09.0149 6528 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
2011/02/17 11:33:09.0432 6528 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/17 11:33:09.0508 6528 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/17 11:33:09.0666 6528 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/17 11:33:09.0824 6528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/17 11:33:09.0870 6528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/17 11:33:09.0906 6528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/17 11:33:09.0938 6528 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/17 11:33:09.0983 6528 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/17 11:33:10.0015 6528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/17 11:33:10.0031 6528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/17 11:33:10.0052 6528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/17 11:33:10.0086 6528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/17 11:33:10.0150 6528 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/17 11:33:10.0173 6528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/17 11:33:10.0214 6528 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/17 11:33:10.0258 6528 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/02/17 11:33:10.0357 6528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/17 11:33:10.0376 6528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/17 11:33:10.0400 6528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/17 11:33:10.0434 6528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/17 11:33:10.0464 6528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/17 11:33:10.0503 6528 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/17 11:33:10.0532 6528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/17 11:33:10.0561 6528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/17 11:33:10.0591 6528 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/17 11:33:10.0613 6528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/17 11:33:10.0641 6528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/17 11:33:10.0671 6528 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/17 11:33:10.0702 6528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/17 11:33:10.0759 6528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/17 11:33:10.0791 6528 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/17 11:33:10.0812 6528 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/17 11:33:10.0881 6528 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/02/17 11:33:10.0904 6528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/17 11:33:10.0975 6528 RTCore64 (4b194021d6bd6650cbd1aed9370b2329) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
2011/02/17 11:33:11.0027 6528 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/17 11:33:11.0064 6528 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/17 11:33:11.0145 6528 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/17 11:33:11.0161 6528 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/17 11:33:11.0202 6528 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/17 11:33:11.0242 6528 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/17 11:33:11.0275 6528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/17 11:33:11.0298 6528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/17 11:33:11.0320 6528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/17 11:33:11.0337 6528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/17 11:33:11.0387 6528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/17 11:33:11.0431 6528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/17 11:33:11.0470 6528 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/17 11:33:11.0497 6528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/17 11:33:11.0530 6528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/17 11:33:11.0560 6528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/17 11:33:11.0590 6528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/17 11:33:11.0621 6528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/17 11:33:11.0739 6528 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/17 11:33:11.0739 6528 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/17 11:33:11.0743 6528 sptd - detected Locked file (1)
2011/02/17 11:33:11.0796 6528 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/17 11:33:11.0866 6528 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/17 11:33:11.0908 6528 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/17 11:33:11.0942 6528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/17 11:33:11.0972 6528 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/17 11:33:12.0006 6528 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/17 11:33:12.0026 6528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/17 11:33:12.0122 6528 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/17 11:33:12.0180 6528 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/17 11:33:12.0214 6528 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/17 11:33:12.0236 6528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/17 11:33:12.0256 6528 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/17 11:33:12.0278 6528 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/17 11:33:12.0296 6528 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/17 11:33:12.0351 6528 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/17 11:33:12.0378 6528 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/17 11:33:12.0415 6528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/17 11:33:12.0448 6528 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/17 11:33:12.0490 6528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/17 11:33:12.0522 6528 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/17 11:33:12.0542 6528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/17 11:33:12.0590 6528 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/17 11:33:12.0652 6528 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/17 11:33:12.0692 6528 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
2011/02/17 11:33:12.0723 6528 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/17 11:33:12.0744 6528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/17 11:33:12.0787 6528 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
2011/02/17 11:33:12.0809 6528 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/17 11:33:12.0841 6528 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/17 11:33:12.0870 6528 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
2011/02/17 11:33:12.0916 6528 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/17 11:33:12.0935 6528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/17 11:33:12.0978 6528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/17 11:33:13.0001 6528 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/17 11:33:13.0052 6528 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/17 11:33:13.0104 6528 V0220Dev (7e5c93c29fbf4db2f9e03586695aff66) C:\Windows\system32\DRIVERS\V0220Dev.sys
2011/02/17 11:33:13.0145 6528 V0220Vfx (f9735030ce7e0ec41d312cb357206267) C:\Windows\system32\DRIVERS\V0220Vfx.sys
2011/02/17 11:33:13.0163 6528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/17 11:33:13.0189 6528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/17 11:33:13.0221 6528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/17 11:33:13.0250 6528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/17 11:33:13.0275 6528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/17 11:33:13.0313 6528 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/17 11:33:13.0346 6528 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/17 11:33:13.0363 6528 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/17 11:33:13.0396 6528 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/17 11:33:13.0423 6528 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/17 11:33:13.0465 6528 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/02/17 11:33:13.0509 6528 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/02/17 11:33:13.0532 6528 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/02/17 11:33:13.0580 6528 vpcuxd (4574851fd70edd8476111f880dd66480) C:\Windows\system32\DRIVERS\vpcuxd.sys
2011/02/17 11:33:13.0618 6528 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys
2011/02/17 11:33:13.0643 6528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/17 11:33:13.0782 6528 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
2011/02/17 11:33:13.0811 6528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/17 11:33:13.0836 6528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/17 11:33:13.0873 6528 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/17 11:33:13.0880 6528 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/17 11:33:13.0945 6528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/17 11:33:13.0976 6528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/17 11:33:14.0018 6528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/17 11:33:14.0044 6528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/17 11:33:14.0116 6528 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/02/17 11:33:14.0148 6528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/17 11:33:14.0183 6528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/17 11:33:14.0212 6528 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/17 11:33:14.0236 6528 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/17 11:33:14.0320 6528 ================================================================================
2011/02/17 11:33:14.0320 6528 Scan finished
2011/02/17 11:33:14.0320 6528 ================================================================================
2011/02/17 11:33:14.0326 6520 Detected object count: 1
2011/02/17 11:34:06.0674 6520 Locked file(sptd) - User select action: Skip
2011/02/17 11:34:09.0911 5984 Deinitialize success

C:\Users\christopher_moore\AppData\Local\DRMNetVdm\smpWebSched.dll a variant of Win32/Sefnit.AS trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\1AC2.exe a variant of Win32/Kryptik.KQK trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\1FA2.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\2ED5.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\4386.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\5C10.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\6807.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\7E10.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\A734.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\B732.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\E2A8.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\F064.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\FEEB.exe a variant of Win32/Kryptik.KTW trojan cleaned by deleting - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\jar_cache4394263007309295141.tmp Java/TrojanDownloader.OpenStream.NBE trojan deleted - quarantined
C:\Users\christopher_moore\AppData\Local\Temp\NOD390B.tmp a variant of Win32/Sefnit.AS trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\christopher_moore\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\55d32915-48894984 multiple threats deleted - quarantined
C:\Users\christopher_moore\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\b85f8a1-39617865 a variant of Java/Agent.A trojan deleted - quarantined
C:\Users\christopher_moore\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3246717a-297a5abb multiple threats deleted - quarantined
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\C00.php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan deleted - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 18 February 2011 - 11:44 AM

If you are still redirecting then...
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 18 February 2011 - 12:07 PM

I think I may be clean now. I haven't had any redirects in the last day. I also found a bogus entry in the hosts file mapping localhost to applian.securesites.com. I deleted that.

I'll run MBAM again and post the logs, but hopefully all is clear now.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 18 February 2011 - 12:42 PM

OK,yes then only run MBAm.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 20 February 2011 - 03:54 PM

The latest MBAM scan comes up clean, and I'm not having any redirects anymore.
It looks like all is good now. Do you still want me to post logs?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 20 February 2011 - 04:38 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 cmoore42

cmoore42
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 20 February 2011 - 06:20 PM

OK, did both of those. Thanks again for all the help.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 20 February 2011 - 07:15 PM

You're welcome from the whole bunch here :thumbup2:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users