Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "boot.tidserv" on Windows 7 (x64)


  • This topic is locked This topic is locked
13 replies to this topic

#1 TehM1ZZL3

TehM1ZZL3

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 26 February 2011 - 04:55 PM

Hello,

Since a few days I cope with a problem with a new type of virus I haven't had any experience with (I have had many virusses on my computer because I download a lot) and where I hadn't heard of yet, till now. I think it is something like a rootkit virus, but I'm not sure of that. The virus is called "boot.tidserv" in my virusscanner (Norton Internet Security 2011) and is found 2 times, they have both the same name. It grabbed my atention because it keeps repeating with the pop up message that it requires important atention and I normally don't care a lot about virusses because Norton would repair it automatically, but this seems very scarry to me. Norton gives two options: Scan again or ask for help. Scan again just does nothing and doesn't help with solving the problem. Asking for help brings me to the Symantec website. The Symantec website says it is a low-level damage threat while Norton itself says in the pop up that is at high risk damage for my PC. (Source: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2010-082613-5957-99)

What I have done is trying to reinstallize the Master Boot Record with the Windows 7 disc by restarting my computer and then running the command in CMD called: bootrec \FixMbr. It says it worked succesfully however when I restarted the computer in Windows 7 safemode and did a full system scan with NIS2011 it still found the boot.tidserv. Now not 2 times but even 3 times, so I think it didn't help at all.

I don't know what to do and have read my articles. Including the ones that people say they're not able to boot their system anymore. To be clear I have installed Windows 7 64 bit system twice. One is a messy system with a lot fo data and other stuff for daily tasks and one is for special tasks and is clear of rubbishing applications that make it slow, I haven't run that system for months. I also have a Windows XP system, also I haven't run that system for months. So I don't have to problem with booting the system, it just works fine as it did before. Also I'm afraid of losing important data or passwords so that's also why it grabbed my atention with this virus.

I hope this is enough information for starting to help me.



Many thanks for your help and putting time and effort in it!


Regards,
Julian van Arkel (Netherlands)
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:49 AM

Posted 26 February 2011 - 05:54 PM

Before doing anything if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Edited by quietman7, 26 February 2011 - 05:56 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 27 February 2011 - 11:23 AM

Hello quietman7,

First of all thanks for your help and your reply. I have done all steps you have mentioned above and here are my results:

TDSSKiller.exe log:

2011/02/27 12:59:43.0440 7492 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 12:59:44.0274 7492 ================================================================================
2011/02/27 12:59:44.0274 7492 SystemInfo:
2011/02/27 12:59:44.0274 7492
2011/02/27 12:59:44.0274 7492 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/27 12:59:44.0274 7492 Product type: Workstation
2011/02/27 12:59:44.0274 7492 ComputerName: TEHM1ZZL3-PC
2011/02/27 12:59:44.0275 7492 UserName: TehM1ZZL3
2011/02/27 12:59:44.0275 7492 Windows directory: C:\Windows
2011/02/27 12:59:44.0275 7492 System windows directory: C:\Windows
2011/02/27 12:59:44.0275 7492 Running under WOW64
2011/02/27 12:59:44.0275 7492 Processor architecture: Intel x64
2011/02/27 12:59:44.0275 7492 Number of processors: 4
2011/02/27 12:59:44.0275 7492 Page size: 0x1000
2011/02/27 12:59:44.0275 7492 Boot type: Normal boot
2011/02/27 12:59:44.0275 7492 ================================================================================
2011/02/27 12:59:54.0981 7492 Initialize success
2011/02/27 13:00:28.0939 7580 ================================================================================
2011/02/27 13:00:28.0939 7580 Scan started
2011/02/27 13:00:28.0939 7580 Mode: Manual;
2011/02/27 13:00:28.0939 7580 ================================================================================
2011/02/27 13:00:33.0139 7580 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/27 13:00:33.0233 7580 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/27 13:00:33.0307 7580 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/27 13:00:33.0458 7580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/27 13:00:33.0549 7580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/27 13:00:33.0623 7580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/27 13:00:33.0705 7580 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys
2011/02/27 13:00:33.0832 7580 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/27 13:00:33.0896 7580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/27 13:00:33.0946 7580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/27 13:00:34.0039 7580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/27 13:00:34.0095 7580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/27 13:00:34.0786 7580 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/27 13:00:35.0335 7580 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/27 13:00:35.0459 7580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/27 13:00:35.0529 7580 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/27 13:00:35.0603 7580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/27 13:00:35.0642 7580 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/27 13:00:35.0716 7580 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/27 13:00:35.0842 7580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/27 13:00:35.0899 7580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/27 13:00:36.0015 7580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 13:00:36.0064 7580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/27 13:00:36.0191 7580 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/02/27 13:00:36.0871 7580 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/27 13:00:37.0177 7580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/27 13:00:37.0255 7580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/27 13:00:37.0303 7580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/27 13:00:37.0634 7580 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
2011/02/27 13:00:37.0832 7580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/27 13:00:37.0924 7580 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 13:00:37.0973 7580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/27 13:00:38.0032 7580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/27 13:00:38.0389 7580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/27 13:00:38.0432 7580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/27 13:00:38.0479 7580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/27 13:00:38.0581 7580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/27 13:00:38.0626 7580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/27 13:00:38.0699 7580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 13:00:38.0775 7580 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 13:00:38.0871 7580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 13:00:38.0943 7580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/27 13:00:39.0018 7580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/27 13:00:39.0067 7580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/27 13:00:39.0161 7580 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/27 13:00:39.0223 7580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/27 13:00:39.0284 7580 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/27 13:00:39.0612 7580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/27 13:00:39.0723 7580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/27 13:00:39.0811 7580 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 13:00:39.0975 7580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/27 13:00:40.0042 7580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/27 13:00:40.0374 7580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 13:00:40.0573 7580 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2011/02/27 13:00:40.0745 7580 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 13:00:41.0063 7580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/27 13:00:41.0294 7580 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/02/27 13:00:41.0541 7580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/27 13:00:41.0631 7580 emAudio (94d908221cc7ed1372cd200ed331b567) C:\Windows\system32\drivers\emAudio64.sys
2011/02/27 13:00:41.0861 7580 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/27 13:00:41.0920 7580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/27 13:00:42.0022 7580 ET5Drv (5c309d62311a4b11194553758b30fff9) C:\Windows\ET5Drv.sys
2011/02/27 13:00:42.0115 7580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/27 13:00:42.0189 7580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 13:00:42.0242 7580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 13:00:42.0288 7580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 13:00:42.0338 7580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 13:00:42.0427 7580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 13:00:42.0568 7580 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 13:00:42.0709 7580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/27 13:00:42.0762 7580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 13:00:42.0862 7580 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/27 13:00:42.0920 7580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/27 13:00:42.0992 7580 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/02/27 13:00:43.0078 7580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/27 13:00:43.0215 7580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/27 13:00:43.0316 7580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/27 13:00:43.0381 7580 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 13:00:43.0736 7580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/27 13:00:43.0837 7580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/27 13:00:43.0901 7580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 13:00:43.0980 7580 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 13:00:44.0120 7580 hotcore3 (78d379ce4d18ed735224660abf972716) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/02/27 13:00:44.0205 7580 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/27 13:00:44.0333 7580 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 13:00:44.0376 7580 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/27 13:00:44.0412 7580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 13:00:44.0500 7580 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/27 13:00:44.0855 7580 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110225.001\IDSvia64.sys
2011/02/27 13:00:44.0885 7580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/27 13:00:45.0405 7580 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/27 13:00:45.0496 7580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/27 13:00:45.0557 7580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 13:00:45.0619 7580 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 13:00:45.0669 7580 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/27 13:00:45.0742 7580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/27 13:00:45.0861 7580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 13:00:45.0886 7580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/27 13:00:45.0915 7580 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 13:00:45.0972 7580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 13:00:46.0006 7580 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 13:00:46.0073 7580 KoneFltr (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
2011/02/27 13:00:46.0111 7580 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 13:00:46.0139 7580 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/27 13:00:46.0156 7580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/27 13:00:46.0230 7580 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/02/27 13:00:46.0290 7580 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/02/27 13:00:46.0328 7580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 13:00:46.0422 7580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/27 13:00:46.0462 7580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/27 13:00:46.0486 7580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/27 13:00:46.0525 7580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/27 13:00:46.0697 7580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/27 13:00:46.0793 7580 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/27 13:00:46.0862 7580 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/27 13:00:46.0975 7580 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/02/27 13:00:47.0737 7580 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/02/27 13:00:48.0042 7580 MarkFun_NT (06a755c33253fe3f8456b004af991bde) C:\Program Files (x86)\GIGABYTE\ET5\markfun.a64
2011/02/27 13:00:48.0274 7580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/27 13:00:48.0315 7580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/27 13:00:48.0403 7580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/27 13:00:48.0458 7580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 13:00:48.0524 7580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 13:00:48.0707 7580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 13:00:48.0788 7580 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 13:00:49.0235 7580 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/27 13:00:49.0399 7580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 13:00:49.0558 7580 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 13:00:49.0636 7580 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 13:00:49.0680 7580 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 13:00:49.0741 7580 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 13:00:49.0785 7580 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/27 13:00:49.0816 7580 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/27 13:00:49.0889 7580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 13:00:49.0934 7580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/27 13:00:49.0954 7580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/27 13:00:50.0034 7580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 13:00:50.0160 7580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 13:00:50.0300 7580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 13:00:50.0343 7580 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 13:00:50.0386 7580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 13:00:50.0413 7580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 13:00:50.0457 7580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/27 13:00:50.0496 7580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/27 13:00:50.0684 7580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 13:00:51.0031 7580 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110226.003\ENG64.SYS
2011/02/27 13:00:51.0417 7580 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110226.003\EX64.SYS
2011/02/27 13:00:51.0594 7580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/27 13:00:51.0659 7580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/27 13:00:51.0714 7580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 13:00:51.0750 7580 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 13:00:51.0820 7580 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 13:00:51.0872 7580 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 13:00:51.0914 7580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 13:00:51.0961 7580 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 13:00:52.0112 7580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/27 13:00:52.0212 7580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 13:00:52.0289 7580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 13:00:52.0447 7580 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 13:00:52.0497 7580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/27 13:00:52.0709 7580 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/27 13:00:52.0829 7580 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/27 13:00:52.0875 7580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/27 13:00:52.0934 7580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 13:00:53.0158 7580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/27 13:00:53.0206 7580 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 13:00:53.0248 7580 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/27 13:00:53.0294 7580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/27 13:00:53.0340 7580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/27 13:00:53.0389 7580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/27 13:00:53.0479 7580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/27 13:00:53.0744 7580 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 13:00:53.0821 7580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/27 13:00:53.0914 7580 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 13:00:54.0096 7580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/27 13:00:54.0175 7580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/27 13:00:54.0243 7580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 13:00:54.0301 7580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 13:00:54.0386 7580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/27 13:00:54.0477 7580 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 13:00:55.0038 7580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 13:00:55.0532 7580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 13:00:55.0794 7580 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 13:00:55.0835 7580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/27 13:00:55.0875 7580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 13:00:55.0924 7580 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/27 13:00:55.0975 7580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 13:00:56.0005 7580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/27 13:00:56.0035 7580 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 13:00:56.0107 7580 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/27 13:00:56.0181 7580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 13:00:56.0278 7580 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/27 13:00:56.0314 7580 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/27 13:00:56.0339 7580 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/27 13:00:56.0443 7580 SCDEmu (d3022dba20029f1899b555298a5e95a3) C:\Windows\system32\drivers\SCDEmu.sys
2011/02/27 13:00:56.0487 7580 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/27 13:00:56.0588 7580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 13:00:56.0995 7580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/27 13:00:57.0122 7580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/27 13:00:57.0145 7580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/27 13:00:57.0208 7580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/27 13:00:57.0275 7580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/27 13:00:57.0320 7580 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/27 13:00:57.0356 7580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/27 13:00:57.0410 7580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/27 13:00:57.0453 7580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/27 13:00:57.0500 7580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 13:00:57.0616 7580 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys
2011/02/27 13:00:57.0774 7580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/27 13:00:57.0968 7580 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/27 13:00:57.0969 7580 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/27 13:00:57.0973 7580 sptd - detected Locked file (1)
2011/02/27 13:00:58.0099 7580 SRS_HDAL_Service (d030883fd7e6a0f5e3ec5db56ff9cf88) C:\Windows\system32\drivers\SRS_HDAL_amd64.sys
2011/02/27 13:00:58.0189 7580 SRS_iWowPC_Service (3fbbc53e4771a8846b2b00938de7cfec) C:\Windows\system32\drivers\srs_iWowPC_amd64.sys
2011/02/27 13:00:58.0425 7580 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
2011/02/27 13:00:58.0478 7580 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
2011/02/27 13:00:58.0677 7580 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 13:00:58.0831 7580 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 13:00:58.0928 7580 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 13:00:59.0002 7580 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/02/27 13:00:59.0067 7580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/27 13:00:59.0148 7580 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/27 13:00:59.0185 7580 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/27 13:00:59.0243 7580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 13:00:59.0499 7580 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
2011/02/27 13:00:59.0681 7580 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
2011/02/27 13:00:59.0815 7580 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/02/27 13:00:59.0925 7580 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
2011/02/27 13:01:00.0066 7580 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS
2011/02/27 13:01:00.0821 7580 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 13:01:01.0204 7580 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 13:01:01.0285 7580 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 13:01:01.0323 7580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 13:01:01.0439 7580 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/02/27 13:01:01.0526 7580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 13:01:01.0615 7580 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 13:01:01.0679 7580 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 13:01:01.0811 7580 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/02/27 13:01:01.0896 7580 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
2011/02/27 13:01:01.0960 7580 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 13:01:02.0006 7580 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 13:01:02.0058 7580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/27 13:01:02.0123 7580 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 13:01:02.0180 7580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/27 13:01:02.0232 7580 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 13:01:02.0300 7580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/27 13:01:02.0412 7580 USB28xxBGA (3cb4b7d5cb10a925bcbd5ab7046ab8ab) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/02/27 13:01:02.0540 7580 USB28xxOEM (1124a9445c5835cb40c0099e6c3fa2c2) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/02/27 13:01:02.0743 7580 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/27 13:01:02.0839 7580 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/27 13:01:02.0893 7580 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 13:01:02.0996 7580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 13:01:03.0039 7580 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 13:01:03.0144 7580 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 13:01:03.0185 7580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 13:01:03.0250 7580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/27 13:01:03.0271 7580 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 13:01:03.0308 7580 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 13:01:03.0379 7580 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/27 13:01:03.0457 7580 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/27 13:01:03.0532 7580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/27 13:01:03.0584 7580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 13:01:03.0628 7580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/27 13:01:03.0659 7580 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/27 13:01:03.0697 7580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/27 13:01:03.0725 7580 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/27 13:01:03.0762 7580 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/27 13:01:03.0876 7580 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/27 13:01:03.0956 7580 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 13:01:04.0005 7580 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/27 13:01:04.0051 7580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/27 13:01:04.0113 7580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/27 13:01:04.0165 7580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/27 13:01:04.0220 7580 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 13:01:04.0247 7580 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 13:01:04.0322 7580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/27 13:01:04.0383 7580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 13:01:04.0463 7580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/27 13:01:04.0485 7580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/27 13:01:04.0855 7580 WINUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/02/27 13:01:05.0558 7580 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
2011/02/27 13:01:05.0666 7580 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
2011/02/27 13:01:05.0704 7580 WmHidLo (68ad463151d0e2325c8307a4c7a8808e) C:\Windows\system32\drivers\WmHidLo.sys
2011/02/27 13:01:05.0741 7580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 13:01:05.0829 7580 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
2011/02/27 13:01:05.0867 7580 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
2011/02/27 13:01:05.0910 7580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 13:01:05.0960 7580 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/27 13:01:05.0999 7580 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 13:01:06.0164 7580 \HardDisk4 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/27 13:01:06.0180 7580 ================================================================================
2011/02/27 13:01:06.0180 7580 Scan finished
2011/02/27 13:01:06.0180 7580 ================================================================================
2011/02/27 13:01:06.0191 8076 Detected object count: 2
2011/02/27 13:21:28.0335 8076 Locked file(sptd) - User select action: Skip
2011/02/27 13:21:28.0388 8076 \HardDisk4 - will be cured after reboot
2011/02/27 13:21:28.0391 8076 Rootkit.Win32.TDSS.tdl4(\HardDisk4) - User select action: Cure
2011/02/27 13:52:08.0625 7468 Deinitialize success




Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5892

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27-2-2011 17:17:08
mbam-log-2011-02-27 (17-17-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|M:\|N:\|)
Objects scanned: 1325143
Time elapsed: 2 hour(s), 53 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MFJJEC0A1L (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Audio HD Driver (Trojan.Downloader) -> Value: Audio HD Driver -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Google\google earth\client\google.earth.plus.5.2.x-mpt.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\tehm1zzl3\Desktop\desktop-folder\sgw_v1.0_trn+9.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\tehm1zzl3\downloads\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tehm1zzl3\downloads\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\tehm1zzl3\downloads\Phx_data\Res\ss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\Games\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
e:\hd120gb_backup\office2008\microsoft office 2007 - keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\hd120gb_backup\office2008\vista tools\office tools\microsoft office 2007 - keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\teh-overige-[31-5-2010]-tehdataiv\ms-office-07&10\office_2007_enterprise_tehm1zzl3\microsoft office 2007 - keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\teh-overige-[31-5-2010]-tehdataiv\ms-office-07&10\office_2007_enterprise_tehm1zzl3\vista tools\office tools\microsoft office 2007 - keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\teh-vista-data-(1)-[31-5-10]\downloads\poweriso.v4.4.winall.incl.keygen-crd\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
g:\tmz-data-[21-4-2010]\707Files\captain_sim\707\manual\files\707_template.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
g:\tmz-data-[21-4-2010]\downloads\yamicsoft.windows.7.manager.v1.2.1.incl.keymaker-core\yamicsoft.windows.7.manager.v1.2.1.incl.keymaker-core\yamicsoft.windows.7.manager.v1.2.1.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
g:\tmz-data-[21-4-2010]\sabnzbddatacom\stuffit.deluxe.2010.v14.0.0.18.incl.keymaker-core.rar\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\teh-archive-[21-1-2011]\mobile_(phones)\neeme\G\1\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\teh-archive-[21-1-2011]\mobile_(phones)\neeme\GAS\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\teh-downloads-new-[14-7-2010]\coreplayer professional v1.2.5.nfo\coreplayer_pro-1.2.5.win32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
i:\teh-downloads-new-[21-11-2009]\adobe after effects cs4 multilanguage.1\keygen + fix ( use only keygen or only fix )\Keygen\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
i:\teh-downloads-new-[21-11-2009]\adobe.after.effects.cs5.v10.0.x64.incl.keymaker-embrace\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
i:\teh-downloads-new-[21-11-2009]\adobe.fireworks.cs5.v11.0.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\teh-downloads-new-[21-11-2009]\alcohol 120% final retail versie 1.9.8.7612 (nl).par2.1\alcohol 120% final retail versie 1.9.8.7612 (nl)\alcohol 120% versie 1.9.8.7612 (portable)\a.c.i.d. wizard.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
m:\Users\Julian\Desktop\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
n:\documents and settings\tehm1zzl3\Desktop\winamp.pro.v5.58.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Users\tehm1zzl3\AppData\Roaming\systemdriver.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\wkernel32.sys (Malware.Trace) -> Quarantined and deleted successfully.
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:49 AM

Posted 28 February 2011 - 07:32 AM

This is the pertinent section of the log which indicates a TDSS rootkit infected the Master Boot Record (MBR) and that it will be cured after reboot.

2011/02/27 13:01:06.0164 7580 \HardDisk4 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/27 13:01:06.0180 7580 ================================================================================
2011/02/27 13:01:06.0180 7580 Scan finished
2011/02/27 13:01:06.0180 7580 ================================================================================
2011/02/27 13:01:06.0191 8076 Detected object count: 2
2011/02/27 13:21:28.0388 8076 \HardDisk4 - will be cured after reboot
2011/02/27 13:21:28.0391 8076 Rootkit.Win32.TDSS.tdl4(\HardDisk4) - User select action: Cure

This particular malware alters the MBR of the system drive to ensure persistent execution of malicious code. Essentially, it overwrites the MBR of the hard disk with its own code and stores a copy of the original MBR at another sector using rootkit techniques to hide itself. For more specific analysis and explanation of the infection, please refer to:Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.


Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 28 February 2011 - 10:18 AM

Thank you for your help again!

Here you go:

TDSSKiller Log:

2011/02/28 16:09:52.0729 1604 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 16:09:53.0135 1604 ================================================================================
2011/02/28 16:09:53.0135 1604 SystemInfo:
2011/02/28 16:09:53.0135 1604
2011/02/28 16:09:53.0135 1604 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/28 16:09:53.0135 1604 Product type: Workstation
2011/02/28 16:09:53.0135 1604 ComputerName: TEHM1ZZL3-PC
2011/02/28 16:09:53.0135 1604 UserName: TehM1ZZL3
2011/02/28 16:09:53.0135 1604 Windows directory: C:\Windows
2011/02/28 16:09:53.0135 1604 System windows directory: C:\Windows
2011/02/28 16:09:53.0135 1604 Running under WOW64
2011/02/28 16:09:53.0135 1604 Processor architecture: Intel x64
2011/02/28 16:09:53.0135 1604 Number of processors: 4
2011/02/28 16:09:53.0135 1604 Page size: 0x1000
2011/02/28 16:09:53.0135 1604 Boot type: Normal boot
2011/02/28 16:09:53.0135 1604 ================================================================================
2011/02/28 16:09:56.0981 1604 Initialize success
2011/02/28 16:10:01.0890 2388 ================================================================================
2011/02/28 16:10:01.0890 2388 Scan started
2011/02/28 16:10:01.0890 2388 Mode: Manual;
2011/02/28 16:10:01.0890 2388 ================================================================================
2011/02/28 16:10:03.0357 2388 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/28 16:10:03.0393 2388 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/28 16:10:03.0418 2388 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/28 16:10:03.0486 2388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/28 16:10:03.0517 2388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/28 16:10:03.0540 2388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/28 16:10:03.0592 2388 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys
2011/02/28 16:10:03.0644 2388 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/28 16:10:03.0683 2388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/28 16:10:03.0750 2388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/28 16:10:03.0893 2388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/28 16:10:03.0916 2388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/28 16:10:04.0163 2388 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 16:10:04.0260 2388 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/28 16:10:04.0285 2388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/28 16:10:04.0313 2388 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/28 16:10:04.0353 2388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/28 16:10:04.0376 2388 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/28 16:10:04.0404 2388 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/28 16:10:04.0468 2388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/28 16:10:04.0493 2388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/28 16:10:04.0537 2388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 16:10:04.0557 2388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/28 16:10:04.0619 2388 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/02/28 16:10:04.0858 2388 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 16:10:04.0974 2388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/28 16:10:05.0018 2388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/28 16:10:05.0067 2388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/28 16:10:05.0257 2388 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
2011/02/28 16:10:05.0298 2388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/28 16:10:05.0348 2388 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 16:10:05.0370 2388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/28 16:10:05.0390 2388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/28 16:10:05.0420 2388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/28 16:10:05.0441 2388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/28 16:10:05.0463 2388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/28 16:10:05.0482 2388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/28 16:10:05.0502 2388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/28 16:10:05.0534 2388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 16:10:05.0572 2388 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/28 16:10:05.0614 2388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/28 16:10:05.0645 2388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/28 16:10:05.0712 2388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/28 16:10:05.0728 2388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/28 16:10:05.0755 2388 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/28 16:10:05.0784 2388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/28 16:10:05.0812 2388 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/28 16:10:05.0974 2388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/28 16:10:06.0016 2388 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/28 16:10:06.0065 2388 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/28 16:10:06.0137 2388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/28 16:10:06.0162 2388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/28 16:10:06.0213 2388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/28 16:10:06.0279 2388 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2011/02/28 16:10:06.0342 2388 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 16:10:06.0706 2388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/28 16:10:06.0895 2388 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/02/28 16:10:07.0060 2388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/28 16:10:07.0143 2388 emAudio (94d908221cc7ed1372cd200ed331b567) C:\Windows\system32\drivers\emAudio64.sys
2011/02/28 16:10:07.0219 2388 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/28 16:10:07.0236 2388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/28 16:10:07.0279 2388 ET5Drv (5c309d62311a4b11194553758b30fff9) C:\Windows\ET5Drv.sys
2011/02/28 16:10:07.0332 2388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/28 16:10:07.0364 2388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/28 16:10:07.0417 2388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 16:10:07.0455 2388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/28 16:10:07.0480 2388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/28 16:10:07.0519 2388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 16:10:07.0554 2388 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/28 16:10:07.0595 2388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/28 16:10:07.0622 2388 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 16:10:07.0672 2388 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/28 16:10:07.0697 2388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/28 16:10:07.0743 2388 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/02/28 16:10:07.0780 2388 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/28 16:10:07.0843 2388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/28 16:10:07.0894 2388 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/28 16:10:07.0951 2388 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/28 16:10:07.0974 2388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/28 16:10:08.0001 2388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/28 16:10:08.0022 2388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/28 16:10:08.0060 2388 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 16:10:08.0126 2388 hotcore3 (78d379ce4d18ed735224660abf972716) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/02/28 16:10:08.0169 2388 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/28 16:10:08.0222 2388 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/28 16:10:08.0249 2388 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/28 16:10:08.0277 2388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/28 16:10:08.0323 2388 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/28 16:10:08.0495 2388 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110225.001\IDSvia64.sys
2011/02/28 16:10:08.0526 2388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/28 16:10:08.0657 2388 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/28 16:10:08.0788 2388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/28 16:10:08.0858 2388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 16:10:08.0900 2388 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 16:10:08.0929 2388 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/28 16:10:08.0976 2388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/28 16:10:09.0029 2388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/28 16:10:09.0054 2388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/28 16:10:09.0083 2388 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/28 16:10:09.0115 2388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/28 16:10:09.0158 2388 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/28 16:10:09.0258 2388 KoneFltr (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
2011/02/28 16:10:09.0279 2388 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 16:10:09.0315 2388 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/28 16:10:09.0341 2388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/28 16:10:09.0392 2388 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/02/28 16:10:09.0417 2388 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/02/28 16:10:09.0455 2388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 16:10:09.0523 2388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/28 16:10:09.0547 2388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/28 16:10:09.0571 2388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/28 16:10:09.0596 2388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/28 16:10:09.0632 2388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/28 16:10:09.0671 2388 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/28 16:10:09.0695 2388 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/28 16:10:09.0754 2388 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/02/28 16:10:09.0975 2388 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/02/28 16:10:10.0114 2388 MarkFun_NT (06a755c33253fe3f8456b004af991bde) C:\Program Files (x86)\GIGABYTE\ET5\markfun.a64
2011/02/28 16:10:10.0180 2388 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
2011/02/28 16:10:10.0223 2388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/28 16:10:10.0247 2388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/28 16:10:10.0286 2388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/28 16:10:10.0315 2388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 16:10:10.0340 2388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 16:10:10.0374 2388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 16:10:10.0405 2388 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/28 16:10:10.0437 2388 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/28 16:10:10.0460 2388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 16:10:10.0494 2388 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/28 16:10:10.0533 2388 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 16:10:10.0575 2388 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 16:10:10.0603 2388 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 16:10:10.0623 2388 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/28 16:10:10.0638 2388 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/28 16:10:10.0677 2388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/28 16:10:10.0697 2388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/28 16:10:10.0716 2388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/28 16:10:10.0756 2388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 16:10:10.0774 2388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 16:10:10.0797 2388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/28 16:10:10.0824 2388 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/28 16:10:10.0851 2388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/28 16:10:10.0878 2388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/28 16:10:10.0905 2388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/28 16:10:10.0927 2388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/28 16:10:10.0974 2388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 16:10:11.0120 2388 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110227.003\ENG64.SYS
2011/02/28 16:10:11.0235 2388 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110227.003\EX64.SYS
2011/02/28 16:10:11.0321 2388 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/28 16:10:11.0358 2388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/28 16:10:11.0390 2388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 16:10:11.0418 2388 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 16:10:11.0445 2388 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 16:10:11.0465 2388 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/28 16:10:11.0491 2388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 16:10:11.0521 2388 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 16:10:11.0598 2388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/28 16:10:11.0640 2388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/28 16:10:11.0667 2388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 16:10:11.0725 2388 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/28 16:10:11.0808 2388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/28 16:10:11.0872 2388 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/28 16:10:11.0900 2388 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/28 16:10:11.0927 2388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/28 16:10:11.0947 2388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/28 16:10:12.0038 2388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/28 16:10:12.0062 2388 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/28 16:10:12.0094 2388 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/28 16:10:12.0116 2388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/28 16:10:12.0137 2388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/28 16:10:12.0162 2388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/28 16:10:12.0202 2388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/28 16:10:12.0299 2388 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 16:10:12.0328 2388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/28 16:10:12.0371 2388 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 16:10:12.0429 2388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/28 16:10:12.0475 2388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/28 16:10:12.0501 2388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 16:10:12.0534 2388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 16:10:12.0562 2388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/28 16:10:12.0595 2388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 16:10:12.0622 2388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 16:10:12.0646 2388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 16:10:12.0676 2388 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 16:10:12.0700 2388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/28 16:10:12.0724 2388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 16:10:12.0751 2388 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/28 16:10:12.0782 2388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 16:10:12.0798 2388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/28 16:10:12.0825 2388 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/28 16:10:12.0856 2388 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/28 16:10:12.0905 2388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 16:10:12.0961 2388 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/28 16:10:13.0005 2388 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/28 16:10:13.0046 2388 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/28 16:10:13.0108 2388 SCDEmu (d3022dba20029f1899b555298a5e95a3) C:\Windows\system32\drivers\SCDEmu.sys
2011/02/28 16:10:13.0128 2388 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/28 16:10:13.0171 2388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/28 16:10:13.0205 2388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/28 16:10:13.0232 2388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/28 16:10:13.0255 2388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/28 16:10:13.0310 2388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/28 16:10:13.0352 2388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/28 16:10:13.0389 2388 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/28 16:10:13.0416 2388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/28 16:10:13.0449 2388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/28 16:10:13.0471 2388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/28 16:10:13.0509 2388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/28 16:10:13.0579 2388 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys
2011/02/28 16:10:13.0643 2388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/28 16:10:13.0871 2388 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/28 16:10:13.0871 2388 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/28 16:10:13.0876 2388 sptd - detected Locked file (1)
2011/02/28 16:10:13.0948 2388 SRS_HDAL_Service (d030883fd7e6a0f5e3ec5db56ff9cf88) C:\Windows\system32\drivers\SRS_HDAL_amd64.sys
2011/02/28 16:10:14.0005 2388 SRS_iWowPC_Service (3fbbc53e4771a8846b2b00938de7cfec) C:\Windows\system32\drivers\srs_iWowPC_amd64.sys
2011/02/28 16:10:14.0129 2388 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
2011/02/28 16:10:14.0164 2388 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
2011/02/28 16:10:14.0214 2388 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/28 16:10:14.0246 2388 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 16:10:14.0275 2388 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 16:10:14.0331 2388 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/02/28 16:10:14.0363 2388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/28 16:10:14.0403 2388 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/28 16:10:14.0432 2388 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/28 16:10:14.0456 2388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/28 16:10:14.0522 2388 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
2011/02/28 16:10:14.0593 2388 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
2011/02/28 16:10:14.0657 2388 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/02/28 16:10:14.0708 2388 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
2011/02/28 16:10:14.0750 2388 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS
2011/02/28 16:10:14.0841 2388 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/28 16:10:14.0897 2388 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 16:10:14.0932 2388 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 16:10:14.0962 2388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/28 16:10:15.0047 2388 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/02/28 16:10:15.0085 2388 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/28 16:10:15.0121 2388 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 16:10:15.0185 2388 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/28 16:10:15.0234 2388 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/02/28 16:10:15.0286 2388 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
2011/02/28 16:10:15.0325 2388 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 16:10:15.0371 2388 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 16:10:15.0406 2388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/28 16:10:15.0437 2388 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 16:10:15.0479 2388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/28 16:10:15.0515 2388 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/28 16:10:15.0541 2388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/28 16:10:15.0602 2388 USB28xxBGA (3cb4b7d5cb10a925bcbd5ab7046ab8ab) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/02/28 16:10:15.0665 2388 USB28xxOEM (1124a9445c5835cb40c0099e6c3fa2c2) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/02/28 16:10:15.0727 2388 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/28 16:10:15.0764 2388 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/28 16:10:15.0785 2388 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/28 16:10:15.0822 2388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/28 16:10:15.0848 2388 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 16:10:15.0879 2388 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/28 16:10:15.0911 2388 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/28 16:10:15.0935 2388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 16:10:15.0956 2388 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/28 16:10:15.0977 2388 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 16:10:16.0023 2388 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/28 16:10:16.0080 2388 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/28 16:10:16.0117 2388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/28 16:10:16.0144 2388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 16:10:16.0163 2388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/28 16:10:16.0195 2388 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/28 16:10:16.0224 2388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/28 16:10:16.0252 2388 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/28 16:10:16.0282 2388 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/28 16:10:16.0337 2388 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/28 16:10:16.0364 2388 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/28 16:10:16.0391 2388 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/28 16:10:16.0421 2388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/28 16:10:16.0450 2388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/28 16:10:16.0477 2388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/28 16:10:16.0507 2388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 16:10:16.0525 2388 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 16:10:16.0568 2388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/28 16:10:16.0604 2388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 16:10:16.0659 2388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/28 16:10:16.0681 2388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/28 16:10:16.0769 2388 WINUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/02/28 16:10:17.0115 2388 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
2011/02/28 16:10:17.0157 2388 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
2011/02/28 16:10:17.0179 2388 WmHidLo (68ad463151d0e2325c8307a4c7a8808e) C:\Windows\system32\drivers\WmHidLo.sys
2011/02/28 16:10:17.0193 2388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/28 16:10:17.0229 2388 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
2011/02/28 16:10:17.0253 2388 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
2011/02/28 16:10:17.0285 2388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 16:10:17.0326 2388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/28 16:10:17.0357 2388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 16:10:17.0554 2388 ================================================================================
2011/02/28 16:10:17.0554 2388 Scan finished
2011/02/28 16:10:17.0554 2388 ================================================================================
2011/02/28 16:10:17.0565 4584 Detected object count: 1
2011/02/28 16:10:25.0509 4584 Locked file(sptd) - User select action: Skip
2011/02/28 16:15:42.0104 3984 Deinitialize success



Malwarebytes Anti-Malware Log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5892

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28-2-2011 16:17:29
mbam-log-2011-02-28 (16-17-29).txt

Scan type: Quick scan
Objects scanned: 208034
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




So as I can make up from it they don't find any threat, I've also ran a NIS 2011 Quick Scan to see if Norton finds him and he doesn't. Does this mean the rootkit has been succesfully killed??
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#6 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 28 February 2011 - 10:22 AM

Oops sorry I was stupid to forget updating the Malwarebytes database.
He downloaded the update and I did a quick scan again.

Here it is:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5905

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28-2-2011 16:22:16
mbam-log-2011-02-28 (16-22-16).txt

Scan type: Quick scan
Objects scanned: 208139
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Thank you for helping me!
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:49 AM

Posted 28 February 2011 - 10:53 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 28 February 2011 - 02:42 PM

Thanks for your help!

The ESET scan takes quite a while to scan everything. I let my computer powered on tonight (1+GMT here) and will report back tomorrow with the scan log.
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:49 AM

Posted 28 February 2011 - 02:43 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 01 March 2011 - 12:29 PM

Hello quietman7,

It's here right now 6:03 PM and I have let the scan run for about 19 hours. It was most of his time scanning my .iso files. I have an amount of about 2TB of .iso files on my harddisk (exisitng of games and software etc..) and what other software like Malwarebytes Anti-Malware and NIS 2011 do not do is what ESET does: scanning the whole .iso and not skipping it (I guess they Malwarebytes and NIS do that). I'm not a learned Anti Virus/Malware expert like you, but I know from my own experience that when anti virus software says you have a virus in the crack/keygen of your game; so in this case the .iso file it's just not true and a false positive. Of course their can always be a infection in it, but I check carefully what I download and delete something immediately if it looks suspecting. Of 90% of what ESET found on my data disks I am 100% sure these are false positives. ESET is now deleting this .iso files probably so I have managed to make the damage for me as little as possible because I do not want to lose games and applications.

Don't understand me wrong that I think you don't give me the best advice: I know it is the best I can do to delete any "possible" risk there is including the probabilty of (they may be infected) false positive cracks and keygens of my downloaded stuff. However, I do not want to let the computer powered on for days like it goes with this speed and lose my iso's as well in that case.

I have of course let him scan the whole "C:" drive to make sure system (files) are not being infected and he deleted some problems. I skipped accidently the log part of my first scan and closed ESET. However, I can make screenshots of my quarantine:

Posted Image

Don't know if you can do anything with it, because it are only file names and not names of threats. Anyways, I don't know how to get a log but in the second scan (see under) he didn't find any problems at the C: disk anymore.

Also the latest log:
(It scanned about 930.000 files and was doing it in 19 hours 30 minutes! <_< )


E:\TEH-Overige-[31-5-2010]-TEHDATAIV\MS-OFFICE-07&10\OFFICE_2007_ENTERPRISE_TehM1ZZL3\Vista Tools\Vista Manager v1.17\NOD32_Antivirus_System_2.70.37.rar Win32/HackAV.G application
E:\TEH-Spellen-[31-5-2010]-TEHDATAIV\De Sims 2 DVD\rzr-sim3.iso probably a variant of Win32/Hupigon.CJKIBCX trojan
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\BackUpESE.T_origin.rar multiple threats
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\BoxFix_origin.rar Win32/HackAV.DN application
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\ESET4 Box4EVER_v4.30A.exe Win32/HackAV.DN application
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\LimeWire_Pro_5.2.8_Final.rar.part IRC/SdBot trojan
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\MaraBackup_origin.rar Win32/HackAV.EG application
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\N.Internet.S.2010.17.0.0.45.rar Win32/Packed.Autoit.E.Gen application
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\Vista_Manager_3.0.3.rar a variant of Win32/Injector.CRM trojan
E:\TEH-VISTA-DATA-(1)-[31-5-10]\Downloads\Fixes\box-fix 4.30A (RECOMMENDED)\ESET4 Box4EVER_v4.30A.exe Win32/HackAV.DN application
E:\TEHM1ZZL3-PC\Backup Set 2011-02-27 125613\Backup Files 2011-02-27 125613\Backup files 141.zip a variant of Win32/HackTool.CheatEngine.AB application
E:\TEHM1ZZL3-PC\Backup Set 2011-02-27 125613\Backup Files 2011-02-27 125613\Backup files 142.zip multiple threats
E:\TEHM1ZZL3-PC\Backup Set 2011-02-27 125613\Backup Files 2011-02-27 125613\Backup files 23.zip probably a variant of Win32/Agent.RPSVWU trojan
E:\TEHM1ZZL3-PC\Backup Set 2011-02-27 125613\Backup Files 2011-02-27 125613\Backup files 25.zip a variant of Win32/MessengerPlus application
F:\CheckUSB.exe a variant of MSIL/Injector.CD trojan
F:\GAMEFOLDER_INDEX-[2011]\Assassins.Creed.2\sr-acii.iso multiple threats
F:\GAMEFOLDER_INDEX-[2011]\DATAIII_UNINDEXED\3DDrivingSchool\Multilanguage50.exe a variant of MSIL/TrojanDropper.Agent.H trojan
F:\GAMEFOLDER_INDEX-[2011]\DATAIII_UNINDEXED\rld-s3e3.part001.rar\rld-s3e3.iso probably a variant of Win32/Inject.DRPQNKD trojan
F:\GAMEFOLDER_INDEX-[2011]\FIFA.09\Fifa 09 - Multilanguage.iso probably a variant of Win32/Obfuscated.JJEZGMV trojan
F:\GAMEFOLDER_INDEX-[2011]\Mercenaries.II.World.In.Flames\rld-mrc2.iso probably a variant of Win32/Adware.Agent.GOYMCER application
F:\GAMEFOLDER_INDEX-[2011]\Sim.City.Societies.Destinations\Simcity Societies Destinations EP.iso probably a variant of Win32/Adware.Agent.NALVIDB application
F:\GAMEFOLDER_INDEX-[2011]\The.Sims.3.RZR\rzr-sim3.iso probably a variant of Win32/Hupigon.CJKIBCX trojan
G:\CheckUSB.exe a variant of MSIL/Injector.CD trojan
G:\DOWNLOADS\Spellen\Fifa.09.PCDVD.MULTI5.[www.UsaBit.com]\Fifa 09 - Multilanguage.iso probably a variant of Win32/Obfuscated.JJEZGMV trojan
G:\DOWNLOADS\Spellen\Need for Speed Carbon Collectors Edition Razor1911 [h33t cracked PC DVD IMAGE]\rzr-nfsc.iso probably a variant of Win32/Agent.KUNSSGB trojan
G:\DOWNLOADS\Spellen\Test drive\Test Drive Unlimited.iso probably a variant of Win32/Genetik trojan
G:\DOWNLOADS\USBBACKUP\De_Sims_3\2.The.Sims.3\Test Drive Unlimited.iso probably a variant of Win32/Genetik trojan
G:\TMZ-DATA-[21-4-2010]\Tuneup.Utilities.2010.V9.0.2000.16.Incl.Serial.rar probably a variant of Win32/Injector.BYZ trojan
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\Assassins Creed II SKIDROW.par2\sr-acii.iso multiple threats
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\Flight Simulator X Acceleration.nfo-1\Flight Simulator X Acceleration\enigma-msfxaccelexp.iso probably a variant of Win32/Agent.FXTGEAD trojan
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\Microsoft Flight Simulator FSX Traffic X Just Flight.nfo\Microsoft Flight Simulator FSX Traffic X Just Flight\sr-msftx.iso probably a variant of Win32/Agent.FXTGEAD trojan
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\sr-bm2p.par2\sr-bm2p.iso probably a variant of Win32/Inject.KXLECCO trojan
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\sr-tcscc.par2\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan
G:\TMZ-DATA-[21-4-2010]\SABNZBDDATACOM\VB Decompiler Pro 7.9.par2\setup.exe a variant of Win32/Injector.DEE trojan
H:\$RECYCLE.BIN\S-1-5-21-194789210-871825398-1821019218-1001\$RTWSKIX.par2\HAWX2_Epidemz.NET.iso a variant of Win32/Injector.EPH trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\Bulletstorm.Proper-SKIDROW__www.realmom.info__.nfo\sr-bustm.iso a variant of Win32/Packed.VMProtect.AAA trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\crysis.2.beta.multi.5.readnfo-p2p.nfo\crysis.2.beta.multi.5.readnfo-p2p.iso a variant of Win32/Injector.EPV trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\_FAILED_3DMark Vantage Zulake Complete.par2\3DMark Vantage Zulake Complete.rar Win32/TrojanDownloader.Delf.OXE trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\_FAILED_3DMark Vantage Zulake Complete.par2\3DMark_Vantage_v101_hotfix_installer.exe Win32/TrojanDownloader.Delf.OXE trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\_FAILED_3DMark Vantage Zulake Complete.par2\3DMark_Vantage_v101_installer.exe Win32/TrojanDownloader.Delf.OXE trojan
H:\TEH_SABNZBD_DOWNLOAD_[19-2-2011]\_FAILED_3DMark Vantage Zulake Complete.par2\setup.exe Win32/TrojanDownloader.Delf.OXE trojan
I:\Teh-ARCHIVE-[21-1-2011]\27-7-09 - VISTA - RESTEREND\Users\Julian\Desktop\Alles\faXcooL - First Aid.exe a variant of Win32/Keygen.AR application
I:\Teh-ARCHIVE-[21-1-2011]\27-7-09 - VISTA - RESTEREND\Users\Julian\Documents\Sims3.iso multiple threats
I:\Teh-ARCHIVE-[21-1-2011]\SITEBACKUP2522011\office.rar Win32/HackKMS.A application
I:\Teh-DOWNLOADS-MEGAUPLOAD-(1)-[25-10-2009]\rld-dirt2\NIS10TBEN_KEY.rar Win32/Packed.Autoit.E.Gen application
I:\Teh-DOWNLOADS-MEGAUPLOAD-(1)-[25-10-2009]\simciyu\Simcity.Societies.Deluxe_by_ALJ-Badboy_www.therebels\rld-scsd.iso probably a variant of Win32/Adware.Agent.NALVIDB application


When I looked at the screen this morning Norton found the 3 threats in it's auto scan. When I came back from school this afternoon and clicked "scan again" he said "No files infected your status" or something like that and "Files succesfully removed". I think it's still not really out of my MBR yet.

I can also try the Windows 7 disc and then recovery environment to run certain commands that may reset the MBR with a fresh copy. However, I have 6 the same samsung harddrives of 500 gigs so I didn't try it yet because of being afraid selecting the wrong disk and wiping my files with a wrong format. Because they are all in the BIOS like SAMSUNGL9128 500GB <- Just an example don't know the exact code.

If this may mean you cannot help me anymore because I haven't completed the whole scan and (or) you are not able (or willing) to help me to repair something at lower levels I can understand that fully.
When you could help me with a next step that would be great!

Regards,
Julian

Edited by TehM1ZZL3, 01 March 2011 - 12:32 PM.

Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:49 AM

Posted 01 March 2011 - 01:29 PM

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
Further, it is not unusual for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab, .rar, .jar, .iso, and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them.

Without submitting samples to the Eset lab I cannot confirm whether the detections are "false positives or an actual threat."

In the event that your ESET security product has quarantined a file you know to be safe, the file must be excluded from the Real-time and On-demand scanner...

How do I restore a quarantined file?

-- The above link also provides instructions on how to send quarantined files to ESET for analysis as a possible false positive.

All infiltrations and infected files are moved into the quarantine by default. Files in quarantine no longer represent a threat for your computer, because they are reliably isolated from all parts of the operating system. The user can choose either to restore selected files or delete the quarantine.

Why are infected files in quarantine after the scan?


I think it's still not really out of my MBR yet.

I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing. If you want a more detailed look at your system, then more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 01 March 2011 - 02:21 PM

Okay many thanks for your help and the time you spent helping me, I really appreciate that!

I'll post in that section the required logs. After that I will post the link back here.
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#13 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:10:49 AM

Posted 01 March 2011 - 04:16 PM

http://www.bleepingcomputer.com/forums/topic382394.html

Here I have posted a new topic. Thanks.
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 01 March 2011 - 04:16 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic382394.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users