Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"All programs" menu empty, System restore not working


  • Please log in to reply
11 replies to this topic

#1 bugerit

bugerit

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 25 March 2011 - 11:10 AM

Hi,

A horrible virus took over our computer in a period of about 30 mins this morning. Icons began disappearing from the desktop and the 'All Programs' menu in the "Start" menu emptied, and the task manager stopped working- stating only an administrator could open it. I ran Malwarebytes in safe mode, which seems to have found a trojan downloader and a number of other nasties and cleared them all up, but we still have the following problems:

1. The "All programs" menu in the "Start" is empty
2. When I open Windows Explored and look at the 'My Computer' folder then 'Local Disk (C:)', the folder is empty
3. System restore won't work- I tried using the command prompt in safe mode C:\windows\system32\restore\rstrui.exe, and get the message 'System restore is unable to protect your computer, Please restart your computer and try again'. After restarting, no change. I have tried using the "system restore enable' from www.kellys-korner-xp.com, but no joy
4. Malwarebytes won't update- it says 'An error has occured. Please report his error code to our support team. PROGRAM_ERROR_UPDATING (5, 0, Create file). Access is denied.' Sophos, Malwarebytes and spybot all either freeze or close during scanning in normal mode- they can only be used in safe mode (this part is not a new problem), but only Malwarebytes is currently visible in safe mode.

On the plus side, task manager is working again thanks to Kellys-Korner-xp.com.

I've searched though the forums and can't find anyone who's had exactly the same problems. Sorry, I know you say to only list one problem in each topic but they all seem interrelated so I thought it might help to post them all together.

I wonder if I could get the 'system restore' to work, all my problems may be solved? Maybe?

Please help!

Edited by hamluis, 25 March 2011 - 12:11 PM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Rich41

Rich41

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 31 March 2011 - 07:15 PM

I have this exact same problem, can anyone help??

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 31 March 2011 - 10:28 PM

Hello, please run these next. It may take several tools and scans. Update me after each scan on improvements.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Please follow our Removal Guide here This One .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Rich41

Rich41

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 02 April 2011 - 06:40 AM

I downloaded the TDSSKiller, extracted it, changed the file name and extension just as you described and it will not open. What should I do now?

Thanks for your help.

#5 river58

river58

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 02 April 2011 - 09:49 AM

go to www.malwarebytes.org and download malwarebytes to update it

Edited by river58, 02 April 2011 - 10:08 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 02 April 2011 - 09:51 AM

Try renaming it iExplore.exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bugerit

bugerit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 03 April 2011 - 09:24 AM

Thank you so much for replying!

I've run TDSSKiller again, it didn't find anything this time, however I had run it twice before (since the initial infection) and the first time it did find something (I followed the 'cure' and restarting commads). I've included all three logs, plus the rkill log.
I'm adding these now, as to run Malwarebytes I'll have to restart the computrer in safe mode and I'm afraid I'll never find the reports to post to you again!

First TDSSKiller run:
11/03/21 11:48:35.0812 4852 ================================================================================
2011/03/21 11:48:35.0812 4852 SystemInfo:
2011/03/21 11:48:35.0812 4852
2011/03/21 11:48:35.0812 4852 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/21 11:48:35.0812 4852 Product type: Workstation
2011/03/21 11:48:35.0812 4852 ComputerName: ASUS
2011/03/21 11:48:35.0812 4852 UserName: Andrew
2011/03/21 11:48:35.0812 4852 Windows directory: C:\WINDOWS
2011/03/21 11:48:35.0812 4852 System windows directory: C:\WINDOWS
2011/03/21 11:48:35.0812 4852 Processor architecture: Intel x86
2011/03/21 11:48:35.0812 4852 Number of processors: 2
2011/03/21 11:48:35.0812 4852 Page size: 0x1000
2011/03/21 11:48:35.0812 4852 Boot type: Normal boot
2011/03/21 11:48:35.0812 4852 ================================================================================
2011/03/21 11:48:36.0031 4852 Initialize success
2011/03/21 11:48:47.0265 2364 ================================================================================
2011/03/21 11:48:47.0265 2364 Scan started
2011/03/21 11:48:47.0265 2364 Mode: Manual;
2011/03/21 11:48:47.0265 2364 ================================================================================
2011/03/21 11:48:48.0640 2364 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/21 11:48:48.0687 2364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/21 11:48:48.0968 2364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/21 11:48:49.0156 2364 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/21 11:48:50.0375 2364 AR5211 (11e06a22fe32f90ca92240e4556a6a5c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/03/21 11:48:50.0453 2364 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/21 11:48:51.0187 2364 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/03/21 11:48:51.0281 2364 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
2011/03/21 11:48:51.0500 2364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/21 11:48:51.0578 2364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/21 11:48:51.0671 2364 AtcL001 (cf63c4060f86350feb84555aef80ef6d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
2011/03/21 11:48:51.0953 2364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/21 11:48:52.0125 2364 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/03/21 11:48:52.0265 2364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/21 11:48:52.0312 2364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/21 11:48:52.0578 2364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/21 11:48:52.0656 2364 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/21 11:48:53.0015 2364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/21 11:48:53.0046 2364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/21 11:48:53.0078 2364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/21 11:48:53.0265 2364 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/03/21 11:48:53.0375 2364 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/21 11:48:54.0234 2364 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/21 11:48:54.0640 2364 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/03/21 11:48:54.0718 2364 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/03/21 11:48:55.0421 2364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/21 11:48:55.0687 2364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/21 11:48:55.0906 2364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/21 11:48:55.0921 2364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/21 11:48:56.0093 2364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/21 11:48:56.0250 2364 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/21 11:48:56.0468 2364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/21 11:48:56.0625 2364 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/03/21 11:48:56.0875 2364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/21 11:48:57.0078 2364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/21 11:48:57.0265 2364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/21 11:48:57.0406 2364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/21 11:48:57.0484 2364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/21 11:48:57.0515 2364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/21 11:48:57.0546 2364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/21 11:48:57.0671 2364 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/21 11:48:57.0906 2364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/21 11:48:58.0062 2364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/21 11:48:58.0203 2364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/21 11:48:58.0609 2364 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/21 11:48:58.0734 2364 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/21 11:48:58.0890 2364 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/21 11:48:59.0031 2364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/21 11:48:59.0218 2364 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/21 11:48:59.0671 2364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/21 11:48:59.0968 2364 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/21 11:49:00.0359 2364 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/03/21 11:49:00.0531 2364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/21 11:49:01.0015 2364 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/21 11:49:01.0468 2364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/21 11:49:01.0578 2364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/21 11:49:01.0625 2364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/21 11:49:01.0750 2364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/21 11:49:01.0921 2364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/21 11:49:02.0171 2364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/21 11:49:02.0328 2364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/21 11:49:02.0546 2364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/21 11:49:02.0656 2364 ItSDisk (688ed8395afe5ed7bb881a6134609dd9) C:\WINDOWS\system32\Drivers\ItSDisk.sys
2011/03/21 11:49:02.0859 2364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/21 11:49:03.0062 2364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/21 11:49:03.0171 2364 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
2011/03/21 11:49:03.0375 2364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/21 11:49:03.0562 2364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/21 11:49:03.0750 2364 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/03/21 11:49:03.0890 2364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/21 11:49:04.0093 2364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/21 11:49:04.0234 2364 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/21 11:49:04.0437 2364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/21 11:49:04.0593 2364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/21 11:49:04.0828 2364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/21 11:49:05.0218 2364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/21 11:49:05.0359 2364 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/21 11:49:05.0609 2364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/21 11:49:05.0781 2364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/21 11:49:05.0984 2364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/21 11:49:06.0125 2364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/21 11:49:06.0234 2364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/21 11:49:06.0421 2364 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/21 11:49:06.0546 2364 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/03/21 11:49:06.0734 2364 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/21 11:49:06.0906 2364 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/21 11:49:07.0125 2364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/21 11:49:07.0328 2364 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/21 11:49:07.0546 2364 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/21 11:49:07.0718 2364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/21 11:49:07.0906 2364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/21 11:49:08.0046 2364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/21 11:49:08.0250 2364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/21 11:49:08.0515 2364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/21 11:49:08.0750 2364 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/21 11:49:08.0953 2364 npapimon (e1254989c34fac31b06b36fb99dbb428) C:\WINDOWS\system32\drivers\npapimon.sys
2011/03/21 11:49:09.0593 2364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/21 11:49:09.0812 2364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/21 11:49:09.0906 2364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/21 11:49:10.0015 2364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/21 11:49:10.0046 2364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/21 11:49:10.0265 2364 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/21 11:49:10.0437 2364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/21 11:49:10.0609 2364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/21 11:49:10.0656 2364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/21 11:49:10.0859 2364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/21 11:49:11.0187 2364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/21 11:49:11.0375 2364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/21 11:49:12.0718 2364 PersonalSecureDrive (3c0402947c87f48165798f86c6d32877) C:\WINDOWS\System32\drivers\psd.sys
2011/03/21 11:49:12.0937 2364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/21 11:49:13.0093 2364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/21 11:49:13.0125 2364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/21 11:49:13.0265 2364 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/21 11:49:14.0390 2364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/21 11:49:14.0796 2364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/21 11:49:14.0828 2364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/21 11:49:15.0031 2364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/21 11:49:15.0062 2364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/21 11:49:15.0234 2364 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/21 11:49:15.0453 2364 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/21 11:49:15.0687 2364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/21 11:49:15.0812 2364 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/21 11:49:15.0968 2364 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/21 11:49:16.0093 2364 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/21 11:49:16.0281 2364 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/03/21 11:49:16.0437 2364 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/03/21 11:49:16.0546 2364 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/21 11:49:16.0703 2364 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
2011/03/21 11:49:16.0890 2364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/21 11:49:17.0046 2364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/21 11:49:17.0250 2364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/21 11:49:17.0625 2364 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/21 11:49:18.0281 2364 smimnsra.dll (6d5e5156cba135cef69000c2efbf062b) C:\WINDOWS\system32\smimnsra.dll
2011/03/21 11:49:18.0515 2364 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/03/21 11:49:18.0765 2364 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/03/21 11:49:19.0015 2364 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/03/21 11:49:19.0437 2364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/21 11:49:19.0640 2364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/21 11:49:19.0921 2364 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/21 11:49:20.0125 2364 ssdiagn (bd53b000b5f436a84fb43afb6433c10b) C:\WINDOWS\system32\drivers\ssdiagn.sys
2011/03/21 11:49:20.0312 2364 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/21 11:49:20.0562 2364 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/21 11:49:20.0781 2364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/21 11:49:20.0953 2364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/21 11:49:22.0062 2364 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/21 11:49:22.0296 2364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/21 11:49:22.0437 2364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/21 11:49:22.0656 2364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/21 11:49:22.0859 2364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/21 11:49:23.0093 2364 TermDD (c60d55b5276c589e75cde7c8c628a210) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/21 11:49:23.0093 2364 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c60d55b5276c589e75cde7c8c628a210, Fake md5: 88155247177638048422893737429d9e
2011/03/21 11:49:23.0109 2364 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/21 11:49:23.0515 2364 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/21 11:49:23.0703 2364 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/21 11:49:23.0859 2364 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/21 11:49:24.0015 2364 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/21 11:49:24.0187 2364 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/21 11:49:24.0375 2364 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/21 11:49:24.0937 2364 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/21 11:49:25.0203 2364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/21 11:49:25.0484 2364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/21 11:49:25.0671 2364 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/21 11:49:25.0875 2364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/21 11:49:25.0968 2364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/21 11:49:26.0140 2364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/21 11:49:26.0328 2364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/21 11:49:26.0500 2364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/21 11:49:26.0671 2364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/21 11:49:26.0843 2364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/21 11:49:26.0953 2364 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/21 11:49:27.0125 2364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/21 11:49:27.0562 2364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/21 11:49:27.0984 2364 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/03/21 11:49:28.0515 2364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/21 11:49:28.0937 2364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/21 11:49:29.0156 2364 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/21 11:49:29.0218 2364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/21 11:49:29.0390 2364 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/03/21 11:49:29.0609 2364 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/21 11:49:29.0796 2364 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/21 11:49:29.0953 2364 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/21 11:49:30.0125 2364 ================================================================================
2011/03/21 11:49:30.0125 2364 Scan finished
2011/03/21 11:49:30.0125 2364 ================================================================================
2011/03/21 11:49:30.0140 3192 Detected object count: 1
2011/03/21 11:49:52.0640 3192 TermDD (c60d55b5276c589e75cde7c8c628a210) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/21 11:49:52.0640 3192 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c60d55b5276c589e75cde7c8c628a210, Fake md5: 88155247177638048422893737429d9e
2011/03/21 11:49:54.0515 3192 Backup copy found, using it..
2011/03/21 11:49:54.0546 3192 C:\WINDOWS\system32\DRIVERS\termdd.sys - will be cured after reboot
2011/03/21 11:49:54.0546 3192 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure
2011/03/21 11:50:03.0515 1540 Deinitialize success


Second TDSSKILLER run:
11/03/26 09:09:20.0718 4168 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/26 09:09:20.0984 4168 ================================================================================
2011/03/26 09:09:20.0984 4168 SystemInfo:
2011/03/26 09:09:20.0984 4168
2011/03/26 09:09:20.0984 4168 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/26 09:09:20.0984 4168 Product type: Workstation
2011/03/26 09:09:20.0984 4168 ComputerName: ASUS
2011/03/26 09:09:20.0984 4168 UserName: Andrew
2011/03/26 09:09:20.0984 4168 Windows directory: C:\WINDOWS
2011/03/26 09:09:20.0984 4168 System windows directory: C:\WINDOWS
2011/03/26 09:09:20.0984 4168 Processor architecture: Intel x86
2011/03/26 09:09:20.0984 4168 Number of processors: 2
2011/03/26 09:09:20.0984 4168 Page size: 0x1000
2011/03/26 09:09:20.0984 4168 Boot type: Normal boot
2011/03/26 09:09:20.0984 4168 ================================================================================
2011/03/26 09:09:21.0406 4168 Initialize success
2011/03/26 09:09:34.0250 5540 ================================================================================
2011/03/26 09:09:34.0250 5540 Scan started
2011/03/26 09:09:34.0250 5540 Mode: Manual;
2011/03/26 09:09:34.0250 5540 ================================================================================
2011/03/26 09:09:35.0734 5540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/26 09:09:35.0796 5540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/26 09:09:36.0078 5540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/26 09:09:36.0281 5540 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/26 09:09:37.0421 5540 AR5211 (11e06a22fe32f90ca92240e4556a6a5c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/03/26 09:09:37.0718 5540 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/26 09:09:38.0406 5540 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/03/26 09:09:38.0515 5540 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
2011/03/26 09:09:38.0718 5540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/26 09:09:38.0796 5540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/26 09:09:38.0890 5540 AtcL001 (cf63c4060f86350feb84555aef80ef6d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
2011/03/26 09:09:39.0203 5540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/26 09:09:39.0375 5540 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/03/26 09:09:39.0562 5540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/26 09:09:39.0656 5540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/26 09:09:39.0968 5540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/26 09:09:40.0062 5540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/26 09:09:40.0421 5540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/26 09:09:40.0453 5540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/26 09:09:40.0500 5540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/26 09:09:40.0718 5540 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/03/26 09:09:40.0812 5540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/26 09:09:41.0203 5540 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/26 09:09:41.0562 5540 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/03/26 09:09:41.0687 5540 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/03/26 09:09:42.0453 5540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/26 09:09:42.0703 5540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/26 09:09:42.0968 5540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/26 09:09:43.0031 5540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/26 09:09:43.0203 5540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/26 09:09:43.0343 5540 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/26 09:09:43.0656 5540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/26 09:09:43.0812 5540 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/03/26 09:09:44.0046 5540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/26 09:09:44.0296 5540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/26 09:09:44.0890 5540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/26 09:09:45.0062 5540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/26 09:09:45.0171 5540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/26 09:09:45.0203 5540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/26 09:09:45.0250 5540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/26 09:09:45.0375 5540 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/26 09:09:45.0593 5540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/26 09:09:45.0734 5540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/26 09:09:45.0921 5540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/26 09:09:46.0312 5540 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/26 09:09:46.0468 5540 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/26 09:09:46.0656 5540 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/26 09:09:46.0843 5540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/26 09:09:47.0046 5540 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/26 09:09:47.0484 5540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/26 09:09:47.0796 5540 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/26 09:09:48.0203 5540 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/03/26 09:09:48.0406 5540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/26 09:09:48.0890 5540 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/26 09:09:49.0375 5540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/26 09:09:49.0484 5540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/26 09:09:49.0546 5540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/26 09:09:49.0703 5540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/26 09:09:49.0906 5540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/26 09:09:50.0140 5540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/26 09:09:50.0296 5540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/26 09:09:50.0562 5540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/26 09:09:50.0687 5540 ItSDisk (688ed8395afe5ed7bb881a6134609dd9) C:\WINDOWS\system32\Drivers\ItSDisk.sys
2011/03/26 09:09:50.0890 5540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/26 09:09:51.0062 5540 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/26 09:09:51.0187 5540 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
2011/03/26 09:09:51.0406 5540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/26 09:09:51.0609 5540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/26 09:09:51.0812 5540 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/03/26 09:09:53.0171 5540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/26 09:09:53.0453 5540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/26 09:09:53.0578 5540 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/26 09:09:53.0781 5540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/26 09:09:53.0921 5540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/26 09:09:54.0125 5540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/26 09:09:54.0531 5540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/26 09:09:54.0687 5540 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/26 09:09:54.0953 5540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/26 09:09:55.0125 5540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/26 09:09:55.0312 5540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/26 09:09:55.0468 5540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/26 09:09:55.0593 5540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/26 09:09:55.0796 5540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/26 09:09:55.0921 5540 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/03/26 09:09:56.0125 5540 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/26 09:09:56.0484 5540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/26 09:09:56.0718 5540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/26 09:09:56.0937 5540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/26 09:09:57.0140 5540 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/26 09:09:57.0328 5540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/26 09:09:57.0546 5540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/26 09:09:57.0687 5540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/26 09:09:57.0921 5540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/26 09:09:58.0140 5540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/26 09:09:58.0359 5540 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/26 09:09:58.0593 5540 npapimon (e1254989c34fac31b06b36fb99dbb428) C:\WINDOWS\system32\drivers\npapimon.sys
2011/03/26 09:09:58.0812 5540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/26 09:09:59.0031 5540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/26 09:09:59.0109 5540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/26 09:09:59.0218 5540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/26 09:09:59.0296 5540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/26 09:09:59.0546 5540 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/26 09:10:00.0093 5540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/26 09:10:00.0343 5540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/26 09:10:00.0390 5540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/26 09:10:00.0578 5540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/26 09:10:00.0875 5540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/26 09:10:01.0093 5540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/26 09:10:02.0406 5540 PersonalSecureDrive (3c0402947c87f48165798f86c6d32877) C:\WINDOWS\System32\drivers\psd.sys
2011/03/26 09:10:02.0656 5540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/26 09:10:02.0875 5540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/26 09:10:02.0906 5540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/26 09:10:03.0093 5540 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/26 09:10:04.0125 5540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/26 09:10:04.0500 5540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/26 09:10:04.0531 5540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/26 09:10:04.0734 5540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/26 09:10:04.0812 5540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/26 09:10:05.0062 5540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/26 09:10:05.0250 5540 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/26 09:10:05.0484 5540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/26 09:10:05.0656 5540 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/26 09:10:05.0796 5540 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/26 09:10:05.0921 5540 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/26 09:10:06.0109 5540 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/03/26 09:10:06.0312 5540 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/03/26 09:10:06.0468 5540 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/26 09:10:06.0671 5540 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
2011/03/26 09:10:06.0859 5540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/26 09:10:07.0062 5540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/26 09:10:07.0281 5540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/26 09:10:07.0687 5540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/26 09:10:08.0281 5540 smimnsra.dll (6d5e5156cba135cef69000c2efbf062b) C:\WINDOWS\system32\smimnsra.dll
2011/03/26 09:10:08.0500 5540 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/03/26 09:10:08.0781 5540 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/03/26 09:10:09.0078 5540 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/03/26 09:10:09.0468 5540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/26 09:10:09.0656 5540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/26 09:10:09.0875 5540 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/26 09:10:10.0078 5540 ssdiagn (bd53b000b5f436a84fb43afb6433c10b) C:\WINDOWS\system32\drivers\ssdiagn.sys
2011/03/26 09:10:10.0296 5540 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/26 09:10:10.0546 5540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/26 09:10:10.0734 5540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/26 09:10:10.0906 5540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/26 09:10:11.0890 5540 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/26 09:10:12.0078 5540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/26 09:10:12.0234 5540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/26 09:10:12.0468 5540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/26 09:10:12.0625 5540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/26 09:10:12.0828 5540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/26 09:10:13.0203 5540 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/26 09:10:13.0390 5540 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/26 09:10:13.0593 5540 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/26 09:10:13.0781 5540 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/26 09:10:13.0968 5540 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/26 09:10:14.0156 5540 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/26 09:10:14.0296 5540 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/26 09:10:14.0562 5540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/26 09:10:14.0843 5540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/26 09:10:15.0484 5540 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/26 09:10:15.0687 5540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/26 09:10:15.0796 5540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/26 09:10:15.0968 5540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/26 09:10:16.0140 5540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/26 09:10:16.0328 5540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/26 09:10:16.0546 5540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/26 09:10:16.0718 5540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/26 09:10:16.0828 5540 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/26 09:10:17.0031 5540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/26 09:10:17.0421 5540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/26 09:10:17.0843 5540 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/03/26 09:10:18.0343 5540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/26 09:10:18.0750 5540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/26 09:10:19.0000 5540 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/26 09:10:19.0109 5540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/26 09:10:19.0312 5540 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/03/26 09:10:19.0515 5540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/26 09:10:19.0734 5540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/26 09:10:19.0921 5540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/26 09:10:20.0109 5540 ================================================================================
2011/03/26 09:10:20.0125 5540 Scan finished
2011/03/26 09:10:20.0125 5540 ================================================================================
2011/03/26 09:10:29.0031 6024 Deinitialize success


Third TDSSKiller run:
11/04/03 15:02:56.0921 4248 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 15:02:57.0125 4248 ================================================================================
2011/04/03 15:02:57.0125 4248 SystemInfo:
2011/04/03 15:02:57.0125 4248
2011/04/03 15:02:57.0125 4248 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/03 15:02:57.0125 4248 Product type: Workstation
2011/04/03 15:02:57.0125 4248 ComputerName: ASUS
2011/04/03 15:02:57.0140 4248 UserName: Andrew
2011/04/03 15:02:57.0140 4248 Windows directory: C:\WINDOWS
2011/04/03 15:02:57.0140 4248 System windows directory: C:\WINDOWS
2011/04/03 15:02:57.0140 4248 Processor architecture: Intel x86
2011/04/03 15:02:57.0140 4248 Number of processors: 2
2011/04/03 15:02:57.0140 4248 Page size: 0x1000
2011/04/03 15:02:57.0140 4248 Boot type: Normal boot
2011/04/03 15:02:57.0140 4248 ================================================================================
2011/04/03 15:02:57.0468 4248 Initialize success
2011/04/03 15:03:26.0234 4800 ================================================================================
2011/04/03 15:03:26.0234 4800 Scan started
2011/04/03 15:03:26.0234 4800 Mode: Manual;
2011/04/03 15:03:26.0234 4800 ================================================================================
2011/04/03 15:03:27.0406 4800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/03 15:03:27.0468 4800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/03 15:03:27.0718 4800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/03 15:03:27.0906 4800 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/03 15:03:29.0843 4800 AR5211 (11e06a22fe32f90ca92240e4556a6a5c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/04/03 15:03:30.0078 4800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/03 15:03:30.0750 4800 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/04/03 15:03:30.0859 4800 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
2011/04/03 15:03:31.0062 4800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/03 15:03:31.0140 4800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/03 15:03:31.0234 4800 AtcL001 (cf63c4060f86350feb84555aef80ef6d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
2011/04/03 15:03:31.0531 4800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/03 15:03:31.0718 4800 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/04/03 15:03:31.0921 4800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/03 15:03:31.0984 4800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/03 15:03:32.0218 4800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/03 15:03:32.0296 4800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/03 15:03:32.0625 4800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/03 15:03:32.0671 4800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/03 15:03:32.0703 4800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/03 15:03:32.0890 4800 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/04/03 15:03:33.0000 4800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/03 15:03:33.0390 4800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/03 15:03:33.0734 4800 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/03 15:03:33.0843 4800 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/03 15:03:34.0515 4800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/03 15:03:34.0781 4800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/03 15:03:35.0046 4800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/03 15:03:35.0109 4800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/03 15:03:35.0281 4800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/03 15:03:35.0406 4800 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/03 15:03:35.0656 4800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/03 15:03:35.0828 4800 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/04/03 15:03:36.0078 4800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/03 15:03:36.0265 4800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/03 15:03:36.0500 4800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/03 15:03:36.0640 4800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/03 15:03:36.0750 4800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/03 15:03:36.0796 4800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/03 15:03:36.0843 4800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/03 15:03:36.0984 4800 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/03 15:03:37.0218 4800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/03 15:03:37.0359 4800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/03 15:03:37.0531 4800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/03 15:03:37.0921 4800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/03 15:03:38.0078 4800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/03 15:03:38.0265 4800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/03 15:03:38.0437 4800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/03 15:03:38.0640 4800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/03 15:03:39.0062 4800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/03 15:03:39.0390 4800 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/03 15:03:39.0796 4800 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/04/03 15:03:39.0984 4800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/03 15:03:40.0453 4800 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/03 15:03:40.0937 4800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/03 15:03:41.0046 4800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/03 15:03:41.0109 4800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/03 15:03:41.0250 4800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/03 15:03:41.0437 4800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/03 15:03:41.0671 4800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/03 15:03:41.0828 4800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/03 15:03:42.0078 4800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/03 15:03:42.0203 4800 ItSDisk (688ed8395afe5ed7bb881a6134609dd9) C:\WINDOWS\system32\Drivers\ItSDisk.sys
2011/04/03 15:03:42.0437 4800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/03 15:03:42.0593 4800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/03 15:03:42.0718 4800 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
2011/04/03 15:03:42.0937 4800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/03 15:03:43.0125 4800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/03 15:03:43.0328 4800 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/04/03 15:03:45.0062 4800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/03 15:03:45.0265 4800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/03 15:03:45.0390 4800 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/03 15:03:45.0578 4800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/03 15:03:45.0718 4800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/03 15:03:45.0921 4800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/03 15:03:46.0359 4800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/03 15:03:46.0500 4800 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/03 15:03:46.0718 4800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/03 15:03:46.0953 4800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/03 15:03:47.0125 4800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/03 15:03:47.0281 4800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/03 15:03:47.0390 4800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/03 15:03:47.0546 4800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/03 15:03:47.0703 4800 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/04/03 15:03:47.0890 4800 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/03 15:03:48.0265 4800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/03 15:03:48.0500 4800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/03 15:03:48.0718 4800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/03 15:03:48.0906 4800 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/03 15:03:49.0125 4800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/03 15:03:49.0296 4800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/03 15:03:49.0453 4800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/03 15:03:49.0687 4800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/03 15:03:49.0875 4800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/03 15:03:50.0078 4800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/03 15:03:50.0328 4800 npapimon (e1254989c34fac31b06b36fb99dbb428) C:\WINDOWS\system32\drivers\npapimon.sys
2011/04/03 15:03:50.0546 4800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/03 15:03:50.0750 4800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/03 15:03:50.0875 4800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/03 15:03:50.0953 4800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/03 15:03:51.0031 4800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/03 15:03:51.0250 4800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/03 15:03:51.0453 4800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/03 15:03:51.0625 4800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/03 15:03:51.0671 4800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/03 15:03:51.0890 4800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/03 15:03:52.0187 4800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/03 15:03:52.0421 4800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/03 15:03:53.0687 4800 PersonalSecureDrive (3c0402947c87f48165798f86c6d32877) C:\WINDOWS\System32\drivers\psd.sys
2011/04/03 15:03:53.0906 4800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/03 15:03:54.0078 4800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/03 15:03:54.0125 4800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/03 15:03:54.0312 4800 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/03 15:03:55.0343 4800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/03 15:03:55.0718 4800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/03 15:03:55.0750 4800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/03 15:03:55.0953 4800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/03 15:03:56.0046 4800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/03 15:03:56.0265 4800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/03 15:03:56.0484 4800 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/03 15:03:56.0703 4800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/03 15:03:56.0859 4800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/03 15:03:57.0015 4800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/03 15:03:57.0140 4800 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/03 15:03:57.0328 4800 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/03 15:03:57.0468 4800 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/03 15:03:57.0796 4800 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/04/03 15:03:58.0000 4800 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/04/03 15:03:58.0156 4800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/03 15:03:58.0359 4800 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
2011/04/03 15:03:58.0562 4800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/03 15:03:58.0765 4800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/03 15:03:58.0984 4800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/03 15:03:59.0375 4800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/03 15:03:59.0921 4800 smimnsra.dll (6d5e5156cba135cef69000c2efbf062b) C:\WINDOWS\system32\smimnsra.dll
2011/04/03 15:04:00.0531 4800 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/04/03 15:04:00.0812 4800 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/04/03 15:04:01.0109 4800 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/04/03 15:04:01.0484 4800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/03 15:04:01.0656 4800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/03 15:04:01.0859 4800 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/03 15:04:02.0078 4800 ssdiagn (bd53b000b5f436a84fb43afb6433c10b) C:\WINDOWS\system32\drivers\ssdiagn.sys
2011/04/03 15:04:02.0281 4800 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/03 15:04:02.0515 4800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/03 15:04:02.0687 4800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/03 15:04:02.0843 4800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/03 15:04:03.0796 4800 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/03 15:04:03.0984 4800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/03 15:04:04.0125 4800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/03 15:04:04.0359 4800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/03 15:04:04.0515 4800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/03 15:04:04.0703 4800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/03 15:04:05.0062 4800 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/04/03 15:04:05.0250 4800 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/04/03 15:04:05.0453 4800 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/04/03 15:04:05.0656 4800 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/04/03 15:04:05.0828 4800 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/04/03 15:04:06.0000 4800 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/04/03 15:04:06.0140 4800 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/04/03 15:04:06.0406 4800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/03 15:04:06.0671 4800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/03 15:04:06.0906 4800 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/03 15:04:07.0078 4800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/03 15:04:07.0187 4800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/03 15:04:07.0359 4800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/03 15:04:07.0531 4800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/03 15:04:07.0734 4800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/03 15:04:07.0906 4800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/03 15:04:08.0078 4800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/03 15:04:08.0171 4800 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/03 15:04:08.0375 4800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/03 15:04:08.0765 4800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/03 15:04:09.0156 4800 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/04/03 15:04:09.0656 4800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/03 15:04:10.0046 4800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/03 15:04:10.0296 4800 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/03 15:04:10.0375 4800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/03 15:04:10.0531 4800 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/04/03 15:04:10.0781 4800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/03 15:04:10.0968 4800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/03 15:04:11.0140 4800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/03 15:04:11.0328 4800 ================================================================================
2011/04/03 15:04:11.0328 4800 Scan finished
2011/04/03 15:04:11.0328 4800 ================================================================================
2011/04/03 15:04:19.0515 1144 Deinitialize success


rkill Log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/04/2011 at 15:12:08.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 03/04/2011 at 15:12:15.



MBAM to follow shortly!

#8 bugerit

bugerit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 03 April 2011 - 11:36 AM

I had run MBAM this morning (fast scan in safe mode) before I noticed that you had posted help for me here- I have included both that scan and the full scan completed just now.
When we initially had problems, I ran a full MBAM scan a number of times in safemode, the first time it found 17 items, one being a Trojan downloader, one having something to do with the task manager registry files and one with the system restore registery files. MBAM then stopped updating, and so in following instructions on the Malwarebytes site I uninstalled/cleaned up/re-installed MBAM and subsequently can't find this initial scan log- any ideas whre I could look if it would be useful to you?

I have followed the instructions on the removal guide, and our 'All Programs' list has been repopulated-Yay! I've noticed that in the 'Start' menu
there is a program called 'Windows Recovery', which doesn't seem to have disappeared after all scans. Should it be there

Malwarebytes:
fast scan-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6253

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/04/2011 9:48:17 AM
mbam-log-2011-04-03 (09-48-17).txt

Scan type: Quick scan
Objects scanned: 165878
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JgUJevQpNnePtDM (Trojan.FakeAlert) -> Value: JgUJevQpNnePtDM -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Full Scan-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6255

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/04/2011 5:19:01 PM
mbam-log-2011-04-03 (17-19-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 264210
Time elapsed: 1 hour(s), 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 03 April 2011 - 05:22 PM

Great! If MBAM was installed and run in safe mode.... Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bugerit

bugerit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 April 2011 - 02:38 AM

Hi boopme!

Unfortunately MBAM won't run in normal mode on our computer- If I try a full scan after about 5 sec (while "enumerating registry objects') it closes and we get the error message 'The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written". Click OK to terminate the program Click cancel to debug the program.'
If I try a quick scan it just disappears, and if you try to open it again you get an error message 'Malwarebytes anti-malware is already running'.
I've tried uninstalling/cleaning up/re-unstalling a number of times, and trawled throught the malwarebytes page for help, but no joy!
Sophos, Spybot and SuperAntiSpyware also don't scan in normal mode (though they will all update in normal mode). ALl of these programs look like they're scanning, but will freeze at about 2% and just scan the same point over and over again. We had a keylogger virus last year, and since our computer was fixed by the uni Computer team, none of the virus software has ever been the same!

Any ideas would be much appreciated!

Thankyou so much for all you help so far, too!

#11 Alex I

Alex I

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 04 April 2011 - 09:37 AM

Dear Guys,
I have the same nasty issues and was infected at around the same time. Please let me know what the 'program removal guide' is as I don't understand from the posts. I've also been trying to fight this nasty bugger and have managed a system restore to a time 3 months ago, but this seems to only be a temporary fix as the issue has come back in full force as of today. I found that one can run mbam and anti virus software by right clicking and "run as administrator", but again this did not help much. Please let me know if I should post any logs ect. Thanks all.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 04 April 2011 - 12:21 PM

It's best than we get a deeper look and see.

ALEX! you should also do ths and post your own log in a separate topic.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users