Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery + Script Error Popup


  • Please log in to reply
8 replies to this topic

#1 mogul192

mogul192

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 25 April 2011 - 08:43 AM

Vista Home Premium O.S. SP2:
Similar original symptoms to:
http://www.bleepingcomputer.com/forums/topic393451.html and 'Windows Recovery' scareware posts.

Current action+ results:

Followed steps at www.bleepingcomputer.com/virus-removal/remove-windows-recovery with addition of running SuperAntiSpyware beforehand to address malwarebytes 'access is disabled' error towards the end of installation. Step 17's Unhide.exe had been run as part of a previous attempt when MBAM did not install.

SAS quarantined: Trojan.Agent/Gen- (FakeAlert + others) (attached image)
MBAM quarantined: Trojan.(Dropper/FakeAlert) and PUM.Hijack.TaskManager (attached image)

Problem:
How can I fully remove residual 'script error' popups (attached image)? How can I ensure that the computer is then clean?

Thanks in advance for your help


More Details:-

Problem sequence of events:
Error message popup mentioning java script

Then

Error message popup mentioning hard drive problems

Then

Windows recovery window with 'scan results' hard drive errors found, as illustrated in <http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery>

Desktop image changed to black

Almost all files on C: (at least) set to 'hidden' whilst windows recovery window open

Task manager option disappeared from Ctrl+Alt+Del

Automatic redirect (2 jumps IIRC) from all google search links to 'stopzilla' site.

Occasional audio samples played without request.


Current status:
*Popup appearing claiming script errors from random sites*. On the first appearance after a reboot, the loading of taskbar icons except clock + power icon (laptop) is delayed until closing of the popup
However, link redirect problem, random audio samples, windows recovery program are no longer apparent.

MBAM Quarantine
Posted Image
SAS Quarantine
Posted Image
Remaining Script Error Popup (example)
Posted Image

Edited by mogul192, 26 April 2011 - 04:09 AM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:05 PM

Posted 29 April 2011 - 04:17 PM

Hello.

We need to reset IE back to default. This should reverse any changes that malware has made to your browser settings and disable any malicious components it may have dropped.

Please follow the instructions in the following link. http://support.microsoft.com/kb/923737

Let me know if this fixes your issue.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 mogul192

mogul192
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 30 April 2011 - 06:20 AM

Hello, Thanks for your reply.

Action:
I have run MSFixit to reset IE as reccomended. Its download was automatically cancelled on this computer (when both downloading from link or an recieving by email attachment in Firefox) but was run ok off an sd card when downloaded on another pc.

Current Problems after action:
I use Firefox rather than IE for browsing. When clicking most, if not all links (e.g. to this forum) from google searches I currently get redirected to other sites as follows (from trial just now):
search in google.com 'bleeping computer'
click first results link (www.bleepingcomputer.com/)
redirected to: what-ever.us
redirected to: htt p://knowledgewiki.o rg/article/bleeping+computer?enk=pqkHoSeRxqmmGUYZhhkHicaBxhkmmQahJqknqSeRZIk=

Also redirecting still occurs with IE after reset. Redirect site chainof sites from above test includes swat.us, quick-search-results.com and scour.com.

As of this morning, I have noticed there is no 'Show hidden files or folders' option in tools>folder options>view>advanced settings.


Will also update soon if the following persist:
IE within the last couple of days has also been opening at random times and directing to sites. The script error appearing since the original problem does refer claim to be an IE window, but no taskbar button appears for it.

Until yesterday at least, random song playing still occurred.

VistaAntiSpyware 2011 popped up a day or two ago, seems to have gone after that day's MBAM/SAS.

Update:
Script error window still appears. No browser open at the time, no taskbar button, site referenced can vary.

Random audio playing still occurs. Clips of about 20 seconds, probably bits from films, songs and adverts. (Has been a pirates of the carribean related Seat car advert, Billy Joel's 'Always a Woman' (frequently) and other stuff, as if it matters.)

Edited by mogul192, 30 April 2011 - 07:15 AM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:05 PM

Posted 01 May 2011 - 01:10 AM

Hello.

Let's try this.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 mogul192

mogul192
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 03 May 2011 - 06:16 PM

Thanks for your reply, apologies for the delay on this one.
Two log files are associated with the scan. 1 malicious and 1 suspicious entry found. TDSSKiller ran with no problems.

Absence of 'Show Hidden Files' menu option under Tools>Folder Options is still a concern.

## FILE 1 ##

2011/05/03 23:59:37.0239 2352 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 23:59:37.0426 2352 ================================================================================
2011/05/03 23:59:37.0426 2352 SystemInfo:
2011/05/03 23:59:37.0426 2352
2011/05/03 23:59:37.0426 2352 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/03 23:59:37.0426 2352 Product type: Workstation
2011/05/03 23:59:37.0426 2352 ComputerName: JON-PC
2011/05/03 23:59:37.0426 2352 UserName: Jon
2011/05/03 23:59:37.0426 2352 Windows directory: C:\Windows
2011/05/03 23:59:37.0426 2352 System windows directory: C:\Windows
2011/05/03 23:59:37.0426 2352 Processor architecture: Intel x86
2011/05/03 23:59:37.0426 2352 Number of processors: 2
2011/05/03 23:59:37.0426 2352 Page size: 0x1000
2011/05/03 23:59:37.0426 2352 Boot type: Normal boot
2011/05/03 23:59:37.0426 2352 ================================================================================
2011/05/03 23:59:38.0284 2352 Initialize success
2011/05/03 23:59:47.0269 3836 Deinitialize success

## FILE 2 ##

2011/05/03 23:59:50.0561 0816 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 23:59:50.0857 0816 ================================================================================
2011/05/03 23:59:50.0857 0816 SystemInfo:
2011/05/03 23:59:50.0857 0816
2011/05/03 23:59:50.0857 0816 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/03 23:59:50.0857 0816 Product type: Workstation
2011/05/03 23:59:50.0857 0816 ComputerName: JON-PC
2011/05/03 23:59:50.0857 0816 UserName: Jon
2011/05/03 23:59:50.0857 0816 Windows directory: C:\Windows
2011/05/03 23:59:50.0857 0816 System windows directory: C:\Windows
2011/05/03 23:59:50.0857 0816 Processor architecture: Intel x86
2011/05/03 23:59:50.0857 0816 Number of processors: 2
2011/05/03 23:59:50.0857 0816 Page size: 0x1000
2011/05/03 23:59:50.0857 0816 Boot type: Normal boot
2011/05/03 23:59:50.0857 0816 ================================================================================
2011/05/03 23:59:51.0294 0816 Initialize success
2011/05/04 00:00:13.0368 1724 ================================================================================
2011/05/04 00:00:13.0368 1724 Scan started
2011/05/04 00:00:13.0368 1724 Mode: Manual;
2011/05/04 00:00:13.0368 1724 ================================================================================
2011/05/04 00:00:14.0273 1724 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/04 00:00:14.0367 1724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/04 00:00:14.0476 1724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/04 00:00:14.0601 1724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/04 00:00:14.0663 1724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/04 00:00:14.0772 1724 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/04 00:00:14.0944 1724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/04 00:00:15.0022 1724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/04 00:00:15.0131 1724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/04 00:00:15.0209 1724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/04 00:00:15.0287 1724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/04 00:00:15.0365 1724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/04 00:00:15.0427 1724 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/04 00:00:15.0583 1724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/04 00:00:15.0677 1724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/04 00:00:15.0755 1724 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\Windows\system32\drivers\aspi32.sys
2011/05/04 00:00:15.0864 1724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 00:00:15.0942 1724 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/04 00:00:16.0020 1724 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/04 00:00:16.0098 1724 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/04 00:00:16.0317 1724 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/04 00:00:16.0488 1724 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/04 00:00:16.0551 1724 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/05/04 00:00:16.0722 1724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/04 00:00:16.0894 1724 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 00:00:17.0003 1724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/04 00:00:17.0050 1724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/04 00:00:17.0143 1724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/04 00:00:17.0221 1724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/04 00:00:17.0284 1724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/04 00:00:17.0377 1724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/04 00:00:17.0455 1724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/04 00:00:17.0565 1724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 00:00:17.0627 1724 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 00:00:17.0658 1724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/04 00:00:17.0736 1724 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/04 00:00:17.0845 1724 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/04 00:00:17.0892 1724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/04 00:00:17.0986 1724 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/04 00:00:18.0001 1724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/04 00:00:18.0064 1724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/04 00:00:18.0173 1724 cur_bus (7f11342c2682b40901952cec4f928d22) C:\Windows\system32\DRIVERS\cur_bus.sys
2011/05/04 00:00:18.0204 1724 cur_mdfl (9f325f5b5ab0bf859f1a8a57fe562c5f) C:\Windows\system32\DRIVERS\cur_mdfl.sys
2011/05/04 00:00:18.0251 1724 cur_mdm (6374dc15a2722c7d3441e018f151a852) C:\Windows\system32\DRIVERS\cur_mdm.sys
2011/05/04 00:00:18.0345 1724 cur_serd (28b374cc0efa3c3149a3e34b18275a8b) C:\Windows\system32\DRIVERS\cur_serd.sys
2011/05/04 00:00:18.0423 1724 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
2011/05/04 00:00:18.0469 1724 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 00:00:18.0579 1724 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/04 00:00:18.0657 1724 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/04 00:00:18.0797 1724 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/05/04 00:00:18.0969 1724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 00:00:19.0140 1724 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 00:00:19.0234 1724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/04 00:00:19.0374 1724 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/04 00:00:19.0468 1724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/04 00:00:19.0546 1724 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/05/04 00:00:19.0686 1724 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/05/04 00:00:19.0749 1724 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/05/04 00:00:19.0905 1724 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/04 00:00:19.0983 1724 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 00:00:20.0014 1724 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 00:00:20.0107 1724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 00:00:20.0185 1724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 00:00:20.0295 1724 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 00:00:20.0357 1724 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 00:00:20.0482 1724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 00:00:20.0544 1724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/04 00:00:20.0669 1724 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 00:00:20.0747 1724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 00:00:20.0778 1724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/04 00:00:20.0856 1724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/04 00:00:20.0981 1724 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 00:00:21.0075 1724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/04 00:00:21.0184 1724 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/04 00:00:21.0277 1724 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/04 00:00:21.0511 1724 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/04 00:00:21.0621 1724 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 00:00:21.0730 1724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/04 00:00:21.0855 1724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 00:00:22.0042 1724 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/04 00:00:22.0213 1724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/04 00:00:22.0369 1724 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/04 00:00:22.0447 1724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/04 00:00:22.0572 1724 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/04 00:00:22.0791 1724 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/04 00:00:22.0978 1724 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/04 00:00:23.0040 1724 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 00:00:23.0212 1724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/04 00:00:23.0290 1724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/04 00:00:23.0368 1724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/04 00:00:23.0461 1724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/04 00:00:23.0524 1724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 00:00:23.0555 1724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/04 00:00:23.0617 1724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/04 00:00:23.0695 1724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 00:00:23.0742 1724 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 00:00:23.0805 1724 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 00:00:23.0961 1724 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/05/04 00:00:24.0085 1724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 00:00:24.0163 1724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/04 00:00:24.0195 1724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/04 00:00:24.0241 1724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/04 00:00:24.0288 1724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/04 00:00:24.0351 1724 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\Windows\system32\drivers\LUMDriver.sys
2011/05/04 00:00:24.0460 1724 lvalarmk (bad54f937b43f0e75db242c1f40c2dcf) C:\Windows\system32\drivers\lvalarmk.sys
2011/05/04 00:00:24.0538 1724 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/04 00:00:24.0616 1724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/04 00:00:24.0709 1724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/04 00:00:24.0803 1724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/04 00:00:24.0881 1724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 00:00:24.0928 1724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 00:00:25.0037 1724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 00:00:25.0131 1724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 00:00:25.0209 1724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/04 00:00:25.0318 1724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 00:00:25.0411 1724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/04 00:00:25.0458 1724 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 00:00:25.0567 1724 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 00:00:25.0599 1724 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 00:00:25.0677 1724 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 00:00:25.0708 1724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/04 00:00:25.0801 1724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/04 00:00:25.0879 1724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 00:00:25.0989 1724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/04 00:00:26.0145 1724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 00:00:26.0191 1724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 00:00:26.0269 1724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 00:00:26.0347 1724 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 00:00:26.0441 1724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 00:00:26.0550 1724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 00:00:26.0597 1724 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/04 00:00:26.0706 1724 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 00:00:26.0815 1724 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\Windows\system32\drivers\nchssvad.sys
2011/05/04 00:00:26.0925 1724 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/04 00:00:26.0987 1724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 00:00:27.0034 1724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 00:00:27.0143 1724 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 00:00:27.0205 1724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 00:00:27.0268 1724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 00:00:27.0346 1724 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 00:00:27.0564 1724 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/04 00:00:27.0829 1724 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/04 00:00:28.0032 1724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/04 00:00:28.0126 1724 ni1006k (2ad3c955a4b2a0c82c1906f61cb297f8) C:\Windows\system32\drivers\ni1006k.sys
2011/05/04 00:00:28.0188 1724 ni1045k (f965ee798882b6ccf8de95af3dd18b7c) C:\Windows\system32\drivers\ni1045kl.sys
2011/05/04 00:00:28.0251 1724 ni1065k (a5cd3acbac593859ad03ed957b443760) C:\Windows\system32\drivers\ni1065k.sys
2011/05/04 00:00:28.0329 1724 ni488lock (3b21d301913f34d9f66229ea0a630af2) C:\Windows\system32\drivers\ni488lock.sys
2011/05/04 00:00:28.0375 1724 nicdrk (f96bdcf214ba8a022b5755815aff0291) C:\Windows\system32\drivers\nicdrkl.sys
2011/05/04 00:00:28.0453 1724 nicsrk (521fd1aa7fc8fdbdffbc57825e17479c) C:\Windows\system32\drivers\nicsrkl.sys
2011/05/04 00:00:28.0547 1724 nidimk (e3b366fdcf29bd8d7ce814728409eaa4) C:\Windows\system32\drivers\nidimkl.sys
2011/05/04 00:00:28.0625 1724 nidmxfk (5da8487091c7ddcb8553b894aae50473) C:\Windows\system32\drivers\nidmxfkl.sys
2011/05/04 00:00:28.0672 1724 nidsark (50eaffe1be196bea3265ed2534a996e6) C:\Windows\system32\drivers\nidsarkl.sys
2011/05/04 00:00:28.0734 1724 niemrk (29c59a874a8c7d3d103ee8efa3fe486c) C:\Windows\system32\drivers\niemrkl.sys
2011/05/04 00:00:28.0797 1724 niesrk (45bc64543f490d4d523305b3767c5626) C:\Windows\system32\drivers\niesrkl.sys
2011/05/04 00:00:28.0843 1724 nifslk (6c863c57dfc643a6ad54d9b64ae0ee79) C:\Windows\system32\drivers\nifslkl.sys
2011/05/04 00:00:28.0921 1724 nimdbgk (673be5d3812ce11053fbce5aef2fc7a9) C:\Windows\system32\drivers\nimdbgkl.sys
2011/05/04 00:00:29.0015 1724 nimru2k (a4d639dd7cf0463228435beeb25d0ca2) C:\Windows\system32\drivers\nimru2kl.sys
2011/05/04 00:00:29.0093 1724 nimsdrk (60b9d093828d324a1c96cf4d4ce9d5df) C:\Windows\system32\drivers\nimsdrkl.sys
2011/05/04 00:00:29.0249 1724 nimsrlk (acfd05455df010e85e0c8a56e9c255c3) C:\Windows\system32\drivers\nimsrlk.dll
2011/05/04 00:00:29.0327 1724 nimstsk (3e8f22e05351834d19254cc13db53460) C:\Windows\system32\drivers\nimstskl.sys
2011/05/04 00:00:29.0358 1724 nimxdfk (7b994752c2f7b133ef48bc25b0c928de) C:\Windows\system32\drivers\nimxdfkl.sys
2011/05/04 00:00:29.0421 1724 nimxpk (bc5ce2c29cfbfa4303fc59f8dab5e97a) C:\Windows\system32\drivers\nimxpkl.sys
2011/05/04 00:00:29.0483 1724 ninshsdk (4700359e18db5b9529cdfa5415a15d32) C:\Windows\system32\drivers\ninshsdkl.sys
2011/05/04 00:00:29.0561 1724 niorbk (2ee2631f636f2cceb8f054bee79ad6c4) C:\Windows\system32\drivers\niorbkl.sys
2011/05/04 00:00:29.0655 1724 nipalfwedl (e9e324c60780f1cde122bdb8a8900bd8) C:\Windows\system32\drivers\nipalfwedl.sys
2011/05/04 00:00:29.0748 1724 NIPALK (cd9f21bce661d399f29851185c606d15) C:\Windows\system32\drivers\nipalk.sys
2011/05/04 00:00:29.0811 1724 nipalusbedl (1b6dd575bd49c6e15eb331a93de6d33a) C:\Windows\system32\drivers\nipalusbedl.sys
2011/05/04 00:00:29.0889 1724 nipbcfk (96c846ab33c383583282b0375b34e9d2) C:\Windows\system32\drivers\nipbcfk.sys
2011/05/04 00:00:29.0951 1724 nipxigpk (1912641a3f404fbedf597e27c675b2dd) C:\Windows\system32\drivers\nipxigpk.sys
2011/05/04 00:00:30.0013 1724 nipxirmk (2d7ce105a4a5294bbb5583e5a7fd3b0b) C:\Windows\system32\drivers\nipxirmkl.sys
2011/05/04 00:00:30.0138 1724 niraptrk (7dc142cc5038fcdb06d7746c66ee6942) C:\Windows\system32\drivers\niraptrkl.sys
2011/05/04 00:00:30.0201 1724 niscdk (b4a90dab55cdaaaf45a0b2dfeaddb5b1) C:\Windows\system32\drivers\niscdkl.sys
2011/05/04 00:00:30.0247 1724 nisdigk (27a00c3804b7a640c90187a3c217d40e) C:\Windows\system32\drivers\nisdigkl.sys
2011/05/04 00:00:30.0341 1724 nisftk (e7acd61066b7b6a021ae363adf73d0ce) C:\Windows\system32\drivers\nisftkl.sys
2011/05/04 00:00:30.0419 1724 nispdk (5696a33c7b8f58f4ef838a6fab248d86) C:\Windows\system32\drivers\nispdkl.sys
2011/05/04 00:00:30.0513 1724 nissrk (a467d0ee89621e5c00987c1f54fcd0eb) C:\Windows\system32\drivers\nissrkl.sys
2011/05/04 00:00:30.0575 1724 nistc2k (f3e81b7b92dd962e674018c810a3025e) C:\Windows\system32\drivers\nistc2kl.sys
2011/05/04 00:00:30.0653 1724 nistc3rk (703852c098c12a052cc1f3dcf3f3c685) C:\Windows\system32\drivers\nistc3rkl.sys
2011/05/04 00:00:30.0715 1724 nistcrk (3130589570081e83a1813c0b62aaca9f) C:\Windows\system32\drivers\nistcrkl.sys
2011/05/04 00:00:30.0778 1724 niswdk (2f3abc2da0f3195c8840386b0d6edd14) C:\Windows\system32\drivers\niswdkl.sys
2011/05/04 00:00:30.0825 1724 nitiork (5446da9b7f6617d9a79df7fbf999935e) C:\Windows\system32\drivers\nitiorkl.sys
2011/05/04 00:00:30.0903 1724 niufurk (066ff14e68ab9855d407a23b6cdca580) C:\Windows\system32\drivers\niufurkl.sys
2011/05/04 00:00:30.0965 1724 NiViFWK (1c6ca16957bad7a11a990904cea8598d) C:\Windows\system32\drivers\NiViFWKl.sys
2011/05/04 00:00:31.0027 1724 NiViPciK (5b1086cafc58d41b062d50980934191b) C:\Windows\system32\drivers\NiViPciKl.sys
2011/05/04 00:00:31.0121 1724 NiViPxiK (f9efcb31d27b30e3cb5e107da6414009) C:\Windows\system32\drivers\NiViPxiKl.sys
2011/05/04 00:00:31.0183 1724 niwfrk (40da4f5fcf19a934087f5e2a578ad7ca) C:\Windows\system32\drivers\niwfrkl.sys
2011/05/04 00:00:31.0215 1724 nixsrk (3389607e8e01d6e4d8e72679e265f2ff) C:\Windows\system32\drivers\nixsrkl.sys
2011/05/04 00:00:31.0261 1724 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 00:00:31.0293 1724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 00:00:31.0433 1724 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 00:00:31.0542 1724 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/04 00:00:31.0605 1724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/04 00:00:31.0683 1724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/04 00:00:31.0776 1724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/04 00:00:31.0839 1724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/04 00:00:31.0885 1724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/04 00:00:32.0026 1724 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/04 00:00:32.0182 1724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/04 00:00:32.0275 1724 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 00:00:32.0322 1724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/04 00:00:32.0447 1724 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/04 00:00:32.0509 1724 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/04 00:00:32.0572 1724 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/04 00:00:32.0665 1724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/04 00:00:32.0962 1724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 00:00:33.0024 1724 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/04 00:00:33.0211 1724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 00:00:33.0305 1724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/04 00:00:33.0461 1724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/04 00:00:33.0555 1724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 00:00:33.0586 1724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 00:00:33.0679 1724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 00:00:33.0742 1724 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 00:00:33.0835 1724 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 00:00:33.0898 1724 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 00:00:33.0945 1724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 00:00:34.0007 1724 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 00:00:34.0085 1724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 00:00:34.0288 1724 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 00:00:34.0397 1724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 00:00:34.0522 1724 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/04 00:00:34.0537 1724 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/04 00:00:34.0678 1724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/04 00:00:34.0771 1724 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/04 00:00:34.0834 1724 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/04 00:00:34.0912 1724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/04 00:00:35.0021 1724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/04 00:00:35.0130 1724 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/04 00:00:35.0271 1724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/04 00:00:35.0333 1724 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/04 00:00:35.0411 1724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/04 00:00:35.0473 1724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/04 00:00:35.0583 1724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/04 00:00:35.0661 1724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/04 00:00:35.0754 1724 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 00:00:36.0160 1724 SNP2UVC (0a0e0a9f9c658fde4ccccc39928b0cf9) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/04 00:00:36.0675 1724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/04 00:00:36.0768 1724 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/05/04 00:00:36.0768 1724 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/05/04 00:00:36.0784 1724 sptd - detected LockedFile.Multi.Generic (1)
2011/05/04 00:00:36.0862 1724 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 00:00:36.0940 1724 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 00:00:36.0971 1724 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 00:00:37.0018 1724 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/04 00:00:37.0111 1724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 00:00:37.0221 1724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/04 00:00:37.0283 1724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/04 00:00:37.0361 1724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/04 00:00:37.0470 1724 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/04 00:00:37.0595 1724 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 00:00:37.0720 1724 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 00:00:37.0767 1724 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 00:00:37.0860 1724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 00:00:37.0907 1724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 00:00:38.0001 1724 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 00:00:38.0094 1724 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 00:00:38.0172 1724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 00:00:38.0235 1724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/04 00:00:38.0297 1724 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 00:00:38.0344 1724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/04 00:00:38.0406 1724 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 00:00:38.0578 1724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/04 00:00:38.0687 1724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/04 00:00:38.0781 1724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/04 00:00:38.0827 1724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/04 00:00:38.0905 1724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 00:00:39.0171 1724 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/04 00:00:39.0280 1724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 00:00:39.0327 1724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/04 00:00:39.0405 1724 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 00:00:39.0467 1724 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 00:00:39.0545 1724 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/04 00:00:39.0592 1724 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/04 00:00:39.0654 1724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/04 00:00:39.0748 1724 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 00:00:39.0810 1724 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 00:00:39.0919 1724 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/04 00:00:39.0997 1724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 00:00:40.0091 1724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/04 00:00:40.0185 1724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/04 00:00:40.0294 1724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/04 00:00:40.0356 1724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/04 00:00:40.0434 1724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/04 00:00:40.0497 1724 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 00:00:40.0543 1724 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 00:00:40.0543 1724 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/05/04 00:00:40.0543 1724 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/04 00:00:40.0606 1724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/04 00:00:40.0684 1724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/04 00:00:40.0746 1724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 00:00:40.0809 1724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 00:00:40.0902 1724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/04 00:00:40.0965 1724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 00:00:41.0136 1724 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/04 00:00:41.0292 1724 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\Windows\system32\winio.sys
2011/05/04 00:00:41.0417 1724 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/04 00:00:41.0511 1724 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/04 00:00:41.0573 1724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 00:00:41.0745 1724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 00:00:41.0791 1724 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/04 00:00:41.0869 1724 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/04 00:00:42.0057 1724 ================================================================================
2011/05/04 00:00:42.0057 1724 Scan finished
2011/05/04 00:00:42.0057 1724 ================================================================================
2011/05/04 00:00:42.0072 2372 Detected object count: 2
2011/05/04 00:04:25.0074 2372 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/04 00:04:25.0246 2372 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 00:04:25.0246 2372 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/05/04 00:04:31.0205 2372 Backup copy found, using it..
2011/05/04 00:04:31.0423 2372 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/05/04 00:04:31.0423 2372 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/05/04 00:04:38.0100 3196 Deinitialize success

Edited by mogul192, 03 May 2011 - 06:25 PM.


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:05 PM

Posted 04 May 2011 - 10:20 AM

Hello.

Apart from the Show hidden files issue, how is the computer running?

Please update MBAM and run another quick scan; post the log for my review.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 mogul192

mogul192
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 04 May 2011 - 05:47 PM

The computer is running ok, probably on par with before windows recovery appeared.

The script error message certainly popped up yesterday morning, but I have not seen it yet today so TDSSKiller possibly found that.

There's been no random audio while using it this evening; the sound was off yesterday while working just in case so i can't comment for then.

Just tried 2/3 general google searches with Firefox and IE and followed a couple of hits with no redirect problems.


Requested Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6507

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

04/05/2011 23:09:36
mbam-log-2011-05-04 (23-09-36).txt

Scan type: Quick scan
Objects scanned: 187531
Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUSEDRIVER (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jon\AppData\Local\Temp\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.

#8 mogul192

mogul192
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 15 May 2011 - 03:59 PM

Update:

Computer seems to be running normally after a reasonable test period.

'Show hidden files and folders' option has been fixed by re-creating the associated registry key (right click + 'Merge' the registry file, contents at the bottom of this post, saved as '.reg' file), which must have been removed by the earlier malware.


Thanks for your help. Hope this thread helps others when searching.



Registry file contents below:--


Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:05 PM

Posted 18 May 2011 - 10:38 AM

Hello.

Sorry I missed your initial reply.

I'm glad you got everything working again.

Sounds like you're good to go unless you have further problems!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users