Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Bamital.FI & undetected/unknown


  • This topic is locked This topic is locked
14 replies to this topic

#1 Marko87

Marko87

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 20 May 2011 - 08:46 PM

Been experiencing some issues recently, the last 3 days so far with Google results redirecting me to advertisements, the common. However, the difference is that I seem to be having boot failure after login, even before and after Windows Update auto-install has been disabled. It would be convenient if I could resolve both issues, kill two birds with one stone - and avoid clutter. The Windows Update/bad boot could be a problem on it's own. I've used several programs to scan and find the issue(s), however nothing has come up. To describe it more carefully I will begin with when I bought the laptop, which was only about two months ago. After about a week of having the laptop, I tried to use Windows Update, which did not work, updates did not install properly and caused a bad boot, which then I had do System Restore. Found that Norton might be the issue, so I tried going to their site and it was blocked. It was only yesterday that I found that my "Hosts" file had been modified, blocking most/all security sites. Tried hotfixes, fixit now, and many others, including boot repair tools. I have downloaded some torrents, and I am well aware of the potential threats from doing so, I will however wait till I am instructed to do so, to delete whatever. If at all possible, please indicate where within the logs there is a discrepancies/error, as I am experienced repairing computers, and would like to know more about what's going on. I must emphasize that I would like to avoid restarting if at all possible, as I am afraid it will be a bad boot and will not be able to continue since I'll likely have to System Restore. I have only had a couple BSODs each restart and fix attempt, they were short and not detailed, but I don't know the specific error. Also, I do not have a reboot disk of Windows or anything like that. I have also tried Safe Mode which doesn't seem to boot properly either. I've also scanned with sfc.exe and it found an error but could not fix it, and I am unable to access CBS.log - in fact, it seems I am locked out of a lot of system tools and files, even when I "Run as Admin" and change permissions. My last resort, which might be difficult since I don't have an install disk ready, to use kill disk and just reinstall it with XP.
Summary:

explorer.exe infected,
Google results redirect to ads,
system32/wininit.exe infected,
Bamital.Fi virus,
Hosts File contaminated,
Bad Boot after log-in, can't restart or install updates properly (explorer.exe and most basic services won't start up, only CTRL+ALT+DEL works)

GMER Scan froze before it was completed. It froze on: C:\Windows\SoftwareDistribution\\Download\b635b7a7651f5dd1a95f6d85f3bb620f\pacl

<--LOGS BELOW-->

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_25
Run by Mark at 10:34:36 on 2011-05-20
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2939.1157 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRunOnce: [*NMRUI] "c:\users\mark\downloads\NPE.exe" /POSTFIX
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\TSS.exe /hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [NBRTWizard] "c:\program files\nortoninstaller\{16dd5937-8a6a-4e65-a874-e19c3b0708a5}\nbrtwizard\licensetype\3.5.0.23\InstStub.exe" /RELAUNCH

/RUNONCE /NOPROMPT /PRODID NBRTWizard
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3

\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\users\mark\desktop\PartyPoker.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\q3c91mod.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SMR162;Symantec SMR Utility Service 1.6.2;c:\windows\system32\drivers\SMR162.SYS [2011-5-19 76920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-15 218688]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-4-4 20384]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-19 352656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-19 1153368]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-4-4 954368]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2011-5-19 13704]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-05-20 05:52:49 -------- d-----w- c:\users\mark\appdata\local\NeoSmart_Technologies
2011-05-20 05:50:05 -------- d-----w- c:\program files\NeoSmart Technologies
2011-05-20 04:18:04 -------- d-----w- c:\users\mark\appdata\roaming\IObit
2011-05-20 04:18:01 -------- d-----w- c:\program files\IObit
2011-05-20 03:04:20 -------- d-----w- c:\program files\Yamicsoft
2011-05-20 02:44:35 98696 ----a-w- c:\windows\system32\setupprwdrv03.exe
2011-05-20 02:44:35 13704 ----a-w- c:\windows\system32\prwntdrv.sys
2011-05-20 02:44:28 -------- d-----w- c:\program files\EASEUS
2011-05-20 02:17:47 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-05-20 02:17:36 -------- d-----w- c:\program files\Panda Security
2011-05-20 02:01:26 -------- d-----w- c:\programdata\NortonInstaller
2011-05-20 01:30:49 76920 ----a-w- c:\windows\system32\drivers\SMR162.SYS
2011-05-20 01:30:49 322 ----a-w- c:\windows\system32\drivers\SMR162.dat
2011-05-20 01:30:47 -------- d-----w- c:\programdata\Norton
2011-05-20 01:30:42 -------- d-----w- c:\users\mark\appdata\local\NPE
2011-05-19 23:12:01 -------- d-----w- C:\c5bc963481ad51e24f0b313e6d57
2011-05-19 22:14:30 -------- d-----w- c:\users\mark\appdata\local\ESET
2011-05-19 22:10:11 -------- d-----w- c:\program files\ESET
2011-05-19 20:40:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-19 20:40:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-19 18:34:33 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes
2011-05-19 18:34:27 -------- d-----w- c:\programdata\Malwarebytes
2011-05-19 18:34:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 18:28:39 -------- d-----w- c:\program files\AdWare SpyWare SE
2011-05-19 04:09:07 -------- d-----w- c:\users\mark\appdata\local\SKIDROW
2011-05-19 03:01:35 -------- d-----w- c:\users\mark\appdata\local\ElevatedDiagnostics
2011-05-19 01:20:28 -------- d-----w- c:\program files\Microsoft ATS
2011-05-18 23:58:37 -------- d-----w- C:\46db66a7d43745065be067e8b87011
2011-05-18 22:53:37 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-05-18 22:53:31 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{330c7169-1c7e-4242-81c7-8da4374a1084}

\mpengine.dll
2011-05-18 22:53:31 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-18 19:22:21 -------- d-----w- c:\users\mark\appdata\local\My Games
2011-05-18 18:50:11 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-05-16 19:02:29 -------- d-----w- c:\programdata\Age of Empires 3
2011-05-16 05:14:59 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-05-16 04:01:05 -------- d-----w- c:\program files\Paradox Interactive
2011-05-16 03:34:54 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-16 03:32:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-16 03:32:10 -------- d-----w- c:\users\mark\appdata\roaming\DAEMON Tools Lite
2011-05-16 03:32:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-15 23:41:57 -------- d-----w- c:\users\mark\appdata\roaming\Azureus
2011-05-15 23:39:26 -------- d-----w- c:\program files\Vuze
2011-05-15 23:39:00 -------- d-----w- c:\users\mark\appdata\local\Conduit
2011-05-15 20:38:50 -------- d-----w- C:\Programs
2011-05-07 05:01:51 -------- d-----w- c:\program files\Elecard
2011-05-07 05:01:51 -------- d-----w- c:\program files\common files\Elecard
2011-04-29 04:29:11 -------- d-----w- c:\users\mark\appdata\roaming\OpenOffice.org
2011-04-29 04:22:29 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-27 22:49:06 -------- d-----w- c:\users\mark\Why You Should Write Things Down_files
2011-04-27 22:48:08 -------- d-----w- c:\users\mark\Tackle Any Issue With a List of 100_files
2011-04-27 03:29:21 -------- d-----w- c:\users\mark\appdata\roaming\X-Chat 2
2011-04-27 03:28:48 -------- d-----w- c:\program files\X-Chat 2
2011-04-27 03:25:38 -------- d-----w- c:\windows\system32\include
2011-04-27 03:25:37 -------- d-----w- c:\windows\system32\bin
2011-04-27 03:25:36 -------- d-----w- c:\windows\system32\lib
2011-04-25 23:47:17 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-25 23:11:01 -------- d-----w- c:\program files\Anywhere PE Viewer 0.1.7
2011-04-25 20:59:58 -------- d--h--w- C:\$AVG
2011-04-25 20:48:30 -------- d--h--w- c:\programdata\Common Files
2011-04-25 20:44:21 -------- d-----w- c:\programdata\AVG10
2011-04-25 20:40:37 -------- d-----w- c:\program files\AVG
2011-04-25 20:17:05 -------- d-----w- c:\programdata\MFAData
2011-04-25 00:51:03 -------- d-----w- c:\users\mark\appdata\local\Thunderbird
2011-04-25 00:35:44 -------- d-----w- c:\users\mark\appdata\roaming\Warsow 0.6
2011-04-25 00:13:43 -------- d-----w- c:\users\mark\.freemind
2011-04-25 00:13:06 -------- d-----w- c:\program files\FreeMind
2011-04-24 23:51:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-24 23:51:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-24 23:51:29 -------- d-----w- c:\program files\OpenAL
2011-04-24 22:29:04 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-24 22:28:01 -------- d-----w- c:\users\mark\appdata\local\PunkBuster
2011-04-24 22:17:02 138056 ----a-w- c:\users\mark\appdata\roaming\PnkBstrK.sys
2011-04-24 22:16:44 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-24 20:58:03 -------- d-----w- c:\program files\EA Games
2011-04-23 17:21:35 -------- d-----w- c:\users\mark\appdata\roaming\Adobe Mini Bridge CS5
2011-04-23 17:21:32 -------- d-----w- c:\users\mark\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-20 19:52:12 -------- d-----w- c:\users\mark\appdata\local\Symantec
2011-04-20 18:27:29 -------- d-----w- c:\program files\Chami
2011-04-20 17:48:43 -------- d-----w- c:\users\mark\appdata\local\Mozilla
.
==================== Find3M ====================
.
2011-04-14 12:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-04 22:34:59 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-04-04 22:34:56 315392 ----a-w- c:\windows\HideWin.exe
2011-04-04 20:14:39 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-04-02 18:00:28 5 --sha-r- c:\windows\system32\drivers\taishop.sys
2011-03-21 13:58:03 152064 ----a-w- c:\windows\system32\xvid.ax
2011-03-19 15:06:01 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-19 15:04:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
.
============= FINISH: 10:35:56.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 21 May 2011 - 06:59 AM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 21 May 2011 - 12:59 PM

After running ComboFix, my computer restarted and failed to boot correctly. Then it restarted and I was prompted to start System Boot Repair or Start Win Normally. I chose to repair. It took a bit longer than usual, and this time without asking to use System Restore. After it was finished, boot seemed to be normal, however there doesn't seem to be a log except in catchme.txt:

File "C:\ComboFix\MT_explorer.exe.tmp" added successfully

Unless I fix the boot issue, if it stills occurs, I won't be able to restart consistently. Anyway... next step?

Edit: I do not seem to get redirected anymore. So that is fixed. I'm a bit of a quality control freak, so I'd like to run a few more scans if possible (without restarting?). If I produce a list of the Windows Updates I have installed, would it be possible to tell which one could be causing boot failure? Let me know if I should just start a sep. topic on that issue.

UPDATE: After installing Zone Alarm Firewall, I had to restart. It was successful. I also installed Avira AntiVir. When I logged back on it caught another infection, "TR/ATRAPS.Gen" infected file: w.dll --- This same file has infected by computer from long before I had used torrents. I could have picked it up from a bad install/website, possibly Graboid. I've tried deleting/quarantining this file multiple times but either access is denied or it comes right back.

Edited by Marko87, 21 May 2011 - 02:17 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 21 May 2011 - 02:44 PM

Hi

Please do the following:

Verify that you can access the Recovery Environment

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option Repair your computer is available, select it.

Select a language, a keyboard or an input method, and then click Next

It will ask for a password > if you have one > enter it now, or just hit OK if you don't have one.

(If Recovery Environment is not preinstalled, you will need to insert your installation DVD and restart, then press any key when prompted to boot from the CD.

At the Install Windows screen, select Repair your computer
)


In the System Recovery Options dialog box, click Command Prompt

Type bootrec /fixmbr and then press ENTER

You should see "The operation completed successfully"

Type EXIT at the command prompt, then select the RESTART button to reboot your system normally.



Now let me know how the computer is behaving, if it seems to be running well, give ComboFix another run, try running it in safe mode - post the resulting log

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 22 May 2011 - 12:51 PM

I think my system is functioning and restarting correctly and consistently now. Thank you for the support. If I have any more trouble with this in the next week, I'll be sure to PM you or another moderator. Until then, we can close this topic. Thanks again.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 22 May 2011 - 02:00 PM

Hi,

I'm not certain what caused your issues, whether or not it was hardware or malware related, there are a couple more scans we can run and I'd like to see the ComboFix log

it should be located at c:\comboFix.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 22 May 2011 - 03:27 PM

At the moment, I'm still only paranoid about restarting. One of the restarts just took a couple extra minutes (or seconds) for explorer.exe and other service to start up.

Also, I went ahead with using SuperAntiSpyware and Avira AntiVir. AV found a couple more infected files with:

The file 'C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir'
contained a virus or unwanted program 'TR/Patched.Gen4' [trojan]

The file 'C:\Users\Mark\Downloads\XvidSetup.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]

The file 'C:\Windows\System32\w.dll'
contained a virus or unwanted program 'TR/ATRAPS.Gen' [trojan]



I believe I picked these ones up after downloading Xvid from a bad site - which, come to think of it, has happened before.

This is the only ComoFix log that I've found:

ComboFix 11-05-19.02 - Mark 05/21/2011 10:11:20.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2939.1272 [GMT -7:00]
Running from: C:\Users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 22 May 2011 - 03:49 PM

Hi

If that was all there was to the log, could you please run ComboFix again, the file that was found in qoobox is ComboFix' quarantine, so I believe ComboFix has deleted the worst of the infection, but I would like to see a full log to make certain, make sure your AV is disabled.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 23 May 2011 - 03:58 PM

Tried running ComboFix. However it keeps saying that i have a corrupt download. Downloaded it three different times. Should I disable all security applications?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 23 May 2011 - 05:51 PM

yes, they are likely interfering with the download as well as when you try and run it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 23 May 2011 - 06:16 PM

Okay... tried that, still not running... and STILL picking up viruses/malware.

The file 'C:\Users\Mark\AppData\Local\merfxic.dll'
contained a virus or unwanted program 'TR/Hiloti.D.3864' [trojan]


EDIT: Should I uninstall and delete anything I have downloaded? And how about the list of updates I have installed on this system?

Edited by Marko87, 23 May 2011 - 06:46 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 23 May 2011 - 06:42 PM

what is the exact message you get when you try and run ComboFix?


Please run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Marko87

Marko87
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 25 May 2011 - 11:32 AM

2011/05/25 09:18:38.0725 5860 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 09:18:39.0576 5860 ================================================================================
2011/05/25 09:18:39.0576 5860 SystemInfo:
2011/05/25 09:18:39.0576 5860
2011/05/25 09:18:39.0577 5860 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/25 09:18:39.0577 5860 Product type: Workstation
2011/05/25 09:18:39.0577 5860 ComputerName: MARK-PC
2011/05/25 09:18:39.0578 5860 UserName: Mark
2011/05/25 09:18:39.0578 5860 Windows directory: C:\Windows
2011/05/25 09:18:39.0578 5860 System windows directory: C:\Windows
2011/05/25 09:18:39.0578 5860 Processor architecture: Intel x86
2011/05/25 09:18:39.0578 5860 Number of processors: 1
2011/05/25 09:18:39.0578 5860 Page size: 0x1000
2011/05/25 09:18:39.0578 5860 Boot type: Normal boot
2011/05/25 09:18:39.0578 5860 ================================================================================
2011/05/25 09:18:41.0379 5860 Initialize success
2011/05/25 09:18:44.0617 4188 ================================================================================
2011/05/25 09:18:44.0617 4188 Scan started
2011/05/25 09:18:44.0617 4188 Mode: Manual;
2011/05/25 09:18:44.0617 4188 ================================================================================
2011/05/25 09:18:45.0361 4188 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/25 09:18:45.0551 4188 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 09:18:45.0697 4188 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 09:18:45.0848 4188 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 09:18:45.0907 4188 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 09:18:46.0054 4188 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/25 09:18:46.0251 4188 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/25 09:18:46.0641 4188 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/25 09:18:46.0728 4188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 09:18:46.0898 4188 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/25 09:18:46.0973 4188 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/25 09:18:47.0059 4188 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/25 09:18:47.0166 4188 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/25 09:18:47.0254 4188 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/25 09:18:47.0573 4188 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/25 09:18:47.0653 4188 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 09:18:47.0780 4188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 09:18:47.0860 4188 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/05/25 09:18:48.0020 4188 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/05/25 09:18:48.0332 4188 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/25 09:18:48.0423 4188 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/25 09:18:48.0621 4188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/25 09:18:48.0809 4188 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/25 09:18:48.0920 4188 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 09:18:49.0034 4188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 09:18:49.0137 4188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 09:18:49.0242 4188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/25 09:18:49.0325 4188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 09:18:49.0440 4188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 09:18:49.0520 4188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 09:18:49.0593 4188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 09:18:49.0734 4188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 09:18:49.0881 4188 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 09:18:50.0008 4188 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/25 09:18:50.0111 4188 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/25 09:18:50.0319 4188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 09:18:50.0540 4188 cmdGuard (ab491f59adb3a496a6a13636767c9317) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/05/25 09:18:50.0634 4188 cmdHlp (4eca66ad76e621b8d4cf8b861a5d2ff6) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/05/25 09:18:50.0709 4188 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 09:18:50.0807 4188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 09:18:50.0990 4188 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 09:18:51.0110 4188 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/25 09:18:51.0286 4188 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 09:18:51.0461 4188 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/25 09:18:51.0671 4188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 09:18:51.0795 4188 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/25 09:18:51.0951 4188 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 09:18:52.0074 4188 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/25 09:18:52.0256 4188 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/25 09:18:52.0397 4188 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 09:18:52.0566 4188 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/25 09:18:52.0741 4188 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/25 09:18:52.0828 4188 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 09:18:52.0928 4188 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 09:18:53.0062 4188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 09:18:53.0177 4188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 09:18:53.0282 4188 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 09:18:53.0449 4188 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 09:18:53.0647 4188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 09:18:53.0764 4188 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/05/25 09:18:53.0876 4188 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 09:18:53.0998 4188 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/25 09:18:54.0252 4188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/25 09:18:54.0357 4188 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 09:18:54.0467 4188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 09:18:54.0622 4188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/25 09:18:54.0785 4188 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 09:18:54.0883 4188 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 09:18:54.0995 4188 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 09:18:55.0114 4188 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 09:18:55.0230 4188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 09:18:55.0456 4188 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/25 09:18:55.0570 4188 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 09:18:55.0903 4188 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/25 09:18:56.0123 4188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 09:18:56.0297 4188 inspect (f0b1f95f5864e7b52332f014ea9adc63) C:\Windows\system32\DRIVERS\inspect.sys
2011/05/25 09:18:56.0493 4188 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/25 09:18:56.0690 4188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/25 09:18:56.0797 4188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 09:18:56.0946 4188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 09:18:57.0226 4188 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 09:18:57.0345 4188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 09:18:57.0452 4188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 09:18:57.0532 4188 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 09:18:57.0644 4188 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 09:18:57.0722 4188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 09:18:57.0861 4188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 09:18:58.0123 4188 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/05/25 09:18:58.0279 4188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 09:18:58.0375 4188 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 09:18:58.0514 4188 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/05/25 09:18:58.0644 4188 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/05/25 09:18:58.0837 4188 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 09:18:59.0083 4188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 09:18:59.0258 4188 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 09:18:59.0434 4188 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 09:18:59.0599 4188 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 09:18:59.0747 4188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/25 09:18:59.0866 4188 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/25 09:19:00.0083 4188 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/25 09:19:00.0423 4188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/25 09:19:00.0580 4188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 09:19:00.0841 4188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 09:19:00.0975 4188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 09:19:01.0050 4188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 09:19:01.0162 4188 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/25 09:19:01.0321 4188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 09:19:01.0445 4188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 09:19:01.0572 4188 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 09:19:01.0662 4188 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 09:19:01.0759 4188 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 09:19:01.0970 4188 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 09:19:02.0128 4188 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/25 09:19:02.0252 4188 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 09:19:02.0438 4188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 09:19:02.0546 4188 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 09:19:02.0722 4188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 09:19:02.0833 4188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 09:19:02.0947 4188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 09:19:03.0090 4188 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 09:19:03.0238 4188 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 09:19:03.0346 4188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 09:19:03.0436 4188 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/25 09:19:03.0599 4188 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 09:19:03.0729 4188 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/25 09:19:03.0828 4188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 09:19:03.0946 4188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 09:19:04.0033 4188 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 09:19:04.0134 4188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 09:19:04.0257 4188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 09:19:04.0392 4188 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 09:19:04.0651 4188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 09:19:04.0773 4188 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 09:19:04.0925 4188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 09:19:05.0092 4188 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 09:19:05.0229 4188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/25 09:19:05.0329 4188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/25 09:19:05.0426 4188 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 09:19:05.0575 4188 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 09:19:05.0699 4188 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 09:19:06.0011 4188 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/25 09:19:06.0246 4188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/25 09:19:06.0348 4188 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 09:19:06.0519 4188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/25 09:19:06.0654 4188 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2011/05/25 09:19:06.0775 4188 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/25 09:19:06.0956 4188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 09:19:07.0122 4188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/25 09:19:07.0691 4188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 09:19:07.0790 4188 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/25 09:19:07.0958 4188 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 09:19:08.0117 4188 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/25 09:19:08.0257 4188 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 09:19:08.0421 4188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 09:19:08.0568 4188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 09:19:08.0663 4188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 09:19:08.0773 4188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 09:19:08.0920 4188 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 09:19:09.0039 4188 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 09:19:09.0192 4188 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 09:19:09.0345 4188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 09:19:09.0489 4188 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 09:19:09.0606 4188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 09:19:09.0740 4188 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 09:19:10.0026 4188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 09:19:10.0161 4188 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/25 09:19:10.0294 4188 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/25 09:19:10.0506 4188 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/25 09:19:10.0608 4188 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/25 09:19:10.0769 4188 SbieDrv (2b12749cc05f32d217735770d2eeabe3) C:\Program Files\Sandboxie\SbieDrv.sys
2011/05/25 09:19:10.0969 4188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 09:19:11.0281 4188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 09:19:11.0631 4188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/25 09:19:11.0742 4188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/25 09:19:11.0840 4188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 09:19:12.0074 4188 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/25 09:19:12.0165 4188 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 09:19:12.0268 4188 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/25 09:19:12.0389 4188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/25 09:19:12.0574 4188 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/25 09:19:12.0753 4188 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 09:19:12.0865 4188 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 09:19:13.0036 4188 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 09:19:13.0227 4188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/25 09:19:13.0464 4188 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 09:19:13.0582 4188 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 09:19:13.0712 4188 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 09:19:13.0926 4188 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/25 09:19:14.0091 4188 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 09:19:14.0349 4188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 09:19:14.0441 4188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 09:19:14.0545 4188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 09:19:14.0676 4188 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/25 09:19:15.0011 4188 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 09:19:15.0200 4188 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 09:19:15.0355 4188 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 09:19:15.0491 4188 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/05/25 09:19:15.0602 4188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 09:19:15.0704 4188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 09:19:15.0800 4188 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 09:19:15.0913 4188 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 09:19:16.0078 4188 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/25 09:19:16.0263 4188 TfNetMon (917ef522563f6047685486efa486fb3c) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/25 09:19:16.0368 4188 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/25 09:19:16.0822 4188 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/05/25 09:19:17.0047 4188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 09:19:17.0177 4188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 09:19:17.0345 4188 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 09:19:17.0478 4188 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/05/25 09:19:17.0597 4188 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 09:19:17.0708 4188 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 09:19:17.0988 4188 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 09:19:18.0096 4188 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 09:19:18.0222 4188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 09:19:18.0353 4188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 09:19:18.0500 4188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 09:19:18.0727 4188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 09:19:18.0815 4188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 09:19:18.0948 4188 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 09:19:19.0073 4188 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 09:19:19.0187 4188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/25 09:19:19.0324 4188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/25 09:19:19.0423 4188 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 09:19:19.0527 4188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 09:19:19.0675 4188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/25 09:19:19.0959 4188 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 09:19:20.0062 4188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/25 09:19:20.0191 4188 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/25 09:19:20.0308 4188 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/25 09:19:20.0417 4188 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/25 09:19:20.0514 4188 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 09:19:20.0620 4188 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 09:19:20.0754 4188 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 09:19:20.0874 4188 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 09:19:21.0229 4188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 09:19:21.0364 4188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 09:19:21.0458 4188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 09:19:21.0634 4188 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/25 09:19:21.0761 4188 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 09:19:22.0528 4188 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/25 09:19:22.0831 4188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 09:19:23.0217 4188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/25 09:19:23.0260 4188 ================================================================================
2011/05/25 09:19:23.0260 4188 Scan finished
2011/05/25 09:19:23.0260 4188 ================================================================================
2011/05/25 09:19:23.0312 3792 Detected object count: 0
2011/05/25 09:19:23.0312 3792 Actual detected object count: 0
2011/05/25 09:31:20.0480 5132 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 25 May 2011 - 05:31 PM

Hi

Delete the copy of combofix that you have on your desktop and download a fresh copy from here, now boot into safe mode and run it in safe mode.

Make certain your security programs are disabled so the don't interfere with the download and running of combofix. Post the resulting log

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 AM

Posted 29 May 2011 - 01:10 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users