Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSoD + svchost.exe


  • This topic is locked This topic is locked
11 replies to this topic

#1 qwertyui

qwertyui

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 05 June 2011 - 11:04 PM

Sorry if this has been discussed and resolved before! I looked through some topics and couldn't find a solution.

Today the BlueScreen started to appear about a minute after I turned on my laptop. I ran Malwarebytes and the log listed that a svchost.exe trojan is in my Windows Temp file. Malwarebytes then quarantined and removed it. So, I restarted on Start Windows Normally since I thought I didn't need Safe Mode with Networking anymore, but the BSoD still appeared. I ran MBAM again and this time there were no infected files.

I've tried PC Health Advisor and uninstalled some programs that it listed as troublesome, but the same problem still persists.

Please help.

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:10:00 AM

Posted 06 June 2011 - 12:29 AM

Sorry if this has been discussed and resolved before! I looked through some topics and couldn't find a solution.

Today the BlueScreen started to appear about a minute after I turned on my laptop. I ran Malwarebytes and the log listed that a svchost.exe trojan is in my Windows Temp file. Malwarebytes then quarantined and removed it. So, I restarted on Start Windows Normally since I thought I didn't need Safe Mode with Networking anymore, but the BSoD still appeared. I ran MBAM again and this time there were no infected files.

I've tried PC Health Advisor and uninstalled some programs that it listed as troublesome, but the same problem still persists.

Please help.



question: on the blue screen of death....what microsoft codes (i.e. - 0x000009) does it show if it shows any at all?

on your next reply please list all codes that you see so we can figure out what to do to further help you.

Edited by herg62123, 06 June 2011 - 12:32 AM.

Posted Image

#3 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 06 June 2011 - 10:35 AM

Thanks for answering. This is what it says:

STOP: 0x0000008E (0xC0000005, 0x88A4657D, 0xA9A2D78C, 0x00000000)

iastor.sys-Address 88A4657D
base at 88A05000
Datestamp 4b50ca66

Collecting data for crash dump
Initializing disk for crash dump
Beginning dump of physical memory
Dumping physical memory to disk: 100
Physical memory dump complete

#4 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 06 June 2011 - 10:49 PM

Also, about 10 minutes ago Firefox closed the web-page I was viewing and I got this message: "Firefox infected with trojan-bnk.win32.keylogger.gen."
Malwarebytes wouldn't open when I clicked on it and I was being redirected to advertisement sites whenever I searched for something.

Edited by qwertyui, 06 June 2011 - 10:50 PM.


#5 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 09 June 2011 - 12:52 PM

I'm also now infected with Win 7 Security. Please help.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:00 AM

Posted 10 June 2011 - 09:20 PM

Please follow our Removal Guide here (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 11 June 2011 - 06:53 PM

Thank you! Win 7 seems to be removed, as I don't get messages from it anymore and I don't get redirected. But, I still got the blue screen after my laptop restarted following the MBAM scan. Also, Secunia PSI won't scan on Safe Mode with Networking and I can't log on normal mode because the BSoD appears. I ran MBAM again and eXplorer.exe came up as an infected file.

Here's the log from the first scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/11/2011 6:57:06 PM
mbam-log-2011-06-11 (18-57-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 218661
Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\igs.exe (Trojan.ExeShell.Gen) -> 572 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\igs.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\72a60c26-2cd53c8c (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\administrator\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Here's the log from the second scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/11/2011 7:44:37 PM
mbam-log-2011-06-11 (19-44-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 218896
Time elapsed: 27 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:00 AM

Posted 12 June 2011 - 07:21 PM

WE maay have software issue, but I want to be certain all the TDSS is gone.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 13 June 2011 - 08:00 PM

Here's the log for TDSSkiller:

2011/06/13 19:16:20.0269 1992 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/13 19:16:20.0534 1992 ================================================================================
2011/06/13 19:16:20.0534 1992 SystemInfo:
2011/06/13 19:16:20.0534 1992
2011/06/13 19:16:20.0534 1992 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/13 19:16:20.0534 1992 Product type: Workstation
2011/06/13 19:16:20.0534 1992 ComputerName: ERKINAZ
2011/06/13 19:16:20.0534 1992 UserName: Administrator
2011/06/13 19:16:20.0534 1992 Windows directory: C:\Windows
2011/06/13 19:16:20.0534 1992 System windows directory: C:\Windows
2011/06/13 19:16:20.0534 1992 Processor architecture: Intel x86
2011/06/13 19:16:20.0534 1992 Number of processors: 2
2011/06/13 19:16:20.0534 1992 Page size: 0x1000
2011/06/13 19:16:20.0534 1992 Boot type: Safe boot with network
2011/06/13 19:16:20.0534 1992 ================================================================================
2011/06/13 19:16:20.0987 1992 Initialize success
2011/06/13 19:16:22.0984 1456 ================================================================================
2011/06/13 19:16:22.0984 1456 Scan started
2011/06/13 19:16:22.0984 1456 Mode: Manual;
2011/06/13 19:16:22.0984 1456 ================================================================================
2011/06/13 19:16:23.0904 1456 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/13 19:16:23.0982 1456 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
2011/06/13 19:16:24.0138 1456 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/13 19:16:24.0232 1456 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/13 19:16:24.0388 1456 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/13 19:16:24.0559 1456 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/13 19:16:24.0622 1456 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/13 19:16:24.0824 1456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/13 19:16:24.0918 1456 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/13 19:16:25.0074 1456 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/13 19:16:25.0230 1456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/13 19:16:25.0292 1456 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/13 19:16:25.0433 1456 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/13 19:16:25.0511 1456 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/13 19:16:25.0636 1456 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/13 19:16:25.0729 1456 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/13 19:16:25.0854 1456 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/13 19:16:25.0901 1456 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/13 19:16:25.0963 1456 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/13 19:16:26.0104 1456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/13 19:16:26.0291 1456 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/13 19:16:26.0369 1456 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/13 19:16:26.0556 1456 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/13 19:16:26.0634 1456 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/13 19:16:26.0852 1456 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/13 19:16:26.0993 1456 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/13 19:16:27.0149 1456 BCM43XX (df1835935b312efcaa5ebfd1a5ce6711) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/13 19:16:27.0305 1456 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/13 19:16:27.0383 1456 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/13 19:16:27.0445 1456 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/13 19:16:27.0508 1456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/13 19:16:27.0648 1456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/13 19:16:27.0726 1456 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/13 19:16:27.0757 1456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/13 19:16:27.0882 1456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/13 19:16:27.0944 1456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/13 19:16:28.0007 1456 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/13 19:16:28.0178 1456 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/13 19:16:28.0256 1456 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/13 19:16:28.0646 1456 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/13 19:16:28.0740 1456 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/13 19:16:28.0958 1456 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/13 19:16:29.0036 1456 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/13 19:16:29.0114 1456 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/13 19:16:29.0239 1456 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/13 19:16:29.0364 1456 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/13 19:16:29.0458 1456 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/13 19:16:29.0582 1456 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/13 19:16:29.0723 1456 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/13 19:16:29.0801 1456 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/13 19:16:29.0894 1456 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/13 19:16:30.0066 1456 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/13 19:16:30.0144 1456 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/13 19:16:30.0284 1456 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/13 19:16:30.0440 1456 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/13 19:16:30.0706 1456 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/13 19:16:30.0768 1456 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/13 19:16:30.0940 1456 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/13 19:16:30.0971 1456 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/13 19:16:31.0096 1456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/13 19:16:31.0205 1456 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/13 19:16:31.0236 1456 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/13 19:16:31.0298 1456 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/13 19:16:31.0361 1456 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/13 19:16:31.0439 1456 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/13 19:16:31.0501 1456 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/13 19:16:31.0595 1456 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/13 19:16:31.0720 1456 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/13 19:16:31.0813 1456 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/13 19:16:31.0938 1456 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/13 19:16:32.0016 1456 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/13 19:16:32.0125 1456 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/13 19:16:32.0188 1456 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/13 19:16:32.0266 1456 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/13 19:16:32.0406 1456 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/13 19:16:32.0515 1456 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/13 19:16:32.0624 1456 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/13 19:16:32.0765 1456 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/13 19:16:32.0843 1456 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/13 19:16:33.0014 1456 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/13 19:16:33.0155 1456 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/13 19:16:33.0358 1456 igfx (1008c685871f5d108cc8900d6c6a5708) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/13 19:16:33.0607 1456 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/13 19:16:33.0779 1456 IntcAzAudAddService (2a4eb3167a071a67d3f56e94663544ec) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/13 19:16:33.0982 1456 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/13 19:16:34.0060 1456 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/13 19:16:34.0122 1456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/13 19:16:34.0262 1456 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/13 19:16:34.0309 1456 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/13 19:16:34.0340 1456 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/13 19:16:34.0481 1456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/13 19:16:34.0528 1456 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/13 19:16:34.0606 1456 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/13 19:16:34.0715 1456 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/13 19:16:34.0808 1456 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/13 19:16:34.0902 1456 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/13 19:16:35.0074 1456 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/13 19:16:35.0214 1456 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/13 19:16:35.0308 1456 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/13 19:16:35.0401 1456 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/13 19:16:35.0479 1456 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/13 19:16:35.0588 1456 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/13 19:16:35.0744 1456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/13 19:16:35.0838 1456 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/13 19:16:35.0978 1456 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/13 19:16:36.0025 1456 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/13 19:16:36.0103 1456 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/13 19:16:36.0212 1456 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/13 19:16:36.0275 1456 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/13 19:16:36.0415 1456 MpFilter (fbc56c853814eaa196e22edf596a4ebd) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/13 19:16:36.0509 1456 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/13 19:16:36.0571 1456 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/13 19:16:36.0665 1456 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/13 19:16:36.0758 1456 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/13 19:16:36.0852 1456 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/13 19:16:36.0946 1456 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/13 19:16:37.0055 1456 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/13 19:16:37.0133 1456 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/13 19:16:37.0273 1456 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/13 19:16:37.0336 1456 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/13 19:16:37.0398 1456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/13 19:16:37.0460 1456 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/13 19:16:37.0507 1456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/13 19:16:37.0616 1456 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/13 19:16:37.0679 1456 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/13 19:16:37.0741 1456 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/13 19:16:37.0772 1456 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/13 19:16:37.0835 1456 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/13 19:16:37.0866 1456 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/13 19:16:38.0038 1456 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/13 19:16:38.0131 1456 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/13 19:16:38.0256 1456 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/13 19:16:38.0303 1456 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/13 19:16:38.0350 1456 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/13 19:16:38.0396 1456 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/13 19:16:38.0443 1456 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/13 19:16:38.0474 1456 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/13 19:16:38.0552 1456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/13 19:16:38.0708 1456 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/13 19:16:38.0802 1456 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/13 19:16:38.0849 1456 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/13 19:16:38.0974 1456 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/13 19:16:39.0114 1456 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/13 19:16:39.0176 1456 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/13 19:16:39.0317 1456 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/13 19:16:39.0364 1456 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/13 19:16:39.0426 1456 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/13 19:16:39.0613 1456 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/13 19:16:39.0676 1456 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/13 19:16:39.0722 1456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/13 19:16:39.0863 1456 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/13 19:16:39.0925 1456 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/13 19:16:39.0972 1456 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/13 19:16:40.0097 1456 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/13 19:16:40.0144 1456 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/13 19:16:40.0393 1456 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/13 19:16:40.0456 1456 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/13 19:16:40.0565 1456 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/13 19:16:40.0705 1456 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/13 19:16:40.0799 1456 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/13 19:16:40.0970 1456 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/13 19:16:41.0048 1456 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/13 19:16:41.0126 1456 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/13 19:16:41.0204 1456 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/13 19:16:41.0267 1456 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/13 19:16:41.0345 1456 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/13 19:16:41.0423 1456 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/13 19:16:41.0501 1456 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/13 19:16:41.0563 1456 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/13 19:16:41.0610 1456 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/13 19:16:41.0704 1456 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/13 19:16:41.0782 1456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/13 19:16:41.0875 1456 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/13 19:16:41.0953 1456 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/13 19:16:42.0062 1456 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/13 19:16:42.0203 1456 RSPCIESTOR (a606d8730c6aed4ab8ebf22df6efa618) C:\Windows\system32\DRIVERS\RtsPStor.sys
2011/06/13 19:16:42.0328 1456 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/13 19:16:42.0390 1456 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/13 19:16:42.0499 1456 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/13 19:16:42.0577 1456 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/13 19:16:42.0640 1456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/13 19:16:42.0827 1456 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/13 19:16:42.0905 1456 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/13 19:16:43.0030 1456 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/13 19:16:43.0217 1456 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/13 19:16:43.0295 1456 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/13 19:16:43.0404 1456 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/13 19:16:43.0466 1456 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/13 19:16:43.0560 1456 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/13 19:16:43.0669 1456 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/13 19:16:43.0732 1456 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/13 19:16:43.0794 1456 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/13 19:16:43.0903 1456 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/13 19:16:44.0044 1456 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/13 19:16:44.0418 1456 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/13 19:16:44.0496 1456 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/13 19:16:44.0652 1456 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/13 19:16:44.0714 1456 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/13 19:16:44.0792 1456 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/13 19:16:44.0855 1456 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/13 19:16:45.0011 1456 SynTP (e38b97bd4e1c823ff35773ffea42496c) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/13 19:16:45.0182 1456 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/13 19:16:45.0385 1456 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/13 19:16:45.0526 1456 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/13 19:16:45.0572 1456 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/13 19:16:45.0619 1456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/13 19:16:45.0682 1456 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/13 19:16:45.0760 1456 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/13 19:16:46.0009 1456 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/13 19:16:46.0072 1456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/13 19:16:46.0150 1456 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/13 19:16:46.0274 1456 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/13 19:16:46.0368 1456 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/13 19:16:46.0446 1456 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/13 19:16:46.0571 1456 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/13 19:16:46.0664 1456 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/13 19:16:46.0727 1456 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/13 19:16:46.0852 1456 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
2011/06/13 19:16:46.0914 1456 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/13 19:16:46.0976 1456 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2011/06/13 19:16:47.0117 1456 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/13 19:16:47.0164 1456 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/13 19:16:47.0242 1456 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/06/13 19:16:47.0366 1456 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/13 19:16:47.0476 1456 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/13 19:16:47.0538 1456 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/13 19:16:47.0647 1456 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/13 19:16:47.0710 1456 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/13 19:16:47.0772 1456 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/13 19:16:47.0803 1456 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/13 19:16:47.0944 1456 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/13 19:16:48.0022 1456 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys
2011/06/13 19:16:48.0162 1456 VMAUDIO (98e6cc4d5a21db9626a6b738c4f313a5) C:\Windows\system32\drivers\vmaudio.sys
2011/06/13 19:16:48.0240 1456 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/13 19:16:48.0349 1456 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/13 19:16:48.0427 1456 vmci (c2f196b0b0f80ed121fd9146eba2587e) C:\Windows\system32\DRIVERS\vmci.sys
2011/06/13 19:16:48.0536 1456 vmdebug (59909ed99e2d137937c0f93b2201e433) C:\Windows\system32\Drivers\vmdebug.sys
2011/06/13 19:16:48.0630 1456 vmhgfs (16f9f586e12c98bbb52f1257c85cc8e0) C:\Windows\system32\DRIVERS\vmhgfs.sys
2011/06/13 19:16:48.0724 1456 VMMEMCTL (04911e98a5c312fbc55cec9ea4f62423) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
2011/06/13 19:16:48.0833 1456 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys
2011/06/13 19:16:48.0958 1456 vmrawdsk (26a4a3f5f239a0696b189b555c84295e) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
2011/06/13 19:16:49.0082 1456 vmscsi (19754658f7958e31f00f0227f87daf1d) C:\Windows\system32\DRIVERS\vmscsi.sys
2011/06/13 19:16:49.0207 1456 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/13 19:16:49.0316 1456 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/13 19:16:49.0410 1456 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/13 19:16:49.0519 1456 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/13 19:16:49.0613 1456 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/13 19:16:49.0675 1456 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/13 19:16:49.0800 1456 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/13 19:16:49.0925 1456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 19:16:49.0956 1456 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 19:16:50.0174 1456 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/13 19:16:50.0268 1456 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/13 19:16:50.0518 1456 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/13 19:16:50.0549 1456 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/13 19:16:50.0752 1456 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/13 19:16:50.0908 1456 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/13 19:16:51.0064 1456 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/13 19:16:51.0220 1456 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/13 19:16:51.0313 1456 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/13 19:16:51.0469 1456 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/13 19:16:51.0500 1456 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/13 19:16:51.0516 1456 ================================================================================
2011/06/13 19:16:51.0516 1456 Scan finished
2011/06/13 19:16:51.0516 1456 ================================================================================
2011/06/13 19:16:51.0563 0764 Detected object count: 1
2011/06/13 19:16:51.0563 0764 Actual detected object count: 1
2011/06/13 19:17:05.0774 0764 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/13 19:17:05.0774 0764 \Device\Harddisk0\DR0 - ok
2011/06/13 19:17:05.0774 0764 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/13 19:17:14.0432 1056 Deinitialize success

Here's the log for ESET scanner:

C:\Windows\explorer.exe a variant of Win32/SpamTool.Agent.NER trojan unable to clean
C:\Windows\System32\config\systemprofile\AppData\Local\ssj.exe a variant of Win32/Kryptik.OXU trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5MYLZVC\reader_ec234[1].exe a variant of Win32/Kryptik.OXU trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\KB284842.exe a variant of Win32/Injector.GVT trojan cleaned by deleting - quarantined
C:\Windows\Temp\idbe\setup.exe a variant of Win32/Nervos.C trojan cleaned by deleting - quarantined
C:\Windows\Temp\kdfm\setup.exe a variant of Win32/Injector.GVT trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/SpamTool.Agent.NER trojan


Should I remove explorer.exe from my laptop? The log lists it as a trojan. Also, should I leave the other tools I had to install?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:00 AM

Posted 13 June 2011 - 09:53 PM

Hello you can remove the explorer.exe,Tdss and ESET as thet need to be loaded fresh with each use.

We have one problem.

SpamTool.Agent uses the infected machine to send spam emails to other parties with its own smtp engine. It also hijacks the Layered Service Provider (LSP) chain to monitor network traffic for emails addresses. Your machine is a Zombie

ThreatExpert

To kill its ability
We need a deeper look. Please go here.... Start a new topic titled I have a Zombie Computer.
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Edited by boopme, 13 June 2011 - 09:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 13 June 2011 - 11:55 PM

I was able to run Gmer and I included that log along with the DDS log in my new topic.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:00 AM

Posted 14 June 2011 - 09:18 AM

Thanks,it will be a few days before your reply but they will.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users