Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP SP 3 Virus's and Trojan infections


  • Please log in to reply
20 replies to this topic

#1 DTinSL

DTinSL

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 June 2011 - 10:04 PM

Wife's PC is running Windows XP and we have been relying on Microsoft Security Essentials to help protect the PC. Some malware and or virus's have slipped through and infected the system.

Her PC seems to be locked up when booting in normal mode. We are not able to run our normal programs. We keep getting messages that the application was infected and it would close out.

I shut down the PC and booted up in safe mode. I am able to bring up MSCONFIG and unchecked all items in the startup tab. This allowed me to boot up in normal mode with out the virus warning. I downloaded McAfee Security Scan Plus, Microsoft Security Essentials, and MalwareBytes.

I ran McAfee Security Scan Plus and it found several Trojans infections. I attempted to clean using Microsoft Security Essentials and MalwareBytes.

Found the following with updated Microsoft Security Essentials definitions file 1.105.1563.0 for both virus and spy-ware definitions.

Trojan:DOS/Alureon.A -> Quarantined
Trojan:Win32/Alureon.CD -> Removed
Trojan:Win32/Wimpixo.E -> Removed
TrojanClicker:HTML/IFrame.J -> Removed

MalwareBytes Anti-Malware found and either Quarantined or removed the following:

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 21

Almost every file and shortcut is marked hidden. All of my program list has been stripped out with the exception of a few programs I have reinstalled to try and clean this mess up.

Any help and suggestions on what to do next?

BC AdBot (Login to Remove)

 


#2 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 June 2011 - 10:11 PM

I updated Malwarebytes's Anti-Malware again and now I am getting an error that says:
An error has occured. Please report this error code to ou rsupport team. PROGRAM_ERROR_UPDATING (5,0,CreateFile) Access is denied. OK button. This occured after the update reached 100%

Running another Full scan on all local hard drives C: D: F: and P:

#3 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 June 2011 - 10:32 PM

MSSE (Microsoft Security Essentials) found file: C:\WINDOWS\Temp\568.exe infected with Trojan:Win32/Alureon.EZ Alert level Severe status succeeded Recommended action Remove and request reboot to complete the process.

#4 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 09 June 2011 - 10:01 PM

I ran a full malwarebytes scan on all local drives and found 3 more infecitons:
Rootkit.TDSS in c:\system volume information\_restore{a bunch of numbers and letters}
Trojan.Agent in c:\WINDOWS\Temp\568.exe
Trojan.Agent in c:\WINDOWS\Temp\569.dll

All three files have no action taken.

I selected Remove Selected and all three were Quarantined and deleted successfully.

Reboot was required

Rebooted the pc and logged back in and ran Rkill to keep troubleshooting.

Running another Microsoft Security Essentials scann on all local drives to see what can be detected, will post what I find.

#5 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 June 2011 - 08:04 PM

I downloaded and updated Spybot - Search & Destroy. Ran a full scan on all drives and it detected 151 results. I am a bit afraid to do anything at this point going forward. This is where I am today and can use some expert help going forward on the next step. I have not fixed the items in Spybot S&D.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 11 June 2011 - 09:07 AM

Hello, sorry for the wait,but as you made so many replies it appears as if you have help.

Let's do this hopefully all in Normal mode,if not use Safe Mode.
I do need to see these complete logs.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 June 2011 - 04:48 PM

TDSSKiller Version 2.5.4.0 ran no infections found.
2011/06/11 12:10:04.0504 0916 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 12:10:04.0884 0916 ================================================================================
2011/06/11 12:10:04.0884 0916 SystemInfo:
2011/06/11 12:10:04.0884 0916
2011/06/11 12:10:04.0884 0916 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/11 12:10:04.0884 0916 Product type: Workstation
2011/06/11 12:10:04.0884 0916 ComputerName: COLES
2011/06/11 12:10:04.0884 0916 UserName: Owner
2011/06/11 12:10:04.0884 0916 Windows directory: C:\WINDOWS
2011/06/11 12:10:04.0884 0916 System windows directory: C:\WINDOWS
2011/06/11 12:10:04.0884 0916 Processor architecture: Intel x86
2011/06/11 12:10:04.0884 0916 Number of processors: 1
2011/06/11 12:10:04.0884 0916 Page size: 0x1000
2011/06/11 12:10:04.0884 0916 Boot type: Normal boot
2011/06/11 12:10:04.0884 0916 ================================================================================
2011/06/11 12:10:07.0167 0916 Initialize success
2011/06/11 12:10:10.0102 3172 ================================================================================
2011/06/11 12:10:10.0102 3172 Scan started
2011/06/11 12:10:10.0102 3172 Mode: Manual;
2011/06/11 12:10:10.0102 3172 ================================================================================
2011/06/11 12:10:11.0363 3172 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/11 12:10:11.0554 3172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/11 12:10:11.0704 3172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/11 12:10:11.0764 3172 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/11 12:10:11.0874 3172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/11 12:10:11.0944 3172 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/11 12:10:12.0034 3172 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/11 12:10:12.0155 3172 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/11 12:10:12.0195 3172 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/11 12:10:12.0245 3172 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/11 12:10:12.0285 3172 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/11 12:10:12.0345 3172 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/11 12:10:12.0395 3172 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/11 12:10:12.0435 3172 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/11 12:10:12.0485 3172 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/11 12:10:12.0595 3172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/11 12:10:12.0645 3172 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/11 12:10:12.0695 3172 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/11 12:10:12.0735 3172 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/11 12:10:12.0866 3172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/11 12:10:12.0916 3172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/11 12:10:13.0076 3172 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
2011/06/11 12:10:13.0226 3172 ATICXCAP (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/06/11 12:10:13.0326 3172 ATICXTUN (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/06/11 12:10:13.0487 3172 ATICXXBR (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/06/11 12:10:13.0597 3172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/11 12:10:13.0727 3172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/11 12:10:13.0797 3172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/11 12:10:13.0897 3172 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/11 12:10:13.0947 3172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/11 12:10:14.0007 3172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/11 12:10:14.0057 3172 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/11 12:10:14.0107 3172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/11 12:10:14.0168 3172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/11 12:10:14.0238 3172 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/06/11 12:10:14.0288 3172 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/06/11 12:10:14.0328 3172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/11 12:10:14.0458 3172 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/11 12:10:14.0538 3172 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/11 12:10:14.0618 3172 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/11 12:10:14.0648 3172 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/11 12:10:14.0728 3172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/11 12:10:14.0818 3172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/11 12:10:14.0919 3172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/11 12:10:15.0069 3172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/11 12:10:15.0229 3172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/11 12:10:15.0419 3172 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/11 12:10:15.0459 3172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/11 12:10:15.0529 3172 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/11 12:10:15.0750 3172 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/11 12:10:15.0800 3172 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/11 12:10:15.0930 3172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/11 12:10:16.0070 3172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/11 12:10:16.0160 3172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/11 12:10:16.0241 3172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/11 12:10:16.0301 3172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/11 12:10:16.0401 3172 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/06/11 12:10:16.0521 3172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/11 12:10:16.0651 3172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/11 12:10:16.0811 3172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/11 12:10:16.0972 3172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/11 12:10:17.0112 3172 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/11 12:10:17.0192 3172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/11 12:10:17.0272 3172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/11 12:10:17.0342 3172 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/11 12:10:17.0472 3172 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/11 12:10:17.0502 3172 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/11 12:10:17.0572 3172 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/11 12:10:17.0643 3172 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/11 12:10:17.0733 3172 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/11 12:10:17.0923 3172 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/11 12:10:18.0023 3172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/11 12:10:18.0143 3172 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/11 12:10:18.0213 3172 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/11 12:10:18.0283 3172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/11 12:10:18.0434 3172 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/11 12:10:18.0614 3172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/11 12:10:18.0814 3172 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/11 12:10:18.0974 3172 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/11 12:10:19.0045 3172 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/11 12:10:19.0145 3172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/11 12:10:19.0205 3172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/11 12:10:19.0255 3172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/11 12:10:19.0315 3172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/11 12:10:19.0375 3172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/11 12:10:19.0455 3172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/11 12:10:19.0525 3172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/11 12:10:19.0615 3172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/11 12:10:19.0756 3172 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/11 12:10:19.0816 3172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/11 12:10:19.0916 3172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/11 12:10:20.0056 3172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/11 12:10:20.0226 3172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/11 12:10:20.0557 3172 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/06/11 12:10:20.0657 3172 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/06/11 12:10:20.0747 3172 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/06/11 12:10:20.0857 3172 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/11 12:10:20.0947 3172 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/11 12:10:21.0017 3172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/11 12:10:21.0118 3172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/11 12:10:21.0198 3172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/11 12:10:21.0258 3172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/11 12:10:21.0308 3172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/11 12:10:21.0398 3172 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/11 12:10:21.0558 3172 MpKsl5daefa74 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22F0066D-FFCA-4F80-8588-A1479F492FE0}\MpKsl5daefa74.sys
2011/06/11 12:10:21.0819 3172 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/11 12:10:22.0009 3172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/11 12:10:22.0149 3172 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/11 12:10:22.0279 3172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/11 12:10:22.0369 3172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/11 12:10:22.0429 3172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/11 12:10:22.0489 3172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/11 12:10:22.0570 3172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/11 12:10:22.0630 3172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/11 12:10:22.0680 3172 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/11 12:10:22.0730 3172 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/06/11 12:10:22.0780 3172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/11 12:10:22.0850 3172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/11 12:10:22.0900 3172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/11 12:10:22.0940 3172 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/11 12:10:23.0000 3172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/11 12:10:23.0040 3172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/11 12:10:23.0090 3172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/11 12:10:23.0191 3172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/11 12:10:23.0271 3172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/11 12:10:23.0551 3172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/11 12:10:23.0781 3172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/11 12:10:23.0932 3172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/11 12:10:24.0052 3172 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/06/11 12:10:24.0122 3172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/11 12:10:24.0232 3172 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/11 12:10:24.0332 3172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/11 12:10:24.0382 3172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/11 12:10:24.0422 3172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/11 12:10:24.0522 3172 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/11 12:10:24.0583 3172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/11 12:10:24.0643 3172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/11 12:10:24.0693 3172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/11 12:10:24.0783 3172 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/06/11 12:10:24.0833 3172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/11 12:10:25.0023 3172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/11 12:10:25.0193 3172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/11 12:10:25.0624 3172 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/11 12:10:25.0674 3172 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/11 12:10:25.0844 3172 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/06/11 12:10:25.0954 3172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/11 12:10:26.0045 3172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/11 12:10:26.0095 3172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/11 12:10:26.0185 3172 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/11 12:10:26.0245 3172 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/11 12:10:26.0305 3172 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/11 12:10:26.0345 3172 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/11 12:10:26.0385 3172 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/11 12:10:26.0425 3172 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/11 12:10:26.0475 3172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/11 12:10:26.0535 3172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/11 12:10:26.0716 3172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/11 12:10:26.0836 3172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/11 12:10:26.0996 3172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/11 12:10:27.0166 3172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/11 12:10:27.0276 3172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/11 12:10:27.0377 3172 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/11 12:10:27.0457 3172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/11 12:10:27.0757 3172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/11 12:10:27.0847 3172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/11 12:10:27.0887 3172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/11 12:10:27.0987 3172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/11 12:10:28.0128 3172 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/11 12:10:28.0218 3172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/11 12:10:28.0328 3172 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/11 12:10:28.0458 3172 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/11 12:10:28.0578 3172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/11 12:10:28.0799 3172 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/06/11 12:10:28.0929 3172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/11 12:10:29.0029 3172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/11 12:10:29.0129 3172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/11 12:10:29.0209 3172 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/06/11 12:10:29.0329 3172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/11 12:10:29.0490 3172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/11 12:10:29.0580 3172 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/11 12:10:29.0680 3172 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/11 12:10:29.0730 3172 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/11 12:10:29.0790 3172 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/11 12:10:29.0850 3172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/11 12:10:30.0010 3172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/11 12:10:30.0100 3172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/11 12:10:30.0191 3172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/11 12:10:30.0301 3172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/11 12:10:30.0481 3172 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/11 12:10:30.0601 3172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/11 12:10:30.0751 3172 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/11 12:10:30.0862 3172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/11 12:10:31.0012 3172 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/11 12:10:31.0092 3172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/11 12:10:31.0152 3172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/11 12:10:31.0222 3172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/11 12:10:31.0292 3172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/11 12:10:31.0362 3172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/11 12:10:31.0442 3172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/11 12:10:31.0532 3172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/11 12:10:31.0593 3172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/11 12:10:31.0683 3172 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/11 12:10:31.0743 3172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/11 12:10:31.0813 3172 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/11 12:10:31.0933 3172 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/11 12:10:32.0053 3172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/11 12:10:32.0314 3172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/11 12:10:32.0414 3172 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/11 12:10:32.0514 3172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/11 12:10:32.0624 3172 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/11 12:10:32.0764 3172 WinDriver6 (8741604ecc3c006b7d2f769bf55dea9a) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/06/11 12:10:32.0975 3172 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/11 12:10:33.0075 3172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/11 12:10:33.0235 3172 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/06/11 12:10:33.0275 3172 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/11 12:10:33.0295 3172 ================================================================================
2011/06/11 12:10:33.0295 3172 Scan finished
2011/06/11 12:10:33.0295 3172 ================================================================================
2011/06/11 12:10:33.0375 1868 Detected object count: 0
2011/06/11 12:10:33.0375 1868 Actual detected object count: 0
2011/06/11 14:21:25.0526 2992 ================================================================================
2011/06/11 14:21:25.0526 2992 Scan started
2011/06/11 14:21:25.0526 2992 Mode: Manual;
2011/06/11 14:21:25.0526 2992 ================================================================================
2011/06/11 14:21:26.0227 2992 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/11 14:21:26.0317 2992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/11 14:21:26.0357 2992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/11 14:21:26.0407 2992 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/11 14:21:26.0497 2992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/11 14:21:26.0567 2992 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/11 14:21:26.0628 2992 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/11 14:21:26.0688 2992 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/11 14:21:26.0718 2992 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/11 14:21:26.0838 2992 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/11 14:21:26.0968 2992 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/11 14:21:27.0148 2992 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/11 14:21:27.0268 2992 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/11 14:21:27.0369 2992 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/11 14:21:27.0419 2992 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/11 14:21:27.0499 2992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/11 14:21:27.0539 2992 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/11 14:21:27.0579 2992 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/11 14:21:27.0629 2992 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/11 14:21:27.0749 2992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/11 14:21:27.0809 2992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/11 14:21:27.0929 2992 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
2011/06/11 14:21:28.0020 2992 ATICXCAP (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/06/11 14:21:28.0070 2992 ATICXTUN (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/06/11 14:21:28.0190 2992 ATICXXBR (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/06/11 14:21:28.0260 2992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/11 14:21:28.0350 2992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/11 14:21:28.0510 2992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/11 14:21:28.0671 2992 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/11 14:21:28.0771 2992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/11 14:21:28.0961 2992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/11 14:21:29.0101 2992 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/11 14:21:29.0171 2992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/11 14:21:29.0231 2992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/11 14:21:29.0301 2992 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/06/11 14:21:29.0372 2992 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/06/11 14:21:29.0442 2992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/11 14:21:29.0592 2992 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/11 14:21:29.0672 2992 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/11 14:21:29.0752 2992 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/11 14:21:29.0802 2992 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/11 14:21:29.0932 2992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/11 14:21:30.0042 2992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/11 14:21:30.0123 2992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/11 14:21:30.0213 2992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/11 14:21:30.0323 2992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/11 14:21:30.0413 2992 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/11 14:21:30.0533 2992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/11 14:21:30.0603 2992 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/11 14:21:30.0824 2992 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/11 14:21:30.0904 2992 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/11 14:21:31.0034 2992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/11 14:21:31.0104 2992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/11 14:21:31.0184 2992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/11 14:21:31.0244 2992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/11 14:21:31.0354 2992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/11 14:21:31.0455 2992 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/06/11 14:21:31.0595 2992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/11 14:21:31.0655 2992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/11 14:21:31.0715 2992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/11 14:21:31.0805 2992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/11 14:21:31.0915 2992 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/11 14:21:31.0975 2992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/11 14:21:32.0065 2992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/11 14:21:32.0246 2992 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/11 14:21:32.0466 2992 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/11 14:21:32.0586 2992 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/11 14:21:32.0676 2992 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/11 14:21:32.0746 2992 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/11 14:21:32.0836 2992 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/11 14:21:32.0957 2992 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/11 14:21:33.0047 2992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/11 14:21:33.0167 2992 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/11 14:21:33.0267 2992 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/11 14:21:33.0337 2992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/11 14:21:33.0447 2992 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/11 14:21:33.0538 2992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/11 14:21:33.0648 2992 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/11 14:21:33.0828 2992 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/11 14:21:33.0938 2992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/11 14:21:34.0068 2992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/11 14:21:34.0138 2992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/11 14:21:34.0208 2992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/11 14:21:34.0329 2992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/11 14:21:34.0419 2992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/11 14:21:34.0499 2992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/11 14:21:34.0619 2992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/11 14:21:34.0699 2992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/11 14:21:34.0809 2992 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/11 14:21:34.0859 2992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/11 14:21:34.0919 2992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/11 14:21:35.0010 2992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/11 14:21:35.0090 2992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/11 14:21:35.0350 2992 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/06/11 14:21:35.0450 2992 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/06/11 14:21:35.0530 2992 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/06/11 14:21:35.0691 2992 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/11 14:21:35.0811 2992 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/11 14:21:35.0981 2992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/11 14:21:36.0161 2992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/11 14:21:36.0241 2992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/11 14:21:36.0322 2992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/11 14:21:36.0372 2992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/11 14:21:36.0442 2992 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/11 14:21:36.0592 2992 MpKsl5daefa74 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22F0066D-FFCA-4F80-8588-A1479F492FE0}\MpKsl5daefa74.sys
2011/06/11 14:21:36.0772 2992 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/11 14:21:36.0862 2992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/11 14:21:36.0952 2992 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/11 14:21:37.0083 2992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/11 14:21:37.0163 2992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/11 14:21:37.0313 2992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/11 14:21:37.0443 2992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/11 14:21:37.0573 2992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/11 14:21:37.0744 2992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/11 14:21:37.0804 2992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/11 14:21:37.0884 2992 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/06/11 14:21:37.0924 2992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/11 14:21:37.0984 2992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/11 14:21:38.0034 2992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/11 14:21:38.0064 2992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/11 14:21:38.0154 2992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/11 14:21:38.0234 2992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/11 14:21:38.0294 2992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/11 14:21:38.0394 2992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/11 14:21:38.0465 2992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/11 14:21:38.0605 2992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/11 14:21:38.0705 2992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/11 14:21:38.0795 2992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/11 14:21:39.0035 2992 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/06/11 14:21:39.0126 2992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/11 14:21:39.0366 2992 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/11 14:21:39.0476 2992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/11 14:21:39.0536 2992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/11 14:21:39.0606 2992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/11 14:21:39.0696 2992 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/11 14:21:39.0756 2992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/11 14:21:39.0797 2992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/11 14:21:39.0877 2992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/11 14:21:39.0967 2992 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/06/11 14:21:40.0017 2992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/11 14:21:40.0157 2992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/11 14:21:40.0237 2992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/11 14:21:40.0508 2992 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/11 14:21:40.0638 2992 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/11 14:21:41.0008 2992 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/06/11 14:21:41.0138 2992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/11 14:21:41.0229 2992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/11 14:21:41.0289 2992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/11 14:21:41.0509 2992 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/11 14:21:41.0569 2992 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/11 14:21:41.0619 2992 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/11 14:21:41.0689 2992 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/11 14:21:41.0719 2992 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/11 14:21:41.0769 2992 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/11 14:21:41.0819 2992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/11 14:21:41.0880 2992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/11 14:21:41.0930 2992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/11 14:21:41.0980 2992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/11 14:21:42.0080 2992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/11 14:21:42.0170 2992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/11 14:21:42.0340 2992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/11 14:21:42.0520 2992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/11 14:21:42.0701 2992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/11 14:21:42.0981 2992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/11 14:21:43.0051 2992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/11 14:21:43.0101 2992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/11 14:21:43.0211 2992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/11 14:21:43.0352 2992 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/11 14:21:43.0402 2992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/11 14:21:43.0462 2992 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/11 14:21:43.0522 2992 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/11 14:21:43.0582 2992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/11 14:21:43.0692 2992 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/06/11 14:21:43.0912 2992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/11 14:21:44.0013 2992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/11 14:21:44.0203 2992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/11 14:21:44.0343 2992 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/06/11 14:21:44.0413 2992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/11 14:21:44.0463 2992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/11 14:21:44.0543 2992 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/11 14:21:44.0603 2992 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/11 14:21:44.0643 2992 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/11 14:21:44.0684 2992 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/11 14:21:44.0764 2992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/11 14:21:44.0884 2992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/11 14:21:44.0964 2992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/11 14:21:45.0024 2992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/11 14:21:45.0094 2992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/11 14:21:45.0204 2992 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/11 14:21:45.0314 2992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/11 14:21:45.0354 2992 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/11 14:21:45.0445 2992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/11 14:21:45.0665 2992 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/11 14:21:45.0795 2992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/11 14:21:46.0015 2992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/11 14:21:46.0076 2992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/11 14:21:46.0136 2992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/11 14:21:46.0216 2992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/11 14:21:46.0286 2992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/11 14:21:46.0406 2992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/11 14:21:46.0456 2992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/11 14:21:46.0556 2992 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/11 14:21:46.0656 2992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/11 14:21:46.0716 2992 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/11 14:21:46.0757 2992 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/11 14:21:46.0837 2992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/11 14:21:46.0927 2992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/11 14:21:46.0977 2992 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/11 14:21:47.0207 2992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/11 14:21:47.0387 2992 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/11 14:21:47.0638 2992 WinDriver6 (8741604ecc3c006b7d2f769bf55dea9a) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/06/11 14:21:47.0868 2992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/11 14:21:47.0968 2992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/11 14:21:48.0098 2992 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/06/11 14:21:48.0149 2992 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/11 14:21:48.0179 2992 ================================================================================
2011/06/11 14:21:48.0179 2992 Scan finished
2011/06/11 14:21:48.0179 2992 ================================================================================
2011/06/11 14:21:48.0229 2072 Detected object count: 0
2011/06/11 14:21:48.0229 2072 Actual detected object count: 0
2011/06/11 14:21:52.0725 1252 Deinitialize success


Mbam clean ran rebooted
downloaded Malwarebytes' Anti-Malware 1.51.0.1200 from the link you provided and ran the update no infections found.

Seems like the pc is clean but still not certain.
need to repair profram files (missing all applicaitons)
all files and folders are marked hidden and or read only as well.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/11/2011 5:07:19 PM
mbam-log-2011-06-11 (17-07-19).txt

Scan type: Quick scan
Objects scanned: 169957
Time elapsed: 15 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have a Windows Security Alerts Shield in the sys tray that is red and has a white x in it. (indicating firewall is turned off)
DTinSL

Edited by DTinSL, 11 June 2011 - 07:33 PM.


#8 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 13 June 2011 - 08:26 PM

Boopme any suggestions on how to get all of the files and folder changed back to normal the are all marked read only or hidden. And What is the best way to recover programs that were removed from the Start -> All Programs they have all been removed from the list.

DTinSL

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 13 June 2011 - 10:00 PM

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe


Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 13 June 2011 - 11:52 PM

cool that worked for the most part. Desktop, files and folders are no longer grayed out.

All programs are back in the All Programs section however most of the apps are (empty)

System tools are empty as well.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 14 June 2011 - 02:59 PM

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 June 2011 - 08:44 PM

I did the following for Windows XP

To enable the viewing of Hidden files follow these steps:

1.Close all programs so that you are at your desktop.
2.Double-click on the My Computer icon.
3.Select the Tools menu and click Folder Options.
4.After the new window appears select the View tab.
5.Put a checkmark in the checkbox labeled Display the contents of system folders.
6.Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7.Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8.Remove the checkmark from the checkbox labeled Hide protected operating system files.
9.Press the Apply button and then the OK button and shutdown My Computer.
10.Now your computer is configured to show all hidden files.

No change still missing folder contents for all programs listed in Start -> All Programs.

The top directory folder shows up but no contents beyond that. If the folder in All Programs has folders those are visible but inside those folder it's empty.

If I double click on a word document it does open up in MS Word but it is not listed in the All Programs list. So I think the appliations are still on the computer just not sure where they should be so that Program Files displays correctly.

Are there any others scans I need to run to ensure all malware and virus's are gone?

#13 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 June 2011 - 09:27 PM

I did a search for Administrative tools and found 3 locations:
C:\Document and Settings\All Users\Start Menu\Programs
C:\Document and Settings\Owner\Start Menu\Programs
C:\Windows\Temp\smtmp\1\Programs

Also found while looking in the temp folder the following:
C:\Windows\Temp\smtmp\2
C:\Windows\Temp\smtmp\4

Where do these files in these folders belong and should I put them back or is there a recover program that I can run that will do this?

#14 DTinSL

DTinSL
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 15 June 2011 - 10:19 PM

Boopme any idea on how to get system restore to work again?
When I try to bring up system restore i get a message that it can not run and a reboot is required. I reboot and the same error occurs.
I get an error message "error 5" when I try to start the system restore service under services.

I think this is the last part to resolve unless you think I should additional scanners. So far no more infections are detected.

Thank you for your help and direction.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 16 June 2011 - 10:14 AM

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users