Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible TDL3 Infection, Keyloggers


  • Please log in to reply
11 replies to this topic

#1 Muttz

Muttz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 24 June 2011 - 03:38 PM

Hello. I've been here several times, but never posted before. Generally, I'm good at getting rid of malware. I just follow the guides and no problem. But, whatever I have had since last fall, I can't get rid of it. I didn't even know what to ask. This thing is so stealth, almost nothing can detect it. Quite frankly, I was scared to tell anyone what was going on. I thought that everyone would just think that I was crazy. I have been hacked. DDS seems to think that it is a TDL3 infection.

I had to remove several fake AV infections for a friend. I'm not doing it anymore. I cannot convince this woman that the popups are causing her problems. She thinks that they are messages from her own AV and I can't convince her otherwise. Somewhere along the line, it got into my network and I can't get rid of it.

It started in my XP netbook. The internet slowed to a crawl first, then the machine itself. Eventually, it was so slow it was unusable. I was running Norton at the time. It found nothing. Neither did malwarebytes or anything else. Any type of security software shut down. I tried repeating the procedures that I had used to get the fake AV's out of my friend's machine. It didn't work.

I reformatted as I do when I am not sure that an infection is gone. All was fine for a few days, then it came back. Reformat, rinse and repeat over and over again. I wiped the drive, as much as I could without removing the recovery partition. I also changed the wireless password, a 63 character random string and my ip address in the router several times. It just came back.

Meanwhile, it spread to everything in the house. The harder that i tried to get rid of it, the worse things got.
The home theatre pc was next. It exhibited all of the above symptoms first. It was reformatted too. The fan on the heatsink then died, or so I thought. I replaced it and the replacement died days later. The Pentium D got so hot it burned the board. I changed the board and processor and swapped out the power supply with a known good one off my bench. It lasted a few days and that died too. I believe that the fans were being shut down somehow. It was clean inside. That's a regular thing around here. I have two dogs and a cat.

The desktop started just after the home theatre. I was going at both of them at the same time. Same as above, slowdowns, all security software shut down. The front USB ports stopped working. The dvd burner, a mobo and a video card went next. I had two video cards in SLI. One survived. I replaced the mobo and have only turned that machine on about once a month since December. I checked the logs in the router one day from that machine and watched the network card go into promiscuous mode. I hit the button on the power supply. I wanted to shut it off ASAP.
That router, by the way, died shortly afterwards.

There is also a dual core Athlon notebook here. That runs Vista or used to. I tried to boot it one day and it wouldn't. It also wouldn't boot from either a Windows or Ubuntu DVD from the internal DVD drive. I thought that it was dead. I plugged in a USB burner and it booted into the Ubuntu disk right away. The hard drive was corrupted and so was the MBR. I reinstalled Vista. Same thing happened again a few days later. It now has Ubuntu on it. No more problems.

The cable modem was the next victim. It just stopped working. The tech left me on hold for about 15 minutes while he talked to his boss. When he pinged the modem, it returned a string of weird characters that neither one had ever seen before. Both of them were freaked right out.

Speaking of being freaked out, I pulled out an old P4 laptop. (Running out of equipment, at this point). I went on the web, updated everything and the pages started to scroll on their own after a few minutes. I saw the webcam start up. I flipped the bird, and my Ukrainian friend started yelling at the screen in Russian. I shut it down and of course, reformatted.

The XP netbook got killed a few days later. As soon as I started it up, the CPU temp would just climb up to 90 degrees C almost immediately. The mobo gave out.

I got a new netbook running Win 7 Starter. I put in the AV, attached a cable and went online to get my updates. Immediately after, I did a system image. The @#@$% thing was trashed within two hours. Norton had expired and I tried MS Security Essentials. It just shut it down. I got in the car and bought a copy of ESET. That found several trojans, trojan droppers and a keylogger on the first run, all related to fake AV infections. It never found anything again. Within two weeks, it was trashed again. I came here and ran DDS and GMER. It seemed to indicate a keylogger was still present and TDL3 was suspected. Tried TDD Killer and Hitman Pro. Nope. Ran ComboFix and trashed it. I pulled out my System Image, reformatted it and I think that the Image is infected. I ran TDL3 and GMER right away. It looks to me like I still have a keylogger and TDL3 may be present.

I installed Anonymizer Universal last week because I was scared of everything that is going on. That is now shutting itself off and will not reconnect when connected to my home network. I tethered my phone to the netbook and it works ok. Took it to McDonald's, it also works ok there.

Sorry for the long post, but this is what happened. Here are my logs from the new netbook:

DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USER at 15:05:16 on 2011-06-23
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2036.1272 [GMT -4:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\{2C4A57D6-4F0C-49A4-9A3F-89423FD797DC}\Anonymizer_Universal_Setup.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Anonymizer Universal] c:\program files\anonymizer\anonymizer universal\Anonymizer Universal.exe /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{00102A2A-9972-452D-B8C7-06B0ABF5CA0A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E746CBA7-25F0-43B5-978F-FBE6D3933C4E} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\61cmexs2.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.my.msn.com/?lang=en-ca
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-3-25 81920]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-1-19 330488]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-25 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-4-12 228408]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2010-1-19 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2010-1-19 206848]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2010-1-19 106368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-25 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-25 204288]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-5 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2011-06-23 17:57:23 -------- d-----w- c:\users\user\appdata\roaming\Anonymizer
2011-06-23 17:57:10 -------- d-----w- c:\programdata\Anonymizer
2011-06-23 17:57:10 -------- d-----w- c:\program files\Anonymizer
2011-06-23 17:57:06 -------- dc-h--w- c:\programdata\{2C4A57D6-4F0C-49A4-9A3F-89423FD797DC}
2011-06-23 17:56:40 -------- d-----w- c:\users\user\appdata\local\PackageAware
2011-06-23 06:38:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-23 06:38:00 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-23 06:37:58 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-23 06:36:05 -------- d-----w- c:\users\user\appdata\roaming\Verizon Wireless
.
==================== Find3M ====================
.
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-06 00:56:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-06 00:56:00 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-06 00:56:00 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-06 00:56:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-05 22:48:37 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST925041 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x81A03000]<< >>UNKNOWN [0x8842F000]<< >>UNKNOWN [0x89270000]<< >>UNKNOWN [0x88283000]<< >>UNKNOWN [0x81E15000]<< >>UNKNOWN [0x88614000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x81A3A52F] -> \Device\Harddisk0\DR0[0x857A8AC8]
\Driver\Disk[0x857A79A8] -> IRP_MJ_CREATE -> 0x8843339F
3 [0x8843359E] -> ntkrnlpa!IofCallDriver[0x81A3A52F] -> [0x84DA4900]
\Driver\ACPI[0x840AE030] -> IRP_MJ_CREATE -> 0x8828C4CC
5 [0x8828C3D4] -> ntkrnlpa!IofCallDriver[0x81A3A52F] -> \Device\Ide\IAAStorageDevice-0[0x84D50028]
\Driver\iaStor[0x84D37F38] -> IRP_MJ_CREATE -> 0x8865892E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:06:36.51 ===============

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-23 16:44:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925041 rev.0006
Running: gmer.exe; Driver: C:\Users\USER\AppData\Local\Temp\pgddqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81A91339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81ACAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A734B000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A734B123 629 Bytes [65, 34, A7, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A734B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A734B3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A734B4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1052] ntdll.dll!LdrLoadDll 777B22B8 5 Bytes JMP 003D1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1052] USER32.dll!GetWindowInfo 762A4B5E 5 Bytes JMP 64BA9437 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 77233D01 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe[2928] KERNEL32.dll!LoadLibraryExW 77224775 5 Bytes JMP 10005B50 C:\Program Files\Anonymizer\Anonymizer Universal\Anonymizer.System.dll (rscoree/Remotesoft, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000071 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000098 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000009a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78e400ff082c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcb9c40af
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78e400ff082c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcb9c40af (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Edited by Muttz, 24 June 2011 - 03:46 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 02 July 2011 - 07:28 AM

hi,

Based on the log you have a rootkit on board. You shouldnt really use the machine until its clean. It also should have no network connectivity, if you not sure how to stop connectivity then I would just power it off. You post is a few days old, simply reply back if you still need help.

How Can I Reduce My Risk to Malware?


#3 Muttz

Muttz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 02 July 2011 - 10:23 AM

Thank you so much for the reply. As you can see from my post, I'm a little freaked out. I've been fighting this thing since last November and I should have asked for help a long time ago. That's only one computer. There are several in this house and EVERYTHING is infected. I have Ubuntu on a laptop, so I'll use that until I am sure that everything is clean.

Do you have any idea what this is? How do I get rid of it? Like I said, I had just reformatted that machine before I made those logs and I won't have two machines online at the same time right now, so it didn't get reinfected from the network.

I am wondering if whatever this is got into the recovery partition on that netbook. I've never liked that. I made the recovery disks when I bought it. However, some of these computers that have the recovery partitions, if you delete the partition, you can't reinstall Windows even with the recovery disks.

I'm ok with whatever needs to be done. Generally, I am really good at getting rid of this stuff. This thing has me stumped completely.

I have wiped some of my drives and overwritten them with 0's. It just seems to come back within minutes of going on the Internet and I don't go online until the antivirus is installed and the Windows Service packs are in.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 02 July 2011 - 03:05 PM

Download and run Tdsskiller which will remove the rootkit.

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk © as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#5 Muttz

Muttz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 03 July 2011 - 11:53 AM

Lol, been there, done that. I ran it before I posted my logs. It didn't find anything. But, I'll attach the new one anyway.

Don't know if this helps, but Hotmail started to display this message at the top of the screen yesterday after I replied to your post.

Some other program is set to download and delete your messages from Hotmail. Just in case this was an accident, we've put them in a special POP folder. Not an accident? Change settings.

I changed passwords again, while logged onto Tor on the Linux laptop.


2011/07/03 11:56:38.0815 5716 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/03 11:56:40.0095 5716 ================================================================================
2011/07/03 11:56:40.0095 5716 SystemInfo:
2011/07/03 11:56:40.0095 5716
2011/07/03 11:56:40.0095 5716 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/03 11:56:40.0095 5716 Product type: Workstation
2011/07/03 11:56:40.0095 5716 ComputerName: COMPUTER
2011/07/03 11:56:40.0095 5716 UserName: USER
2011/07/03 11:56:40.0095 5716 Windows directory: C:\Windows
2011/07/03 11:56:40.0095 5716 System windows directory: C:\Windows
2011/07/03 11:56:40.0095 5716 Processor architecture: Intel x86
2011/07/03 11:56:40.0095 5716 Number of processors: 2
2011/07/03 11:56:40.0095 5716 Page size: 0x1000
2011/07/03 11:56:40.0095 5716 Boot type: Normal boot
2011/07/03 11:56:40.0095 5716 ================================================================================
2011/07/03 11:56:40.0703 5716 Initialize success
2011/07/03 11:56:45.0156 1104 ================================================================================
2011/07/03 11:56:45.0156 1104 Scan started
2011/07/03 11:56:45.0156 1104 Mode: Manual;
2011/07/03 11:56:45.0156 1104 ================================================================================
2011/07/03 11:56:45.0889 1104 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/03 11:56:46.0186 1104 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/03 11:56:46.0482 1104 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/03 11:56:46.0794 1104 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/03 11:56:47.0122 1104 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/03 11:56:47.0418 1104 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/03 11:56:47.0793 1104 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/03 11:56:47.0871 1104 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/03 11:56:48.0151 1104 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/03 11:56:48.0479 1104 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/03 11:56:48.0588 1104 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/03 11:56:48.0900 1104 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/03 11:56:49.0181 1104 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/03 11:56:49.0462 1104 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/03 11:56:49.0758 1104 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/03 11:56:50.0070 1104 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/03 11:56:50.0335 1104 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/03 11:56:50.0694 1104 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/03 11:56:51.0022 1104 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/03 11:56:51.0069 1104 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/03 11:56:51.0349 1104 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/03 11:56:51.0630 1104 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/03 11:56:51.0724 1104 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/07/03 11:56:52.0067 1104 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/03 11:56:52.0379 1104 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/03 11:56:52.0738 1104 BCM43XX (3508fd340c8b0fbbdb548f174d48762e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/03 11:56:52.0925 1104 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/03 11:56:53.0237 1104 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/03 11:56:53.0424 1104 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/03 11:56:53.0518 1104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/03 11:56:53.0549 1104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/03 11:56:53.0861 1104 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/03 11:56:53.0923 1104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/03 11:56:53.0986 1104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/03 11:56:54.0064 1104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/03 11:56:54.0407 1104 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/07/03 11:56:54.0563 1104 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/03 11:56:54.0953 1104 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/03 11:56:55.0265 1104 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys
2011/07/03 11:56:55.0624 1104 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/03 11:56:55.0827 1104 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/07/03 11:56:55.0951 1104 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
2011/07/03 11:56:55.0998 1104 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
2011/07/03 11:56:56.0326 1104 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/07/03 11:56:56.0607 1104 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/03 11:56:56.0887 1104 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/03 11:56:57.0184 1104 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/03 11:56:57.0496 1104 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/03 11:56:57.0605 1104 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/03 11:56:57.0839 1104 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/03 11:56:58.0104 1104 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/03 11:56:58.0385 1104 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/03 11:56:58.0713 1104 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/03 11:56:58.0993 1104 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/03 11:56:59.0305 1104 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/03 11:56:59.0793 1104 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/03 11:57:00.0104 1104 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/03 11:57:00.0385 1104 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/03 11:57:00.0588 1104 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/03 11:57:00.0759 1104 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/03 11:57:01.0056 1104 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
2011/07/03 11:57:01.0243 1104 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/03 11:57:01.0586 1104 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/03 11:57:01.0961 1104 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/03 11:57:02.0026 1104 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys
2011/07/03 11:57:02.0138 1104 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/07/03 11:57:02.0430 1104 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/07/03 11:57:02.0539 1104 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/03 11:57:02.0731 1104 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/03 11:57:02.0822 1104 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/03 11:57:03.0037 1104 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/03 11:57:03.0134 1104 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/03 11:57:03.0184 1104 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/03 11:57:03.0230 1104 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/03 11:57:03.0293 1104 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/03 11:57:03.0386 1104 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/03 11:57:03.0433 1104 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/03 11:57:03.0714 1104 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/03 11:57:04.0010 1104 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/03 11:57:04.0338 1104 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/03 11:57:04.0634 1104 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/03 11:57:04.0884 1104 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/03 11:57:04.0946 1104 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/03 11:57:05.0040 1104 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/03 11:57:05.0258 1104 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/03 11:57:05.0570 1104 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/03 11:57:05.0960 1104 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/03 11:57:06.0241 1104 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/03 11:57:06.0538 1104 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/03 11:57:06.0803 1104 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/03 11:57:07.0099 1104 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/03 11:57:07.0411 1104 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/03 11:57:07.0552 1104 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/03 11:57:07.0957 1104 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/03 11:57:08.0066 1104 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/03 11:57:08.0347 1104 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/03 11:57:08.0425 1104 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/03 11:57:08.0472 1104 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/03 11:57:08.0566 1104 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/03 11:57:08.0831 1104 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/03 11:57:09.0112 1104 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/03 11:57:09.0314 1104 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/03 11:57:09.0424 1104 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/03 11:57:09.0689 1104 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/03 11:57:09.0876 1104 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/03 11:57:09.0985 1104 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/03 11:57:10.0157 1104 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/03 11:57:10.0516 1104 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/03 11:57:10.0859 1104 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/03 11:57:11.0124 1104 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/03 11:57:11.0420 1104 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/03 11:57:11.0514 1104 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/03 11:57:11.0795 1104 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/03 11:57:12.0076 1104 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/03 11:57:12.0356 1104 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/03 11:57:12.0434 1104 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/03 11:57:12.0512 1104 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/03 11:57:12.0590 1104 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/03 11:57:12.0871 1104 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/03 11:57:13.0012 1104 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/03 11:57:13.0246 1104 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/03 11:57:13.0324 1104 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/03 11:57:13.0589 1104 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/03 11:57:13.0714 1104 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/03 11:57:13.0994 1104 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/03 11:57:14.0057 1104 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/03 11:57:14.0213 1104 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/03 11:57:14.0322 1104 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/03 11:57:14.0603 1104 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/03 11:57:14.0806 1104 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/03 11:57:14.0868 1104 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/03 11:57:14.0930 1104 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/03 11:57:15.0227 1104 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/03 11:57:15.0508 1104 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/03 11:57:15.0804 1104 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/03 11:57:15.0882 1104 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/03 11:57:15.0976 1104 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/03 11:57:16.0225 1104 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/03 11:57:16.0288 1104 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/03 11:57:16.0350 1104 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/03 11:57:16.0646 1104 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/03 11:57:16.0912 1104 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/03 11:57:17.0161 1104 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/03 11:57:17.0426 1104 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/03 11:57:17.0567 1104 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/03 11:57:17.0660 1104 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/03 11:57:17.0816 1104 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/03 11:57:17.0910 1104 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/03 11:57:18.0082 1104 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/03 11:57:18.0503 1104 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/03 11:57:18.0628 1104 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/03 11:57:18.0908 1104 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/03 11:57:18.0986 1104 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/03 11:57:19.0096 1104 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/03 11:57:19.0158 1104 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/03 11:57:19.0439 1104 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/03 11:57:19.0501 1104 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/03 11:57:19.0782 1104 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/03 11:57:20.0032 1104 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/03 11:57:20.0172 1104 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/03 11:57:20.0406 1104 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/03 11:57:20.0468 1104 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/03 11:57:20.0562 1104 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/03 11:57:20.0827 1104 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/03 11:57:21.0092 1104 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/03 11:57:21.0186 1104 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/03 11:57:21.0342 1104 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/03 11:57:21.0810 1104 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/03 11:57:22.0075 1104 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/03 11:57:22.0287 1104 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/03 11:57:22.0566 1104 qcfilterhp2k (9f9f6f299aaa4728a29536da2073121b) C:\Windows\system32\DRIVERS\qcfilterhp2k.sys
2011/07/03 11:57:22.0875 1104 qcusbnethp2k (c01626b34bbd466d304938864aa504e7) C:\Windows\system32\DRIVERS\qcusbnethp2k.sys
2011/07/03 11:57:23.0165 1104 qcusbserhp2k (fda379f6c51b8a5dce95d108369ff137) C:\Windows\system32\DRIVERS\qcusbserhp2k.sys
2011/07/03 11:57:23.0462 1104 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/03 11:57:23.0525 1104 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/03 11:57:23.0603 1104 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/03 11:57:23.0649 1104 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/03 11:57:23.0930 1104 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/03 11:57:24.0242 1104 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/03 11:57:24.0539 1104 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/03 11:57:24.0835 1104 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/03 11:57:24.0944 1104 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/03 11:57:25.0038 1104 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/03 11:57:25.0131 1104 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/03 11:57:25.0428 1104 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/03 11:57:25.0599 1104 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/03 11:57:25.0709 1104 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/03 11:57:26.0005 1104 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/03 11:57:26.0317 1104 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/03 11:57:26.0645 1104 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/03 11:57:26.0832 1104 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/03 11:57:27.0113 1104 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/03 11:57:27.0425 1104 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\rtl8187.sys
2011/07/03 11:57:27.0737 1104 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/03 11:57:27.0846 1104 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/03 11:57:28.0158 1104 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/07/03 11:57:28.0439 1104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/03 11:57:28.0735 1104 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/03 11:57:28.0829 1104 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/03 11:57:28.0922 1104 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/03 11:57:29.0250 1104 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/03 11:57:29.0312 1104 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/03 11:57:29.0359 1104 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/03 11:57:29.0609 1104 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/03 11:57:29.0718 1104 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/03 11:57:29.0967 1104 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/03 11:57:30.0030 1104 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/03 11:57:30.0170 1104 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/03 11:57:30.0342 1104 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/07/03 11:57:30.0654 1104 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/03 11:57:30.0981 1104 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/03 11:57:31.0075 1104 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/03 11:57:31.0356 1104 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/03 11:57:31.0543 1104 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/03 11:57:31.0668 1104 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/03 11:57:31.0824 1104 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/03 11:57:32.0136 1104 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/03 11:57:32.0432 1104 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/03 11:57:32.0713 1104 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/03 11:57:33.0056 1104 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/03 11:57:33.0415 1104 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/03 11:57:33.0633 1104 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/03 11:57:33.0961 1104 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/03 11:57:34.0039 1104 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/03 11:57:34.0086 1104 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/03 11:57:34.0164 1104 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/03 11:57:34.0429 1104 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/03 11:57:34.0803 1104 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/03 11:57:35.0084 1104 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/03 11:57:35.0381 1104 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/03 11:57:35.0646 1104 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/03 11:57:35.0724 1104 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/03 11:57:36.0051 1104 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/03 11:57:36.0161 1104 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/03 11:57:36.0317 1104 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/03 11:57:36.0566 1104 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/03 11:57:36.0629 1104 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/03 11:57:36.0894 1104 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/03 11:57:37.0206 1104 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/03 11:57:37.0299 1104 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/03 11:57:37.0533 1104 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/03 11:57:37.0658 1104 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/03 11:57:37.0908 1104 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/03 11:57:38.0189 1104 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/03 11:57:38.0516 1104 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/03 11:57:38.0813 1104 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/03 11:57:38.0875 1104 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/03 11:57:38.0953 1104 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/03 11:57:39.0218 1104 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/03 11:57:39.0296 1104 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/03 11:57:39.0546 1104 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/03 11:57:39.0811 1104 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/03 11:57:39.0951 1104 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/03 11:57:40.0217 1104 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/03 11:57:40.0513 1104 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/03 11:57:40.0794 1104 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/03 11:57:41.0090 1104 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/03 11:57:41.0168 1104 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/03 11:57:41.0480 1104 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 11:57:41.0527 1104 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 11:57:41.0683 1104 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/03 11:57:41.0948 1104 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/03 11:57:42.0360 1104 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/03 11:57:42.0421 1104 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/03 11:57:42.0832 1104 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/03 11:57:43.0213 1104 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/03 11:57:43.0353 1104 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/03 11:57:43.0634 1104 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/03 11:57:43.0961 1104 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/07/03 11:57:44.0117 1104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/03 11:57:44.0164 1104 Boot (0x1200) (c0c9283291f7e683d95c4af9fa07a573) \Device\Harddisk0\DR0\Partition0
2011/07/03 11:57:44.0211 1104 Boot (0x1200) (8ade7a60865dd51b4bef0cee3124cb07) \Device\Harddisk0\DR0\Partition1
2011/07/03 11:57:44.0273 1104 Boot (0x1200) (df3dd72fc462d63e002448f9dec7cf8a) \Device\Harddisk0\DR0\Partition2
2011/07/03 11:57:44.0289 1104 ================================================================================
2011/07/03 11:57:44.0289 1104 Scan finished
2011/07/03 11:57:44.0289 1104 ================================================================================
2011/07/03 11:57:44.0336 2456 Detected object count: 0
2011/07/03 11:57:44.0336 2456 Actual detected object count: 0
2011/07/03 12:21:22.0776 2824 ================================================================================
2011/07/03 12:21:22.0776 2824 Scan started
2011/07/03 12:21:22.0776 2824 Mode: Manual;
2011/07/03 12:21:22.0776 2824 ================================================================================
2011/07/03 12:21:23.0668 2824 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/03 12:21:23.0772 2824 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/03 12:21:23.0881 2824 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/03 12:21:23.0972 2824 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/03 12:21:24.0263 2824 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/03 12:21:24.0422 2824 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/03 12:21:24.0596 2824 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/03 12:21:24.0862 2824 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/03 12:21:25.0064 2824 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/03 12:21:25.0486 2824 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/03 12:21:25.0610 2824 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/03 12:21:25.0735 2824 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/03 12:21:25.0876 2824 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/03 12:21:25.0969 2824 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/03 12:21:26.0078 2824 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/03 12:21:26.0234 2824 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/03 12:21:26.0515 2824 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/03 12:21:26.0718 2824 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/03 12:21:27.0202 2824 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/03 12:21:27.0311 2824 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/03 12:21:27.0420 2824 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/03 12:21:27.0514 2824 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/03 12:21:27.0670 2824 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/07/03 12:21:27.0950 2824 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/03 12:21:28.0106 2824 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/03 12:21:28.0325 2824 BCM43XX (3508fd340c8b0fbbdb548f174d48762e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/03 12:21:28.0528 2824 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/03 12:21:28.0668 2824 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/03 12:21:28.0762 2824 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/03 12:21:28.0840 2824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/03 12:21:28.0918 2824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/03 12:21:29.0027 2824 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/03 12:21:29.0120 2824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/03 12:21:29.0198 2824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/03 12:21:29.0276 2824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/03 12:21:29.0401 2824 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/07/03 12:21:29.0495 2824 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/03 12:21:29.0635 2824 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/03 12:21:29.0744 2824 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys
2011/07/03 12:21:29.0885 2824 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/03 12:21:30.0010 2824 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/07/03 12:21:30.0150 2824 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
2011/07/03 12:21:30.0368 2824 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
2011/07/03 12:21:30.0712 2824 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/07/03 12:21:31.0055 2824 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/03 12:21:31.0398 2824 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/03 12:21:31.0726 2824 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/03 12:21:32.0069 2824 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/03 12:21:32.0334 2824 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/03 12:21:32.0599 2824 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/03 12:21:32.0942 2824 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/03 12:21:33.0286 2824 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/03 12:21:33.0676 2824 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/03 12:21:34.0019 2824 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/03 12:21:34.0253 2824 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/03 12:21:34.0768 2824 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/03 12:21:34.0924 2824 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/03 12:21:35.0142 2824 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/03 12:21:35.0563 2824 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/03 12:21:35.0938 2824 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/03 12:21:36.0265 2824 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
2011/07/03 12:21:36.0499 2824 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/03 12:21:36.0983 2824 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/03 12:21:37.0373 2824 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/03 12:21:37.0747 2824 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys
2011/07/03 12:21:38.0059 2824 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/07/03 12:21:38.0418 2824 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/07/03 12:21:38.0761 2824 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/03 12:21:39.0120 2824 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/03 12:21:39.0323 2824 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/03 12:21:39.0432 2824 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/03 12:21:39.0806 2824 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/03 12:21:40.0150 2824 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/03 12:21:40.0368 2824 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/03 12:21:40.0602 2824 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/03 12:21:40.0961 2824 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/03 12:21:41.0164 2824 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/03 12:21:41.0600 2824 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/03 12:21:42.0037 2824 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/03 12:21:42.0490 2824 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/03 12:21:42.0692 2824 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/03 12:21:42.0942 2824 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/03 12:21:43.0016 2824 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/03 12:21:43.0125 2824 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/03 12:21:43.0224 2824 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/03 12:21:43.0326 2824 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/03 12:21:43.0536 2824 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/03 12:21:43.0662 2824 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/03 12:21:43.0985 2824 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/03 12:21:44.0312 2824 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/03 12:21:44.0608 2824 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/03 12:21:44.0967 2824 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/03 12:21:45.0154 2824 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/03 12:21:45.0560 2824 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/03 12:21:45.0810 2824 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/03 12:21:46.0075 2824 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/03 12:21:46.0215 2824 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/03 12:21:46.0293 2824 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/03 12:21:46.0605 2824 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/03 12:21:46.0793 2824 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/03 12:21:47.0073 2824 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/03 12:21:47.0167 2824 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/03 12:21:47.0261 2824 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/03 12:21:47.0385 2824 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/03 12:21:47.0526 2824 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/03 12:21:47.0666 2824 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/03 12:21:47.0822 2824 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/03 12:21:48.0072 2824 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/03 12:21:48.0197 2824 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/03 12:21:48.0337 2824 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/03 12:21:48.0446 2824 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/03 12:21:48.0555 2824 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/03 12:21:48.0633 2824 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/03 12:21:48.0789 2824 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/03 12:21:48.0930 2824 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/03 12:21:49.0039 2824 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/03 12:21:49.0133 2824 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/03 12:21:49.0242 2824 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/03 12:21:49.0320 2824 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/03 12:21:49.0382 2824 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/03 12:21:49.0445 2824 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/03 12:21:49.0554 2824 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/03 12:21:49.0663 2824 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/03 12:21:49.0928 2824 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/03 12:21:50.0022 2824 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/03 12:21:50.0303 2824 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/03 12:21:50.0381 2824 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/03 12:21:50.0459 2824 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/03 12:21:50.0739 2824 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/03 12:21:50.0880 2824 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/03 12:21:50.0942 2824 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/03 12:21:51.0051 2824 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/03 12:21:51.0207 2824 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/03 12:21:51.0519 2824 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/03 12:21:51.0629 2824 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/03 12:21:51.0722 2824 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/03 12:21:51.0816 2824 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/03 12:21:51.0894 2824 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/03 12:21:52.0050 2824 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/03 12:21:52.0128 2824 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/03 12:21:52.0284 2824 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/03 12:21:52.0611 2824 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/03 12:21:52.0767 2824 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/03 12:21:53.0001 2824 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/03 12:21:53.0189 2824 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/03 12:21:53.0407 2824 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/03 12:21:53.0532 2824 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/03 12:21:53.0641 2824 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/03 12:21:53.0797 2824 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/03 12:21:54.0109 2824 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/03 12:21:54.0577 2824 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/03 12:21:54.0936 2824 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/03 12:21:55.0279 2824 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/03 12:21:55.0669 2824 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/03 12:21:56.0012 2824 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/03 12:21:56.0355 2824 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/03 12:21:56.0543 2824 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/03 12:21:56.0855 2824 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/03 12:21:57.0104 2824 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/03 12:21:57.0229 2824 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/03 12:21:57.0291 2824 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/03 12:21:57.0354 2824 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/03 12:21:57.0447 2824 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/03 12:21:57.0557 2824 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/03 12:21:57.0650 2824 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/03 12:21:57.0962 2824 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/03 12:21:58.0040 2824 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/03 12:21:58.0337 2824 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/03 12:21:58.0555 2824 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/03 12:21:58.0664 2824 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/03 12:21:58.0727 2824 qcfilterhp2k (9f9f6f299aaa4728a29536da2073121b) C:\Windows\system32\DRIVERS\qcfilterhp2k.sys
2011/07/03 12:21:58.0773 2824 qcusbnethp2k (c01626b34bbd466d304938864aa504e7) C:\Windows\system32\DRIVERS\qcusbnethp2k.sys
2011/07/03 12:21:59.0023 2824 qcusbserhp2k (fda379f6c51b8a5dce95d108369ff137) C:\Windows\system32\DRIVERS\qcusbserhp2k.sys
2011/07/03 12:21:59.0351 2824 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/03 12:21:59.0678 2824 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/03 12:21:59.0756 2824 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/03 12:21:59.0819 2824 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/03 12:22:00.0084 2824 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/03 12:22:00.0224 2824 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/03 12:22:00.0349 2824 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/03 12:22:00.0630 2824 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/03 12:22:00.0708 2824 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/03 12:22:00.0801 2824 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/03 12:22:00.0942 2824 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/03 12:22:01.0035 2824 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/03 12:22:01.0129 2824 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/03 12:22:01.0223 2824 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/03 12:22:01.0316 2824 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/03 12:22:01.0410 2824 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/03 12:22:01.0519 2824 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/03 12:22:01.0597 2824 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/03 12:22:01.0659 2824 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/03 12:22:01.0753 2824 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\rtl8187.sys
2011/07/03 12:22:01.0847 2824 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/03 12:22:01.0940 2824 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/03 12:22:02.0034 2824 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/07/03 12:22:02.0112 2824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/03 12:22:02.0190 2824 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/03 12:22:02.0252 2824 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/03 12:22:02.0315 2824 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/03 12:22:02.0595 2824 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/03 12:22:02.0658 2824 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/03 12:22:02.0705 2824 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/03 12:22:02.0767 2824 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/03 12:22:02.0892 2824 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/03 12:22:03.0160 2824 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/03 12:22:03.0345 2824 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/03 12:22:03.0487 2824 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/03 12:22:03.0640 2824 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/07/03 12:22:03.0932 2824 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/03 12:22:04.0068 2824 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/03 12:22:04.0318 2824 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/03 12:22:04.0396 2824 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/03 12:22:04.0567 2824 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/03 12:22:04.0848 2824 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/03 12:22:05.0020 2824 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/03 12:22:05.0238 2824 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/03 12:22:05.0332 2824 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/03 12:22:05.0425 2824 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/03 12:22:05.0534 2824 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/03 12:22:05.0690 2824 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/03 12:22:05.0800 2824 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/03 12:22:05.0987 2824 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/03 12:22:06.0065 2824 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/03 12:22:06.0127 2824 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/03 12:22:06.0205 2824 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/03 12:22:06.0299 2824 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/03 12:22:06.0470 2824 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/03 12:22:06.0720 2824 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/03 12:22:07.0032 2824 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/03 12:22:07.0126 2824 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/03 12:22:07.0235 2824 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/03 12:22:07.0406 2824 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/03 12:22:07.0500 2824 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/03 12:22:07.0656 2824 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/03 12:22:07.0750 2824 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/03 12:22:07.0812 2824 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/03 12:22:07.0874 2824 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/03 12:22:07.0937 2824 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/03 12:22:07.0999 2824 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/03 12:22:08.0062 2824 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/03 12:22:08.0124 2824 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/03 12:22:08.0186 2824 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/03 12:22:08.0264 2824 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/03 12:22:08.0358 2824 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/03 12:22:08.0436 2824 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/03 12:22:08.0498 2824 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/03 12:22:08.0561 2824 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/03 12:22:08.0623 2824 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/03 12:22:08.0686 2824 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/03 12:22:08.0748 2824 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/03 12:22:08.0795 2824 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/03 12:22:08.0873 2824 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/03 12:22:08.0935 2824 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/03 12:22:09.0013 2824 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/03 12:22:09.0076 2824 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/03 12:22:09.0122 2824 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/03 12:22:09.0216 2824 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/03 12:22:09.0310 2824 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 12:22:09.0356 2824 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 12:22:09.0497 2824 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/03 12:22:09.0575 2824 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/03 12:22:09.0731 2824 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/03 12:22:09.0793 2824 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/03 12:22:09.0996 2824 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/03 12:22:10.0136 2824 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/03 12:22:10.0261 2824 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/03 12:22:10.0324 2824 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/03 12:22:10.0433 2824 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/07/03 12:22:10.0573 2824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/03 12:22:10.0620 2824 Boot (0x1200) (c0c9283291f7e683d95c4af9fa07a573) \Device\Harddisk0\DR0\Partition0
2011/07/03 12:22:10.0667 2824 Boot (0x1200) (8ade7a60865dd51b4bef0cee3124cb07) \Device\Harddisk0\DR0\Partition1
2011/07/03 12:22:10.0729 2824 Boot (0x1200) (df3dd72fc462d63e002448f9dec7cf8a) \Device\Harddisk0\DR0\Partition2
2011/07/03 12:22:10.0745 2824 ================================================================================
2011/07/03 12:22:10.0745 2824 Scan finished
2011/07/03 12:22:10.0745 2824 ================================================================================
2011/07/03 12:22:10.0792 1036 Detected object count: 0
2011/07/03 12:22:10.0792 1036 Actual detected object count: 0

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 03 July 2011 - 12:06 PM

We will get another download. There is a guide to read first, read through the guide then apply the directions on your own machine:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 Muttz

Muttz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 03 July 2011 - 02:38 PM

Ok, ran ComboFix. Whatever this is was in Anonymizer Universal as well. Unbelievable.





ComboFix 11-07-02.03 - USER 07/03/2011 14:51:04.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2036.1326 [GMT -4:00]
Running from: c:\users\USER\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 19:02 . 2011-07-03 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 23:28 . 2011-06-30 23:28 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-06-30 23:27 . 2011-06-30 23:27 -------- d-----w- c:\users\USER\AppData\Roaming\hpqLog
2011-06-30 23:21 . 2011-06-30 23:22 -------- d-----w- c:\users\USER\AppData\Roaming\HP Support Assistant
2011-06-30 23:21 . 2011-06-30 23:22 -------- d-----w- c:\users\USER\AppData\Roaming\HpUpdate
2011-06-30 23:17 . 2011-06-20 12:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6455A5BA-8DC0-4255-B84E-810074910B84}\mpengine.dll
2011-06-30 23:16 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 23:16 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 23:16 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 23:16 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 23:16 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-30 23:16 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 23:16 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 23:16 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 23:16 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 23:16 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-24 23:41 . 2011-06-24 23:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 19:16 . 2011-06-23 19:16 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2011-06-23 19:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 19:16 . 2011-06-23 19:16 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 19:16 . 2011-06-23 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 19:16 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 17:57 . 2011-06-23 17:57 -------- d-----w- c:\users\USER\AppData\Roaming\Anonymizer
2011-06-23 17:57 . 2011-06-23 17:57 -------- d-----w- c:\programdata\Anonymizer
2011-06-23 17:57 . 2011-06-23 17:57 -------- d-----w- c:\program files\Anonymizer
2011-06-23 17:57 . 2011-06-23 17:57 -------- dc-h--w- c:\programdata\{2C4A57D6-4F0C-49A4-9A3F-89423FD797DC}
2011-06-23 17:56 . 2011-06-23 17:56 -------- d-----w- c:\users\USER\AppData\Local\PackageAware
2011-06-23 07:03 . 2011-06-23 07:03 -------- d-----w- c:\program files\Common Files\Java
2011-06-23 06:38 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-23 06:38 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-23 06:37 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-23 06:36 . 2011-06-23 06:36 -------- d-----w- c:\users\USER\AppData\Roaming\Verizon Wireless
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 23:14 . 2011-05-05 23:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-06 00:56 . 2011-05-06 00:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-06 00:56 . 2011-05-06 00:56 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-06 00:56 . 2011-05-06 00:56 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-06 00:56 . 2011-05-06 00:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-06 00:55 . 2011-05-06 00:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-06 00:55 . 2011-05-06 00:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-06 00:55 . 2011-05-06 00:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-06 00:55 . 2011-05-06 00:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-06 00:55 . 2011-05-06 00:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-06 00:55 . 2011-05-06 00:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-06 00:55 . 2011-05-06 00:55 367104 ----a-w- c:\windows\system32\html.iec
2011-05-06 00:55 . 2011-05-06 00:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-06 00:55 . 2011-05-06 00:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-06 00:55 . 2011-05-06 00:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-06 00:55 . 2011-05-06 00:55 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-06 00:55 . 2011-05-06 00:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-06 00:55 . 2011-05-06 00:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-06 00:55 . 2011-05-06 00:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-06 00:55 . 2011-05-06 00:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 22:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-04 08:52 . 2011-05-06 02:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:26 . 2011-05-06 02:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anonymizer Universal"="c:\program files\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe" [2011-02-23 6118584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-02 204288]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [2009-03-02 81920]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2010-01-19 330488]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2010-01-19 5248]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2010-01-19 206848]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2010-01-19 106368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\HPCeeScheduleForUSER.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\61cmexs2.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.my.msn.com/?lang=en-ca
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(856)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-07-03 15:07:51
ComboFix-quarantined-files.txt 2011-07-03 19:07
.
Pre-Run: 212,175,863,808 bytes free
Post-Run: 211,865,509,888 bytes free
.
- - End Of File - - ACF11262E7D6BEE729DDF5A05D373635

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 03 July 2011 - 04:00 PM

Not much there in the combofix log. You said you wrote zero's to the drive, how did you reinstall Windows? A recovery partition or cd/dvd media, a backup?

Whatever this is was in Anonymizer Universal as well.

What does that mean?


Tdsskiller shouldn't have any problem with a TDL3. Yet another download:

Download aswMBR to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply.

How Can I Reduce My Risk to Malware?


#9 Muttz

Muttz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 08 July 2011 - 11:37 AM

Sorry that I didn't get back to you. I had some things going on this week and my ISP was down last night by the time I sat down at the computer.

That log didn't show anything either. I know that.

From the combofix log, it doesn't look like combofix touched anything to do with Anonymizer, but it's working properly since I ran it. It was shutting down every few minutes and now it's not.

I don't know if this is a TDL3 infection or not. I was kind of hoping that someone would know what this was. I have done a lot of reading and I know that the TDL is constantly changing. It could be another variant.

Maybe I do have this machine clean finally. That would be good news. I'm still having other problems.

I lost control of my Hotmail account again. I am just going to abandon that email address.

I didn't write zeros to this machine because of the recovery partition. I have done it to other machines in the house and whatever this is just comes back. I did it to another laptop that came with a full version of XP. I reinstalled, installed the service packs from disks, the AV, updated and tried to download malwarebytes right from malwarebytes.org. It took me to a download of a poisoned (I am sure) version of Norton Internet Security. I want to have a look at the hosts file on that machine. It's almost like it's coming back from the Internet.

I just don't know how this crap is getting in here. I'm really careful. I don't read joke emails, I hate Facebook and I'm smart enough not to click on ads. I use Secunia. I update everything religiously. I don't mouth off on forums. I'm not the kind of person who should have problems like this.

Thanks for trying to help anyhow. Here's the log.

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-03 19:23:45
-----------------------------
19:23:45.258 OS Version: Windows 6.1.7601 Service Pack 1
19:23:45.258 Number of processors: 2 586 0x1C0A
19:23:45.258 ComputerName: COMPUTER UserName: USER
19:24:06.536 Initialize success
19:24:15.678 AVAST engine defs: 11070301
19:24:31.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:24:31.091 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
19:24:31.122 Disk 0 MBR read successfully
19:24:31.137 Disk 0 MBR scan
19:24:31.153 Disk 0 Windows 7 default MBR code
19:24:31.169 Disk 0 scanning sectors +488183808
19:24:31.215 Disk 0 scanning C:\Windows\system32\drivers
19:24:46.394 Service scanning
19:24:48.110 Disk 0 trace - called modules:
19:24:48.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:24:48.157 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857a8508]
19:24:48.173 3 CLASSPNP.SYS[8840e59e] -> nt!IofCallDriver -> [0x84d38848]
19:24:48.188 5 ACPI.sys[8829a3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84d4e028]
19:24:52.151 AVAST engine scan C:\Windows
19:59:24.861 AVAST engine scan C:\Users\USER
20:00:58.477 AVAST engine scan C:\ProgramData
20:01:44.762 Scan finished successfully
20:11:33.788 Disk 0 MBR has been saved successfully to "C:\Users\USER\Desktop\MBR.dat"
20:11:33.819 The log file has been saved successfully to "C:\Users\USER\Desktop\aswMBR.txt"

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 09 July 2011 - 05:47 PM

hi,

What is Anonymizer Universal? If you have a rootkit or back door on your machine, (and it dosn't look like you)--- your toast. You must have a router, have you set your router back to its defaults?

How Can I Reduce My Risk to Malware?


#11 Muttz

Muttz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 July 2011 - 01:04 PM

Anonymizer Universal is anonymous surfing software.

And yes, I did have a trojan. I finally had time to reformat yet again and the DDS Log is not reporting a possible TDL3 infection anymore. Whatever this is it some sort of variant of the TDL infections. I was just hoping that someone could help figure out what this actually is.

Thanks anyways. I'm fine for now.

#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:11 PM

Posted 22 July 2011 - 08:47 PM

anonymous surfing software

Theres really no such thing. Its just a proxy server.

All those logs looked ok to me. You can remove combofix like this:
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /
You can delete tdsskiller and aswMBR icons from your desktop

since it all appears good you can make a new restore point. The how and the why:
One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.



To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

And last;

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.


No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Your browser risks: The why and how to secure your browser for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users