Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello4, redirecting and pop ups


  • Please log in to reply
7 replies to this topic

#1 LineofEld19

LineofEld19

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 25 August 2011 - 01:12 PM

Hello all, I have been surfing this forum for a while and it has helped me out a lot. This is my first post because i think I've met my match with this infection. Whenever I attempt to shut down, windows tries to end the "hello4" program. I have run malewarebytes and superantispyware in safe mode and although they have showed up with some infections, my PC is still plagued with this hello4 virus. It started happening a couple days ago yet I have yet to get rid of it. I am able to get online and when I use Firefox, sometimes a new window pops up on its own and shows a news or health site, or if I click a Google search result, it also does the same thing. Any help will be appreciated and thank you in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:43 PM

Posted 25 August 2011 - 01:23 PM

Hello and welcome.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Let's do these next in Normal mode.


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LineofEld19

LineofEld19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 25 August 2011 - 01:34 PM

Hello boopme, yes my modem has a built in router but no other computers are connected to it. Yes I am using Firefox, but IE does it too. Forgive me, but i forgot to mention that when I boot up my system and while it loads up I see blank windows flash and then disappear right away. Also, i get two errors:
"RUNDLL
error loading C:\windows\spieates.dll
The specified module could not be found"

And
"Runner Error
Invalid back web application id '8876480'"

I will start on what you told me to do.

Edited by LineofEld19, 25 August 2011 - 01:35 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:43 PM

Posted 25 August 2011 - 02:02 PM

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete. ---> spieates.dll
Reboot your computer and see if the startup error returns.
Credit to quietman7


Same with any backweb you see..
Backweb is a tool that software vendors incorporates into their product to download data (e.g. product updates) to the user's PC. Its operation depends on the instructions given to it by the individual software vendor who bundles it.
While this software has been neither exhonorated nor convicted of malice, some aspects of its installation and operation appear suspect.
Visitors have associated it with the appearance of advertisemets.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 LineofEld19

LineofEld19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 25 August 2011 - 02:08 PM

I did not find the exact TDSS file you mentioned, but i found these 3 on my C drive:
First:

2010/08/24 10:36:33.0109 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 10:36:33.0109 ================================================================================
2010/08/24 10:36:33.0109 SystemInfo:
2010/08/24 10:36:33.0109
2010/08/24 10:36:33.0109 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 10:36:33.0109 Product type: Workstation
2010/08/24 10:36:33.0109 ComputerName: IBM-CAE8212E769
2010/08/24 10:36:33.0109 UserName: jason *****
2010/08/24 10:36:33.0109 Windows directory: C:\WINDOWS
2010/08/24 10:36:33.0109 System windows directory: C:\WINDOWS
2010/08/24 10:36:33.0109 Processor architecture: Intel x86
2010/08/24 10:36:33.0109 Number of processors: 1
2010/08/24 10:36:33.0109 Page size: 0x1000
2010/08/24 10:36:33.0109 Boot type: Normal boot
2010/08/24 10:36:33.0109 ================================================================================
2010/08/24 10:36:34.0328 Initialize success
2010/08/24 10:36:45.0984 ================================================================================
2010/08/24 10:36:45.0984 Scan started
2010/08/24 10:36:45.0984 Mode: Manual;
2010/08/24 10:36:45.0984 ================================================================================
2010/08/24 10:36:46.0609 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/24 10:36:46.0734 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/08/24 10:36:46.0796 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/08/24 10:36:46.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 10:36:46.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 10:36:47.0000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/08/24 10:36:47.0062 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/24 10:36:47.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 10:36:47.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 10:36:47.0218 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/24 10:36:47.0265 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/08/24 10:36:47.0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/08/24 10:36:47.0343 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/08/24 10:36:47.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/08/24 10:36:47.0468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/08/24 10:36:47.0515 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/08/24 10:36:47.0562 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/08/24 10:36:47.0593 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/08/24 10:36:47.0656 AnyDVD (9031e1f28845b099695440a7e3f11690) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/08/24 10:36:47.0718 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/08/24 10:36:47.0765 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/08/24 10:36:47.0828 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/08/24 10:36:47.0921 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
2010/08/24 10:36:47.0984 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/24 10:36:48.0031 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/24 10:36:48.0078 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/24 10:36:48.0125 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/24 10:36:48.0171 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/24 10:36:48.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 10:36:48.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 10:36:48.0421 atinevxx (7a68cac9bad16ab11cd47ad35a8db54d) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
2010/08/24 10:36:48.0468 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
2010/08/24 10:36:48.0515 ATITUNEP (5b99046794dfc3711ed8862a8b054bdf) C:\WINDOWS\system32\DRIVERS\atineuxx.sys
2010/08/24 10:36:48.0578 ativraxx (2f7b6bbbaf079f7b7190c4ffbc24a993) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
2010/08/24 10:36:48.0640 ATIXSAudio (0b868b6869b803309b2c8b726b059c49) C:\WINDOWS\system32\DRIVERS\atinesxx.sys
2010/08/24 10:36:48.0687 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 10:36:48.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 10:36:48.0843 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/24 10:36:48.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 10:36:48.0984 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/08/24 10:36:49.0015 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/08/24 10:36:49.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 10:36:49.0109 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/24 10:36:49.0171 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/08/24 10:36:49.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 10:36:49.0281 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 10:36:49.0343 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 10:36:49.0468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/08/24 10:36:49.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/24 10:36:49.0593 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/08/24 10:36:49.0734 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/08/24 10:36:49.0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/08/24 10:36:49.0843 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/08/24 10:36:49.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 10:36:50.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 10:36:50.0078 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 10:36:50.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 10:36:50.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 10:36:50.0265 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/08/24 10:36:50.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 10:36:50.0359 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/24 10:36:50.0421 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/24 10:36:50.0515 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/24 10:36:50.0609 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/08/24 10:36:50.0671 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/08/24 10:36:50.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 10:36:50.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/24 10:36:50.0875 FileDisk (093913a016845fe257ed9b7fc8e28ed8) C:\WINDOWS\system32\drivers\FileDisk.sys
2010/08/24 10:36:50.0921 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/24 10:36:50.0984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 10:36:51.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/24 10:36:51.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/24 10:36:51.0187 FStarForce (d4bb6b45e034f03e6e471d56f12708dd) C:\WINDOWS\system32\DRIVERS\FStarForce.sys
2010/08/24 10:36:51.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 10:36:51.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 10:36:51.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/24 10:36:51.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 10:36:51.0468 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/08/24 10:36:51.0531 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 10:36:51.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/08/24 10:36:51.0640 HSFHWBS2 (1fdb1af2bb9a57ed3ab29e6a204b2519) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/24 10:36:51.0718 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/24 10:36:51.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 10:36:51.0906 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/24 10:36:51.0953 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/08/24 10:36:52.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/24 10:36:52.0109 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/24 10:36:52.0187 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 10:36:52.0250 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/08/24 10:36:52.0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/24 10:36:52.0390 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 10:36:52.0437 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/24 10:36:52.0468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 10:36:52.0515 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 10:36:52.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 10:36:52.0671 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
2010/08/24 10:36:52.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 10:36:52.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 10:36:52.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 10:36:52.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 10:36:52.0921 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/24 10:36:52.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 10:36:53.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 10:36:53.0109 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/08/24 10:36:53.0156 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/08/24 10:36:53.0296 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/08/24 10:36:53.0359 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/08/24 10:36:53.0437 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/24 10:36:53.0500 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/24 10:36:53.0718 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/24 10:36:53.0953 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/24 10:36:54.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 10:36:54.0093 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 10:36:54.0187 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 10:36:54.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 10:36:54.0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 10:36:54.0343 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/08/24 10:36:54.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 10:36:54.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 10:36:54.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 10:36:54.0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 10:36:54.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 10:36:54.0734 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 10:36:54.0781 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 10:36:54.0828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/24 10:36:54.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 10:36:54.0953 MVDCODEC (273ab19df8b2ac3486e8f38cf50f6b3b) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2010/08/24 10:36:55.0015 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/24 10:36:55.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 10:36:55.0125 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/24 10:36:55.0234 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 10:36:55.0296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 10:36:55.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 10:36:55.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 10:36:55.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 10:36:55.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 10:36:55.0640 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/08/24 10:36:55.0687 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/08/24 10:36:55.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 10:36:55.0812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 10:36:55.0906 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/08/24 10:36:55.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 10:36:56.0187 nv (77541a576bbae81bbdb49434b3bca9d2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/24 10:36:56.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 10:36:56.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 10:36:56.0578 P2k (8ee5915a40ab1fa206d85b9b6fc622f4) C:\WINDOWS\system32\DRIVERS\P2k.sys
2010/08/24 10:36:56.0625 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 10:36:56.0656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 10:36:56.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 10:36:56.0765 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/24 10:36:56.0828 PCDCODEC (717f5ed0ec2e1dad134d0f0bb1e75bc1) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
2010/08/24 10:36:56.0890 PCI (ddb78d62959cfe05af34b149720daa10) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 10:36:56.0890 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: ddb78d62959cfe05af34b149720daa10, Fake md5: a219903ccf74233761d92bef471a07b1
2010/08/24 10:36:56.0906 PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/24 10:36:57.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 10:36:57.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 10:36:57.0125 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/08/24 10:36:57.0359 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/08/24 10:36:57.0406 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/08/24 10:36:57.0500 Pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/24 10:36:57.0562 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
2010/08/24 10:36:57.0640 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/08/24 10:36:57.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 10:36:57.0812 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/24 10:36:57.0968 psadd (cda7fd04dd3733731bd5297969f0931b) C:\WINDOWS\system32\Drivers\psadd.sys
2010/08/24 10:36:58.0078 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 10:36:58.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 10:36:58.0281 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/08/24 10:36:58.0359 QCDonner (ae4c2d854f2786eda93e923a4bced983) C:\WINDOWS\system32\DRIVERS\LVCD.sys
2010/08/24 10:36:58.0578 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/08/24 10:36:58.0687 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/08/24 10:36:58.0765 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/08/24 10:36:58.0812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/08/24 10:36:58.0875 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/08/24 10:36:58.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 10:36:59.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 10:36:59.0078 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 10:36:59.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 10:36:59.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 10:36:59.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 10:36:59.0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 10:36:59.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 10:36:59.0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 10:36:59.0578 RioS35 (d5f71afb0661dfe955af4bb507ebcd78) C:\WINDOWS\system32\Drivers\RioS35.sys
2010/08/24 10:36:59.0625 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/08/24 10:36:59.0859 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys
2010/08/24 10:36:59.0921 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
2010/08/24 10:37:00.0031 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys
2010/08/24 10:37:00.0078 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
2010/08/24 10:37:00.0140 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys
2010/08/24 10:37:00.0203 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys
2010/08/24 10:37:00.0234 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys
2010/08/24 10:37:00.0328 SCDEmu (85a26c37b91b1187550c99b046840691) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/08/24 10:37:00.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 10:37:00.0484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 10:37:00.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 10:37:00.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 10:37:00.0718 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/08/24 10:37:00.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/24 10:37:00.0843 smwdm (a817845e68342d7d1c97937ea707412b) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/24 10:37:00.0921 snapman (68fc62a72bd6d8e9dfe3718440be94a0) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/08/24 10:37:00.0984 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/08/24 10:37:01.0031 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/08/24 10:37:01.0093 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 10:37:01.0187 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/24 10:37:01.0187 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/08/24 10:37:01.0203 sptd - detected Locked file (1)
2010/08/24 10:37:01.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 10:37:01.0312 SRFilter (7ccd7e3c64c8a6f45bd8c1e408bb9add) C:\WINDOWS\system32\drivers\srntflt.sys
2010/08/24 10:37:01.0375 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 10:37:01.0437 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/24 10:37:01.0500 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/24 10:37:01.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/24 10:37:01.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 10:37:01.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 10:37:01.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/08/24 10:37:01.0765 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/08/24 10:37:01.0812 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/08/24 10:37:01.0859 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/08/24 10:37:01.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 10:37:02.0000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 10:37:02.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 10:37:02.0125 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/08/24 10:37:02.0203 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 10:37:02.0265 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 10:37:02.0359 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/24 10:37:02.0390 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/24 10:37:02.0437 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/24 10:37:02.0484 tfsndres (c435768c370f35a5abf22bd6ca272014) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/24 10:37:02.0531 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/24 10:37:02.0578 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/24 10:37:02.0625 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/24 10:37:02.0671 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/24 10:37:02.0718 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/24 10:37:02.0781 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/08/24 10:37:02.0828 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/08/24 10:37:02.0906 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/08/24 10:37:02.0968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 10:37:03.0000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/08/24 10:37:03.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 10:37:03.0140 upperdev (bb16932a4189e82d6c455042c11849b6) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/08/24 10:37:03.0203 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/24 10:37:03.0265 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/24 10:37:03.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 10:37:03.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 10:37:03.0406 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 10:37:03.0468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/24 10:37:03.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/24 10:37:03.0562 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/08/24 10:37:03.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/24 10:37:03.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 10:37:03.0718 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/08/24 10:37:03.0765 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/08/24 10:37:03.0828 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/08/24 10:37:03.0843 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/08/24 10:37:03.0843 vaxscsi - detected Locked file (1)
2010/08/24 10:37:03.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 10:37:03.0953 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/08/24 10:37:04.0015 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/24 10:37:04.0078 VNUSB (c48e230878ea1946f0c4026a9d8e9a61) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2010/08/24 10:37:04.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 10:37:04.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 10:37:04.0265 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/08/24 10:37:04.0328 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/08/24 10:37:04.0437 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 10:37:04.0531 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/24 10:37:04.0640 WinRT (ab8b158d64024e502ec13090f15c7742) C:\WINDOWS\system32\drivers\WinRT.sys
2010/08/24 10:37:04.0734 WmBEnum (671db6a9b772b807721147c28faf760f) C:\WINDOWS\system32\drivers\WmBEnum.sys
2010/08/24 10:37:04.0796 WmFilter (cffe18db8140b00335221907a694dd01) C:\WINDOWS\system32\drivers\WmFilter.sys
2010/08/24 10:37:04.0906 WmVirHid (2e17ea3b132963e3c07d50d68d2df54e) C:\WINDOWS\system32\drivers\WmVirHid.sys
2010/08/24 10:37:04.0968 WmXlCore (0ece3bb49eb9ee42c411a0f1ec39dda9) C:\WINDOWS\system32\drivers\WmXlCore.sys
2010/08/24 10:37:05.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/24 10:37:05.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/24 10:37:05.0125 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/24 10:37:05.0171 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/24 10:37:05.0281 XUIF (61d2fcf2886f318cc33686782b35c0b0) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2010/08/24 10:37:05.0406 {6080A529-897E-4629-A488-ABA0C29B635E} (9cc9bf9961726eeabb9ee70b80a7741f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/24 10:37:05.0484 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9e23f50a94da9d2958465853c0b9cde6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/24 10:37:05.0531 ================================================================================
2010/08/24 10:37:05.0531 Scan finished
2010/08/24 10:37:05.0531 ================================================================================
2010/08/24 10:37:05.0562 Detected object count: 3
2010/08/24 10:37:40.0359 PCI (ddb78d62959cfe05af34b149720daa10) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 10:37:40.0375 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: ddb78d62959cfe05af34b149720daa10, Fake md5: a219903ccf74233761d92bef471a07b1
2010/08/24 10:37:41.0359 Backup copy found, using it..
2010/08/24 10:37:41.0375 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot
2010/08/24 10:37:41.0375 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure
2010/08/24 10:37:41.0375 Locked file(sptd) - User select action: Skip
2010/08/24 10:37:41.0390 Locked file(vaxscsi) - User select action: Skip
2010/08/24 10:37:59.0078 Deinitialize success

SECOND:

2011/08/25 14:39:20.0734 5116 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 14:39:26.0890 5116 ================================================================================
2011/08/25 14:39:26.0890 5116 SystemInfo:
2011/08/25 14:39:26.0890 5116
2011/08/25 14:39:26.0890 5116 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 14:39:26.0890 5116 Product type: Workstation
2011/08/25 14:39:26.0890 5116 ComputerName: IBM-CAE8212E769
2011/08/25 14:39:26.0890 5116 UserName: jason *****
2011/08/25 14:39:26.0890 5116 Windows directory: C:\WINDOWS
2011/08/25 14:39:26.0890 5116 System windows directory: C:\WINDOWS
2011/08/25 14:39:26.0890 5116 Processor architecture: Intel x86
2011/08/25 14:39:26.0890 5116 Number of processors: 1
2011/08/25 14:39:26.0890 5116 Page size: 0x1000
2011/08/25 14:39:26.0890 5116 Boot type: Normal boot
2011/08/25 14:39:26.0890 5116 ================================================================================
2011/08/25 14:39:29.0281 5116 Initialize success
2011/08/25 14:40:29.0312 3408 ================================================================================
2011/08/25 14:40:29.0312 3408 Scan started
2011/08/25 14:40:29.0312 3408 Mode: Manual;
2011/08/25 14:40:29.0312 3408 ================================================================================
2011/08/25 14:40:30.0093 3408 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/08/25 14:40:30.0281 3408 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/08/25 14:40:30.0468 3408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/25 14:40:30.0515 3408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/25 14:40:30.0578 3408 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/08/25 14:40:30.0734 3408 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/08/25 14:40:30.0921 3408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/25 14:40:31.0015 3408 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/25 14:40:31.0078 3408 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/25 14:40:31.0140 3408 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/08/25 14:40:31.0218 3408 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/08/25 14:40:31.0437 3408 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/08/25 14:40:31.0593 3408 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/08/25 14:40:31.0781 3408 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/08/25 14:40:31.0921 3408 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/08/25 14:40:31.0968 3408 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/08/25 14:40:32.0031 3408 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/08/25 14:40:32.0187 3408 AnyDVD (9031e1f28845b099695440a7e3f11690) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/08/25 14:40:32.0500 3408 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/08/25 14:40:32.0640 3408 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/08/25 14:40:32.0781 3408 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/08/25 14:40:33.0062 3408 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
2011/08/25 14:40:33.0234 3408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/25 14:40:33.0296 3408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/25 14:40:33.0468 3408 atinevxx (7a68cac9bad16ab11cd47ad35a8db54d) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
2011/08/25 14:40:33.0656 3408 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
2011/08/25 14:40:33.0703 3408 ATITUNEP (5b99046794dfc3711ed8862a8b054bdf) C:\WINDOWS\system32\DRIVERS\atineuxx.sys
2011/08/25 14:40:33.0890 3408 ativraxx (2f7b6bbbaf079f7b7190c4ffbc24a993) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
2011/08/25 14:40:34.0140 3408 ATIXSAudio (0b868b6869b803309b2c8b726b059c49) C:\WINDOWS\system32\DRIVERS\atinesxx.sys
2011/08/25 14:40:34.0312 3408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/25 14:40:34.0421 3408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/25 14:40:34.0500 3408 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/08/25 14:40:34.0640 3408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/25 14:40:34.0750 3408 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/25 14:40:34.0843 3408 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/08/25 14:40:34.0906 3408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/25 14:40:34.0937 3408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/25 14:40:35.0031 3408 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/08/25 14:40:35.0218 3408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/25 14:40:35.0687 3408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/25 14:40:36.0265 3408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/25 14:40:36.0703 3408 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
2011/08/25 14:40:38.0171 3408 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/08/25 14:40:39.0484 3408 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/25 14:40:40.0625 3408 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/08/25 14:40:41.0296 3408 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/08/25 14:40:41.0765 3408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/08/25 14:40:41.0828 3408 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/08/25 14:40:42.0031 3408 dc3d (91c1736e77cff029302728b431d0eedb) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/08/25 14:40:42.0265 3408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/25 14:40:42.0390 3408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/25 14:40:42.0468 3408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/25 14:40:42.0531 3408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/25 14:40:42.0640 3408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/25 14:40:43.0000 3408 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/08/25 14:40:43.0187 3408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/25 14:40:43.0375 3408 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/08/25 14:40:43.0765 3408 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/08/25 14:40:44.0062 3408 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/25 14:40:44.0171 3408 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/25 14:40:44.0312 3408 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/08/25 14:40:44.0500 3408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/25 14:40:44.0875 3408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/25 14:40:45.0031 3408 FileDisk (093913a016845fe257ed9b7fc8e28ed8) C:\WINDOWS\system32\drivers\FileDisk.sys
2011/08/25 14:40:45.0187 3408 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/08/25 14:40:45.0453 3408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/25 14:40:45.0593 3408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/25 14:40:45.0687 3408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/25 14:40:45.0953 3408 FStarForce (d4bb6b45e034f03e6e471d56f12708dd) C:\WINDOWS\system32\DRIVERS\FStarForce.sys
2011/08/25 14:40:46.0156 3408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/25 14:40:46.0234 3408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/25 14:40:46.0296 3408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/25 14:40:46.0468 3408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/25 14:40:46.0562 3408 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/08/25 14:40:46.0625 3408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/25 14:40:46.0703 3408 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/08/25 14:40:47.0390 3408 HSFHWBS2 (1fdb1af2bb9a57ed3ab29e6a204b2519) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/25 14:40:48.0328 3408 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/25 14:40:48.0843 3408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/25 14:40:48.0937 3408 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/25 14:40:49.0031 3408 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/08/25 14:40:49.0093 3408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/25 14:40:49.0187 3408 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/25 14:40:49.0453 3408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/25 14:40:49.0531 3408 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/08/25 14:40:49.0890 3408 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/25 14:40:50.0218 3408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/25 14:40:50.0281 3408 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/25 14:40:50.0343 3408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/25 14:40:50.0406 3408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/25 14:40:50.0484 3408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/25 14:40:50.0593 3408 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
2011/08/25 14:40:50.0765 3408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/25 14:40:51.0484 3408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/25 14:40:52.0125 3408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/25 14:40:52.0281 3408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/25 14:40:52.0343 3408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/25 14:40:52.0406 3408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/25 14:40:52.0500 3408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/25 14:40:52.0562 3408 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/08/25 14:40:52.0921 3408 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/08/25 14:40:53.0140 3408 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/08/25 14:40:53.0328 3408 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/08/25 14:40:53.0640 3408 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/08/25 14:40:53.0968 3408 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/08/25 14:40:54.0484 3408 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/08/25 14:40:55.0265 3408 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/25 14:40:55.0453 3408 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/08/25 14:40:55.0640 3408 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/08/25 14:40:55.0859 3408 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/08/25 14:40:56.0078 3408 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/08/25 14:40:56.0312 3408 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/08/25 14:40:56.0640 3408 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/25 14:40:56.0765 3408 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/25 14:40:56.0828 3408 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/08/25 14:40:57.0015 3408 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/08/25 14:40:57.0203 3408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/25 14:40:58.0406 3408 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2011/08/25 14:40:59.0296 3408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/25 14:40:59.0437 3408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/25 14:40:59.0546 3408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/25 14:40:59.0625 3408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/25 14:40:59.0703 3408 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/08/25 14:40:59.0875 3408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/25 14:41:00.0093 3408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/25 14:41:00.0203 3408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/25 14:41:00.0281 3408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/25 14:41:00.0343 3408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/25 14:41:00.0406 3408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/25 14:41:00.0468 3408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/25 14:41:00.0515 3408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/25 14:41:00.0625 3408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/25 14:41:00.0687 3408 MVDCODEC (273ab19df8b2ac3486e8f38cf50f6b3b) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/08/25 14:41:00.0875 3408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/25 14:41:00.0953 3408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/25 14:41:01.0015 3408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/25 14:41:01.0093 3408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/25 14:41:01.0171 3408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/25 14:41:01.0218 3408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/25 14:41:01.0281 3408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/25 14:41:01.0359 3408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/25 14:41:01.0421 3408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/25 14:41:01.0546 3408 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/08/25 14:41:01.0718 3408 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/08/25 14:41:01.0906 3408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/25 14:41:01.0984 3408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/25 14:41:02.0156 3408 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/25 14:41:02.0312 3408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/25 14:41:03.0046 3408 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/25 14:41:03.0796 3408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/25 14:41:03.0859 3408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/25 14:41:04.0015 3408 P2k (8ee5915a40ab1fa206d85b9b6fc622f4) C:\WINDOWS\system32\DRIVERS\P2k.sys
2011/08/25 14:41:04.0343 3408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/25 14:41:05.0093 3408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/25 14:41:06.0062 3408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/25 14:41:06.0734 3408 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/08/25 14:41:07.0359 3408 PCDCODEC (717f5ed0ec2e1dad134d0f0bb1e75bc1) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
2011/08/25 14:41:07.0828 3408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/25 14:41:08.0187 3408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/25 14:41:08.0265 3408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/25 14:41:08.0546 3408 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/08/25 14:41:09.0937 3408 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/08/25 14:41:10.0203 3408 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/08/25 14:41:10.0515 3408 Pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/25 14:41:11.0406 3408 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
2011/08/25 14:41:11.0609 3408 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/08/25 14:41:11.0781 3408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/25 14:41:11.0828 3408 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/25 14:41:11.0968 3408 psadd (cda7fd04dd3733731bd5297969f0931b) C:\WINDOWS\system32\Drivers\psadd.sys
2011/08/25 14:41:12.0250 3408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/25 14:41:12.0328 3408 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/08/25 14:41:12.0562 3408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/25 14:41:12.0859 3408 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/25 14:41:12.0968 3408 QCDonner (ae4c2d854f2786eda93e923a4bced983) C:\WINDOWS\system32\DRIVERS\LVCD.sys
2011/08/25 14:41:13.0312 3408 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/08/25 14:41:13.0984 3408 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/08/25 14:41:14.0234 3408 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/08/25 14:41:14.0296 3408 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/08/25 14:41:14.0359 3408 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/08/25 14:41:14.0421 3408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/25 14:41:14.0531 3408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/25 14:41:14.0593 3408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/25 14:41:14.0656 3408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/25 14:41:14.0718 3408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/25 14:41:14.0796 3408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/25 14:41:14.0859 3408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/25 14:41:14.0937 3408 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/25 14:41:15.0000 3408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/25 14:41:15.0062 3408 RioS35 (d5f71afb0661dfe955af4bb507ebcd78) C:\WINDOWS\system32\Drivers\RioS35.sys
2011/08/25 14:41:15.0265 3408 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/25 14:41:15.0562 3408 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys
2011/08/25 14:41:17.0234 3408 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
2011/08/25 14:41:17.0421 3408 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys
2011/08/25 14:41:17.0625 3408 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
2011/08/25 14:41:17.0781 3408 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys
2011/08/25 14:41:17.0953 3408 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys
2011/08/25 14:41:18.0093 3408 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys
2011/08/25 14:41:18.0312 3408 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/25 14:41:18.0437 3408 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/25 14:41:18.0609 3408 SCDEmu (85a26c37b91b1187550c99b046840691) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/25 14:41:19.0000 3408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/25 14:41:19.0140 3408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/25 14:41:19.0890 3408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/25 14:41:20.0468 3408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/25 14:41:21.0125 3408 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/08/25 14:41:21.0171 3408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/25 14:41:21.0265 3408 smwdm (a817845e68342d7d1c97937ea707412b) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/25 14:41:21.0593 3408 snapman (68fc62a72bd6d8e9dfe3718440be94a0) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/08/25 14:41:21.0796 3408 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/25 14:41:21.0859 3408 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/08/25 14:41:21.0937 3408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/25 14:41:22.0015 3408 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/25 14:41:22.0015 3408 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/08/25 14:41:22.0046 3408 sptd - detected LockedFile.Multi.Generic (1)
2011/08/25 14:41:22.0093 3408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/25 14:41:22.0156 3408 SRFilter (7ccd7e3c64c8a6f45bd8c1e408bb9add) C:\WINDOWS\system32\drivers\srntflt.sys
2011/08/25 14:41:22.0375 3408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/25 14:41:22.0421 3408 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/08/25 14:41:22.0578 3408 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/08/25 14:41:22.0750 3408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/25 14:41:22.0843 3408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/25 14:41:22.0968 3408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/25 14:41:23.0328 3408 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/08/25 14:41:23.0484 3408 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/08/25 14:41:23.0625 3408 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/08/25 14:41:23.0687 3408 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/08/25 14:41:23.0906 3408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/25 14:41:24.0000 3408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/25 14:41:24.0093 3408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/25 14:41:24.0203 3408 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/08/25 14:41:24.0421 3408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/25 14:41:24.0828 3408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/25 14:41:25.0234 3408 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/08/25 14:41:25.0421 3408 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/08/25 14:41:25.0578 3408 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/08/25 14:41:25.0734 3408 tfsndres (c435768c370f35a5abf22bd6ca272014) C:\WINDOWS\system32\dla\tfsndres.sys
2011/08/25 14:41:25.0921 3408 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/08/25 14:41:26.0109 3408 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/08/25 14:41:26.0281 3408 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/08/25 14:41:26.0437 3408 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/08/25 14:41:26.0578 3408 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/08/25 14:41:26.0812 3408 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/08/25 14:41:27.0031 3408 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/08/25 14:41:27.0234 3408 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/08/25 14:41:28.0000 3408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/25 14:41:28.0609 3408 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/08/25 14:41:29.0703 3408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/25 14:41:30.0296 3408 upperdev (bb16932a4189e82d6c455042c11849b6) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/08/25 14:41:30.0531 3408 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/25 14:41:30.0828 3408 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/25 14:41:30.0984 3408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/25 14:41:31.0046 3408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/25 14:41:31.0203 3408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/25 14:41:31.0281 3408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/25 14:41:31.0328 3408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/25 14:41:31.0390 3408 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/08/25 14:41:31.0453 3408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/25 14:41:31.0515 3408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/25 14:41:31.0562 3408 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/08/25 14:41:31.0625 3408 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/08/25 14:41:31.0687 3408 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/08/25 14:41:31.0687 3408 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2011/08/25 14:41:31.0703 3408 vaxscsi - detected LockedFile.Multi.Generic (1)
2011/08/25 14:41:31.0734 3408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/25 14:41:31.0796 3408 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/08/25 14:41:31.0859 3408 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/25 14:41:31.0921 3408 VNUSB (c48e230878ea1946f0c4026a9d8e9a61) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/08/25 14:41:32.0140 3408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/25 14:41:32.0546 3408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/25 14:41:32.0625 3408 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/08/25 14:41:32.0906 3408 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/25 14:41:33.0265 3408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/25 14:41:33.0656 3408 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/25 14:41:33.0937 3408 WinRT (ab8b158d64024e502ec13090f15c7742) C:\WINDOWS\system32\drivers\WinRT.sys
2011/08/25 14:41:34.0171 3408 WmBEnum (671db6a9b772b807721147c28faf760f) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/08/25 14:41:34.0312 3408 WmFilter (cffe18db8140b00335221907a694dd01) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/08/25 14:41:34.0562 3408 WmVirHid (2e17ea3b132963e3c07d50d68d2df54e) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/08/25 14:41:34.0703 3408 WmXlCore (0ece3bb49eb9ee42c411a0f1ec39dda9) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/08/25 14:41:34.0828 3408 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/25 14:41:34.0906 3408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/25 14:41:35.0500 3408 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/25 14:41:35.0796 3408 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/25 14:41:35.0921 3408 XUIF (61d2fcf2886f318cc33686782b35c0b0) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2011/08/25 14:41:36.0140 3408 {6080A529-897E-4629-A488-ABA0C29B635E} (9cc9bf9961726eeabb9ee70b80a7741f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/25 14:41:36.0296 3408 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9e23f50a94da9d2958465853c0b9cde6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/25 14:41:36.0406 3408 MBR (0x1B8) (6db645fc10c40bb05cc99e3e11c263fb) \Device\Harddisk0\DR0
2011/08/25 14:41:36.0421 3408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/25 14:41:36.0437 3408 Boot (0x1200) (ee2007012fe101c9908f4634b2f10043) \Device\Harddisk0\DR0\Partition0
2011/08/25 14:41:36.0484 3408 Boot (0x1200) (ce9df84839e92a71b0daea02a7b82623) \Device\Harddisk0\DR0\Partition1
2011/08/25 14:41:36.0515 3408 Boot (0x1200) (99cb7608cfb15e4b3978cbb19f8e9f05) \Device\Harddisk0\DR0\Partition2
2011/08/25 14:41:36.0531 3408 ================================================================================
2011/08/25 14:41:36.0531 3408 Scan finished
2011/08/25 14:41:36.0531 3408 ================================================================================
2011/08/25 14:41:36.0546 5604 Detected object count: 3
2011/08/25 14:41:36.0546 5604 Actual detected object count: 3
2011/08/25 14:44:16.0984 5604 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/25 14:44:16.0984 5604 LockedFile.Multi.Generic(vaxscsi) - User select action: Skip
2011/08/25 14:44:17.0015 5604 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/25 14:44:17.0015 5604 \Device\Harddisk0\DR0 - ok
2011/08/25 14:44:17.0015 5604 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/25 14:48:31.0062 5844 Deinitialize success

THIRD:

2011/08/25 15:00:23.0906 2656 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 15:00:25.0906 2656 ================================================================================
2011/08/25 15:00:25.0906 2656 SystemInfo:
2011/08/25 15:00:25.0906 2656
2011/08/25 15:00:25.0906 2656 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 15:00:25.0906 2656 Product type: Workstation
2011/08/25 15:00:25.0906 2656 ComputerName: IBM-CAE8212E769
2011/08/25 15:00:25.0906 2656 UserName: jason *****
2011/08/25 15:00:25.0906 2656 Windows directory: C:\WINDOWS
2011/08/25 15:00:25.0906 2656 System windows directory: C:\WINDOWS
2011/08/25 15:00:25.0906 2656 Processor architecture: Intel x86
2011/08/25 15:00:25.0906 2656 Number of processors: 1
2011/08/25 15:00:25.0906 2656 Page size: 0x1000
2011/08/25 15:00:25.0906 2656 Boot type: Normal boot
2011/08/25 15:00:25.0906 2656 ================================================================================
2011/08/25 15:00:28.0109 2656 Initialize success

#6 LineofEld19

LineofEld19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 25 August 2011 - 02:34 PM

MBAM Log from the quick scan:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7569

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2011 3:22:33 PM
mbam-log-2011-08-25 (15-22-33).txt

Scan type: Quick scan
Objects scanned: 208574
Time elapsed: 12 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:43 PM

Posted 25 August 2011 - 03:52 PM

OK, those were good logs, What TDSS found and cured after reboot are major problems,

How is it running now? We should still run one more.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 LineofEld19

LineofEld19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 26 August 2011 - 04:08 PM

ESET list from program: 15 threats:

C:\Documents and Settings\Administrator\My Documents\Downloads\cnet_PSISetup_exe.exe a variant of Win32/InstallCore.B application
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\1\13492401-63fc05b1 a variant of Java/Agent.BR trojan
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\28\350e9cdc-4f546002 probably a variant of Java/Agent.BR trojan
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-6d92205a multiple threats
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-7b3c1c2c Java/Agent.BV trojan
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\58\d552d7a-1c05fc67 a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\60\4f698bbc-780ece50 multiple threats
C:\Documents and Settings\jason\Application Data\Sun\Java\Deployment\cache\6.0\8\fad2d88-11ce6832 Java/Agent.BV trojan
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-41899162 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Documents and Settings\jason \Desktop\MISC\fff\CheatEngine55.exe multiple threats
C:\Documents and Settings\jason \Desktop\MISC\New Folder\DRX-rtwbi14t\DRX-rtwbi14t.exe probably a variant of Win32/HackTool.CheatEngine.AB application
C:\Documents and Settings\jason \Desktop\MISC\New Folder (2)\EmpireTotalWarPLUS11Trainer.zip a variant of Win32/GameHack.F application
C:\Documents and Settings\jason \Desktop\MISC\New Folder (2)\totaloverdoseofwarret-ch.zip a variant of Win32/GameHack.F application
C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP2068\A0409198.dll a variant of Win32/Kryptik.RZD trojan
C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP2069\A0425514.exe a variant of Win32/GameHack.F application

ESET LOG:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8164cf4e2435f0468829d62324bebfd7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-26 04:18:38
# local_time=2011-08-26 12:18:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31140343 31140343 0 0
# compatibility_mode=1024 16777215 100 0 46606657 46606657 0 0
# compatibility_mode=3073 16777214 0 5 31140787 31140787 0 0
# compatibility_mode=5121 16777173 100 75 2404877 14758842 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=355
# found=0
# cleaned=0
# scan_time=142
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8164cf4e2435f0468829d62324bebfd7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-26 08:55:49
# local_time=2011-08-26 04:55:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31140554 31140554 0 0
# compatibility_mode=1024 16777215 100 0 46606868 46606868 0 0
# compatibility_mode=3073 16777214 0 5 31140998 31140998 0 0
# compatibility_mode=5121 16777173 100 75 2405088 14759053 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=187103
# found=15
# cleaned=0
# scan_time=16564
C:\Documents and Settings\Administrator\My Documents\Downloads\cnet_PSISetup_exe.exe a variant of Win32/InstallCore.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\1\13492401-63fc05b1 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\28\350e9cdc-4f546002 probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-6d92205a multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-7b3c1c2c Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\58\d552d7a-1c05fc67 a variant of Java/Exploit.CVE-2009-2843.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\60\4f698bbc-780ece50 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\8\fad2d88-11ce6832 Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-41899162 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Desktop\MISC\fff\CheatEngine55.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Desktop\MISC\New Folder\DRX-rtwbi14t\DRX-rtwbi14t.exe probably a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Desktop\MISC\New Folder (2)\EmpireTotalWarPLUS11Trainer.zip a variant of Win32/GameHack.F application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jason \Desktop\MISC\New Folder (2)\totaloverdoseofwarret-ch.zip a variant of Win32/GameHack.F application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP2068\A0409198.dll a variant of Win32/Kryptik.RZD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP2069\A0425514.exe a variant of Win32/GameHack.F application (unable to clean) 00000000000000000000000000000000 I

Edited by LineofEld19, 26 August 2011 - 04:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users