Can't get rid of Alureon.A even after a windows7 reinstall.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BrotherMalachi

Thread Starter
Joined
Dec 24, 2010
Messages
6
Hi! Please help.
My computer has been infected with ALureon.A
I have Windows Security essentials installed, which "discovered" the virus and apparently removed it. However, after each restart the virus/rootkit reappears. Only MSE is able to find the virus. I've tried Malwarebytes, trendMicro...none of them can detect it.




hijack this logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:18 PM, on 12/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Form Filler\CPFillerCo.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: KDWin Keyboard Driver.lnk = C:\KDWin\KDWIN.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
O4 - Global Startup: GammaTray.exe.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9698 bytes




DDS.txt:



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Nick at 22:57:33.33 on Thu 12/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10061 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Nick\Desktop\OTS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Users\Nick\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nick\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Form Filler\CPFillerCo.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KDWINK~1.LNK - C:\KDWin\KDWIN.EXE
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: hplun.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\fxylfo37.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&ss=1&scc=1&ltmpl=default&ltmplcache=2|https://www.google.com/a/arquell.co.../login.live.com/login.srf?id=2&vv=900&lc=1033
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: LavaFox V1-Blue: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Ext: Foxdie for Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Foxdie (Graphite): [email protected] - %profile%\extensions\[email protected]
FF - Ext: Foxdie: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2010-1-26 179752]
R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2007-1-25 31464]
R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2007-1-25 27880]
R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2007-1-25 27880]
R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2007-1-25 27880]
R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2007-1-25 35048]
R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2007-1-25 30952]
R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2007-1-25 23272]
R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2007-1-25 27368]
R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2007-1-25 48360]
R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2007-1-25 33000]
R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2007-1-25 31464]
R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2007-1-25 58088]
R1 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2007-1-25 25320]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-19 203776]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2007-1-25 15080]
R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2007-1-25 13032]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-12-19 21712]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk62x64l.sys [2009-9-22 88064]
S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\System32\drivers\yk62x64v.sys [2009-8-28 25600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-19 1255736]

=============== Created Last 30 ================

2010-12-24 04:43:30 -------- d-----w- C:\Downloads
2010-12-24 04:23:06 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{9AEC2B6A-B99C-45E3-B3C2-B5B6B6BB2EFA}\mpengine.dll
2010-12-23 18:07:56 -------- d-----w- C:\KDWin
2010-12-23 07:53:48 -------- d-----w- C:\Users\Nick\AppData\Roaming\Free Download Manager
2010-12-23 07:53:45 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2010-12-23 07:53:45 -------- d-----w- C:\PROGRA~3\FreeDownloadManager.ORG
2010-12-23 07:02:16 -------- d-----w- C:\Program Files (x86)\Acro Software
2010-12-22 09:15:38 -------- d-----w- C:\Users\Nick\AppData\Local\Cyberlink
2010-12-22 09:07:57 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-12-21 04:48:31 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2010-12-21 04:33:17 -------- d-----w- C:\Windows\pss
2010-12-20 07:51:40 -------- d-----w- C:\Program Files (x86)\GNU
2010-12-20 07:17:07 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-20 02:23:11 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes
2010-12-20 02:23:06 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 02:23:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-20 02:23:03 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-20 02:23:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-19 22:04:02 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{208FD420-8BD1-4911-9E7B-AA4C5DF22642}\gapaengine.dll
2010-12-19 21:54:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2010-12-19 21:54:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2010-12-19 21:54:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2010-12-19 21:08:01 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-12-19 21:08:01 -------- d-----w- C:\Program Files (x86)\InstaCodecs
2010-12-19 20:49:33 -------- d-----w- C:\Windows\Replay Media Splitter
2010-12-19 20:49:32 -------- d-----w- C:\Program Files (x86)\Replay Media Splitter
2010-12-19 20:44:13 -------- d-----w- C:\PROGRA~3\TreeCardGames
2010-12-19 20:44:12 -------- d-----w- C:\Users\Nick\AppData\Roaming\SolSuite
2010-12-19 20:37:44 -------- d-----w- C:\Program Files (x86)\SolSuite
2010-12-19 20:23:05 -------- d-----w- C:\Users\Nick\AppData\Roaming\ACD Systems
2010-12-19 20:23:05 -------- d-----w- C:\Users\Nick\AppData\Local\ACD Systems
2010-12-19 20:22:18 -------- d-----w- C:\PROGRA~3\ACD Systems
2010-12-19 20:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
2010-12-19 20:22:13 -------- d-----w- C:\Program Files (x86)\ACD Systems
2010-12-19 20:20:38 -------- d-----w- C:\Users\Nick\AppData\Local\Downloaded Installations
2010-12-19 19:57:40 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2010-12-19 19:57:30 -------- d-----w- C:\Windows\PCHEALTH
2010-12-19 19:57:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-12-19 19:55:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-12-19 19:55:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-12-19 19:54:45 -------- d-----w- C:\Users\Nick\AppData\Local\Microsoft Help
2010-12-19 19:15:30 -------- d-----w- C:\Users\Nick\AppData\Local\ODUI
2010-12-19 19:15:09 -------- d-----w- C:\Users\Nick\AppData\Local\Stardock
2010-12-19 19:15:05 -------- d-----w- C:\Users\Nick\AppData\Roaming\Stardock
2010-12-19 19:14:51 -------- dc-h--w- C:\PROGRA~3\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2010-12-19 19:14:51 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2010-12-19 19:14:51 -------- d-----w- C:\PROGRA~3\Stardock
2010-12-19 19:14:45 -------- d-----w- C:\Program Files (x86)\Stardock
2010-12-19 19:14:34 -------- d-----w- C:\Users\Nick\AppData\Local\PackageAware
2010-12-19 19:04:00 -------- d-----w- C:\Program Files (x86)\Creative
2010-12-19 19:00:19 -------- d-----w- C:\Program Files (x86)\MonitorDriver
2010-12-19 18:57:56 994304 ----a-w- C:\Windows\System32\ykx64ncu.dll
2010-12-19 18:57:20 -------- d-----w- C:\Program Files (x86)\Marvell
2010-12-19 18:57:19 -------- d-----w- C:\Users\Nick\AppData\Local\TMP
2010-12-19 18:56:03 16896 ----a-w- C:\Windows\AsTaskSched.dll
2010-12-19 18:54:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2010-12-19 18:54:37 -------- d-----w- C:\Intel
2010-12-19 18:37:00 -------- d-----w- C:\Users\Nick\AppData\Local\ATI
2010-12-19 18:35:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-12-19 18:35:16 125456 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
2010-12-19 18:35:15 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-12-19 18:35:15 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-12-19 18:35:15 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-12-19 18:35:15 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-12-19 18:35:15 -------- d-----w- C:\CIMTEMP
2010-12-19 18:34:58 -------- d-----w- C:\Program Files\ATI Technologies
2010-12-19 18:34:54 -------- d-----w- C:\Program Files\ATI
2010-12-19 18:30:26 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL
2010-12-19 18:30:26 176128 ----a-w- C:\Windows\SysWow64\BROSNMP.DLL
2010-12-19 18:30:26 111928 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE
2010-12-19 18:30:25 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL
2010-12-19 18:30:25 24223 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL
2010-12-19 18:21:00 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-12-19 18:16:56 -------- d-----w- C:\Users\Nick\AppData\Local\Adobe
2010-12-19 17:33:43 -------- d-----w- C:\Program Files (x86)\Siber Systems
2010-12-19 17:28:06 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2010-12-19 17:28:06 -------- d-----w- C:\Users\Nick\AppData\Local\eSupport.com
2010-12-19 17:20:22 -------- d-----w- C:\Program Files (x86)\Jetico
2010-12-19 17:08:41 -------- d-----w- C:\Windows\SysWow64\Wat
2010-12-19 17:08:41 -------- d-----w- C:\Windows\System32\Wat
2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\ru
2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
2010-12-19 17:08:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2010-12-19 17:08:21 -------- d-----w- C:\Windows\System32\drivers\ru-RU
2010-12-19 17:08:20 -------- d-----w- C:\Windows\System32\wbem\ru-RU
2010-12-19 17:08:20 -------- d-----w- C:\Windows\System32\ru
2010-12-19 17:08:06 -------- d-----w- C:\Windows\ru-RU
2010-12-19 17:02:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-19 17:02:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-19 16:42:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-12-19 16:42:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-12-19 16:39:06 23096 ----a-w- C:\Windows\System32\drivers\MTiCtwl.sys
2010-12-19 16:34:15 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-19 16:30:53 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-12-19 16:30:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-12-19 16:30:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-12-19 16:30:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-12-19 16:30:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-12-19 16:30:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-12-19 16:30:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-12-19 16:30:53 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-12-19 16:30:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-12-19 16:30:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-12-19 16:22:23 -------- d-sh--w- C:\Windows\Installer
2010-12-19 16:22:14 -------- d-----w- C:\Program Files (x86)\MagicTune Premium
2010-12-19 16:17:21 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-12-19 16:17:21 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-12-19 16:07:52 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-12-19 16:06:57 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-12-19 16:05:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-12-19 16:00:52 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-19 15:59:18 -------- d-----w- C:\Users\Nick\AppData\Local\ElevatedDiagnostics
2010-12-19 15:36:45 8199504 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6EA5ADAA-F5A9-4608-B296-25D80C0273D9}\mpengine.dll
2010-12-19 15:36:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-19 15:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-12-19 15:32:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-12-19 15:32:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-12-19 15:32:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-12-19 15:30:54 -------- d-sh--w- C:\Recovery
2010-12-19 15:15:38 -------- d-----w- C:\Windows\Panther

==================== Find3M ====================

2010-12-22 09:06:58 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-12-22 09:06:58 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-12-19 18:32:25 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
2010-11-10 10:49:26 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2010-11-10 10:49:02 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2010-11-10 10:47:14 416352 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2010-11-10 10:45:54 4162784 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2010-11-10 10:45:32 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
2010-11-10 10:45:32 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2010-11-10 10:45:32 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\System32\LogiDPP.dll
2010-11-10 10:45:20 316248 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2010-11-10 10:45:20 316248 ----a-w- C:\Windows\System32\DevManagerCore.dll
2010-11-10 10:45:02 767584 ----a-w- C:\Windows\System32\LVUI64.dll
2010-11-10 10:44:24 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2010-11-10 10:43:32 259680 ----a-w- C:\Windows\System32\lvco13101216.dll
2010-11-10 10:43:12 400480 ----a-w- C:\Windows\System32\lvcod64.dll
2010-11-10 10:32:14 38238 ----a-w- C:\Windows\System32\Repository.reg
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:50:28 1580368 ----a-w- C:\Windows\System32\LogiLDA.DLL
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 12:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 11:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 11:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 10:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 10:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 10:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 10:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 10:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 10:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 10:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 10:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 10:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 10:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 10:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 10:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 10:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 10:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 10:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 10:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 10:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 10:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 10:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 10:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 10:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 10:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 10:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 10:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 10:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 10:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 10:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 10:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 10:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 10:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 10:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 10:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 10:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 09:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 09:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 22:57:50.88 ===============



ark.txt was empty (didn't find any system modifications)
Don't know if this is a good sign :(



Thank you very much,
- Nick
 

Attachments

BrotherMalachi

Thread Starter
Joined
Dec 24, 2010
Messages
6
As a side note, I went through several threads that I found on this forum. However, almost all of them had custom instructions based on the log files the users had posted. Therefore i was unable to follow any of those instructions :(
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
Hiya BrotherMalachi

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
 

BrotherMalachi

Thread Starter
Joined
Dec 24, 2010
Messages
6
Thanks for the reply Kevin!

Here is the log:

2010/12/24 15:15:41.0184 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 15:15:41.0184 ================================================================================
2010/12/24 15:15:41.0184 SystemInfo:
2010/12/24 15:15:41.0184
2010/12/24 15:15:41.0184 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/24 15:15:41.0184 Product type: Workstation
2010/12/24 15:15:41.0184 ComputerName: NICK-PC
2010/12/24 15:15:41.0184 UserName: Nick
2010/12/24 15:15:41.0185 Windows directory: C:\Windows
2010/12/24 15:15:41.0185 System windows directory: C:\Windows
2010/12/24 15:15:41.0185 Running under WOW64
2010/12/24 15:15:41.0185 Processor architecture: Intel x64
2010/12/24 15:15:41.0185 Number of processors: 8
2010/12/24 15:15:41.0185 Page size: 0x1000
2010/12/24 15:15:41.0185 Boot type: Normal boot
2010/12/24 15:15:41.0185 ================================================================================
2010/12/24 15:15:41.0185 Utility is running under WOW64
2010/12/24 15:15:42.0189 Initialize success
2010/12/24 15:15:46.0382 ================================================================================
2010/12/24 15:15:46.0382 Scan started
2010/12/24 15:15:46.0382 Mode: Manual;
2010/12/24 15:15:46.0382 ================================================================================
2010/12/24 15:15:48.0209 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/24 15:15:48.0227 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/24 15:15:48.0245 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/24 15:15:48.0302 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
2010/12/24 15:15:48.0347 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/24 15:15:48.0368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/24 15:15:48.0384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/24 15:15:48.0418 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/24 15:15:48.0438 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/24 15:15:48.0456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/24 15:15:48.0491 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/24 15:15:48.0510 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/24 15:15:48.0691 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/24 15:15:48.0804 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/24 15:15:48.0818 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/24 15:15:48.0839 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/24 15:15:48.0854 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/24 15:15:48.0865 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/24 15:15:48.0895 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/24 15:15:48.0945 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/24 15:15:48.0956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/24 15:15:48.0981 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/24 15:15:48.0997 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/24 15:15:49.0049 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/24 15:15:49.0107 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/24 15:15:49.0133 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/24 15:15:49.0157 bcbus (9417afaf1ae21fa8e5bedced9f09415e) C:\Windows\system32\DRIVERS\bcbus.sys
2010/12/24 15:15:49.0178 BC_3DES (ec18c22fcf21193a7e672de5890a024f) C:\Windows\system32\drivers\BC_3DES.sys
2010/12/24 15:15:49.0190 BC_BF128 (6421acffaeba81b310a98b6c433efc29) C:\Windows\system32\drivers\BC_BF128.sys
2010/12/24 15:15:49.0208 BC_BF448 (f20dbf705411f647a2ef33e5ba07a37f) C:\Windows\system32\drivers\BC_BF448.sys
2010/12/24 15:15:49.0219 BC_BFish (24d5c31056a4ad1c3f08d35fdbe57b4a) C:\Windows\system32\drivers\BC_BFish.sys
2010/12/24 15:15:49.0242 BC_CAST (1fd85889aa29827ffd49458101589ea7) C:\Windows\system32\drivers\BC_CAST.sys
2010/12/24 15:15:49.0255 BC_DES (9998653d9942e474e7defb8bd9b57d04) C:\Windows\system32\drivers\BC_DES.sys
2010/12/24 15:15:49.0273 BC_Gost (6186708e28e74978f58283269abd3190) C:\Windows\system32\drivers\BC_Gost.sys
2010/12/24 15:15:49.0288 BC_RC6 (e7061d93455dd80b6be71ffacea4f817) C:\Windows\system32\drivers\BC_RC6.sys
2010/12/24 15:15:49.0304 BC_RIJN (1f458e13c355b50fb5e65d369584a1f7) C:\Windows\system32\drivers\BC_RIJN.sys
2010/12/24 15:15:49.0322 BC_SERP (4821d9fe63e0a3db0c4dcfb7d8968426) C:\Windows\system32\drivers\BC_SERP.sys
2010/12/24 15:15:49.0334 BC_TFISH (775261c0490547026af2e0309ca3169d) C:\Windows\system32\drivers\BC_TFISH.sys
2010/12/24 15:15:49.0370 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/24 15:15:49.0418 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/24 15:15:49.0428 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/24 15:15:49.0439 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/24 15:15:49.0447 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/24 15:15:49.0492 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
2010/12/24 15:15:49.0520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/24 15:15:49.0535 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/24 15:15:49.0550 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/24 15:15:49.0559 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/24 15:15:49.0585 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2010/12/24 15:15:49.0595 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/24 15:15:49.0609 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/24 15:15:49.0632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/24 15:15:49.0645 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/24 15:15:49.0670 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/24 15:15:49.0702 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/24 15:15:49.0711 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/24 15:15:49.0731 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/24 15:15:49.0752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/24 15:15:49.0774 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/24 15:15:49.0788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/24 15:15:49.0830 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/12/24 15:15:49.0843 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/24 15:15:49.0850 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/24 15:15:49.0857 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/24 15:15:49.0886 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/24 15:15:49.0964 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2010/12/24 15:15:50.0012 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/24 15:15:50.0112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/24 15:15:50.0170 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/24 15:15:50.0196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/24 15:15:50.0241 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/24 15:15:50.0253 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/24 15:15:50.0266 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/24 15:15:50.0283 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/24 15:15:50.0302 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/24 15:15:50.0311 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/24 15:15:50.0326 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/24 15:15:50.0351 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/24 15:15:50.0408 fsh (9a2b70d9a6608c9c2d04906531ce0226) C:\Windows\system32\drivers\fsh.sys
2010/12/24 15:15:50.0420 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/24 15:15:50.0436 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/24 15:15:50.0455 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/24 15:15:50.0489 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/24 15:15:50.0517 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/24 15:15:50.0529 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/24 15:15:50.0548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/24 15:15:50.0569 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/24 15:15:50.0589 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/24 15:15:50.0602 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/24 15:15:50.0622 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/24 15:15:50.0649 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/24 15:15:50.0664 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/24 15:15:50.0687 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/24 15:15:50.0715 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/24 15:15:50.0765 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/24 15:15:50.0781 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/24 15:15:50.0794 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/24 15:15:50.0818 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/24 15:15:50.0835 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/24 15:15:50.0845 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/24 15:15:50.0859 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/24 15:15:50.0874 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/24 15:15:50.0902 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/24 15:15:50.0922 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/24 15:15:50.0933 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/24 15:15:50.0947 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/24 15:15:50.0995 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/24 15:15:51.0012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/24 15:15:51.0035 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/24 15:15:51.0066 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/24 15:15:51.0077 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/24 15:15:51.0104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/24 15:15:51.0130 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/24 15:15:51.0143 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/24 15:15:51.0217 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/12/24 15:15:51.0321 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2010/12/24 15:15:51.0370 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
2010/12/24 15:15:51.0384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/24 15:15:51.0399 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/24 15:15:51.0433 mhk (5e90f711cc25e4e1b4d86c334d6bb808) C:\Windows\system32\drivers\mhk.sys
2010/12/24 15:15:51.0456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/24 15:15:51.0465 moh (eca02eebd38f19fc4c6205dcf0ebd73e) C:\Windows\system32\drivers\moh.sys
2010/12/24 15:15:51.0489 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/24 15:15:51.0498 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/24 15:15:51.0520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/24 15:15:51.0531 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/24 15:15:51.0567 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/24 15:15:51.0590 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/24 15:15:51.0611 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/24 15:15:51.0630 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/24 15:15:51.0657 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/24 15:15:51.0702 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/24 15:15:51.0722 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/24 15:15:51.0757 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/24 15:15:51.0777 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/24 15:15:51.0795 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/24 15:15:51.0813 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/24 15:15:51.0828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/24 15:15:51.0837 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/24 15:15:51.0878 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/24 15:15:51.0891 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/24 15:15:51.0902 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/24 15:15:51.0918 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/24 15:15:51.0933 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/24 15:15:51.0944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/24 15:15:51.0966 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/24 15:15:52.0014 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/24 15:15:52.0027 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/24 15:15:52.0067 mv61xx (8274fe4fbe25d28fe2637b167ec76a5c) C:\Windows\system32\DRIVERS\mv61xx.sys
2010/12/24 15:15:52.0106 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/24 15:15:52.0142 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/24 15:15:52.0193 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/24 15:15:52.0205 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/24 15:15:52.0238 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/24 15:15:52.0251 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/24 15:15:52.0266 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/24 15:15:52.0280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/24 15:15:52.0296 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/24 15:15:52.0325 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/24 15:15:52.0341 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2010/12/24 15:15:52.0356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/24 15:15:52.0369 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/24 15:15:52.0409 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/24 15:15:52.0439 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/24 15:15:52.0460 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/24 15:15:52.0471 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/24 15:15:52.0496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/24 15:15:52.0507 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/24 15:15:52.0554 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/24 15:15:52.0565 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/24 15:15:52.0579 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/24 15:15:52.0593 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/24 15:15:52.0618 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/24 15:15:52.0629 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/24 15:15:52.0647 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/24 15:15:52.0704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/24 15:15:52.0720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/24 15:15:52.0737 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/24 15:15:52.0783 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/24 15:15:52.0824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/24 15:15:52.0848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/24 15:15:52.0867 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/24 15:15:52.0914 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/24 15:15:52.0939 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/24 15:15:52.0958 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/24 15:15:52.0972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/24 15:15:52.0989 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/24 15:15:53.0006 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/24 15:15:53.0026 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/24 15:15:53.0069 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/12/24 15:15:53.0090 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/24 15:15:53.0102 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/24 15:15:53.0130 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/24 15:15:53.0143 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/24 15:15:53.0170 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/24 15:15:53.0195 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/24 15:15:53.0209 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/24 15:15:53.0237 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/24 15:15:53.0255 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/24 15:15:53.0285 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/24 15:15:53.0295 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/24 15:15:53.0327 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/24 15:15:53.0374 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/24 15:15:53.0408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/24 15:15:53.0424 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/24 15:15:53.0436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/24 15:15:53.0462 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/24 15:15:53.0472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/24 15:15:53.0511 SkLaggProtocol (e6152bf23bf29585fbceeecbfbae000c) C:\Windows\system32\DRIVERS\yk62x64l.sys
2010/12/24 15:15:53.0542 SkVlanProtocol (fbf71f6e89d3d9ab57dc81829f95c2f1) C:\Windows\system32\DRIVERS\yk62x64v.sys
2010/12/24 15:15:53.0559 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/24 15:15:53.0583 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/24 15:15:53.0637 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/24 15:15:53.0665 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/24 15:15:53.0687 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/24 15:15:53.0708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/24 15:15:53.0738 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/24 15:15:53.0748 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/24 15:15:53.0759 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/24 15:15:53.0837 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/24 15:15:53.0904 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/24 15:15:53.0931 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/24 15:15:53.0964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/24 15:15:53.0974 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/24 15:15:53.0996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/24 15:15:54.0007 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/24 15:15:54.0039 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/24 15:15:54.0076 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/24 15:15:54.0087 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/24 15:15:54.0111 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/24 15:15:54.0132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/24 15:15:54.0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/24 15:15:54.0155 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/24 15:15:54.0187 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/24 15:15:54.0198 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/24 15:15:54.0209 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/24 15:15:54.0220 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/24 15:15:54.0244 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/24 15:15:54.0264 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/24 15:15:54.0296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/24 15:15:54.0309 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/24 15:15:54.0320 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/24 15:15:54.0330 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/24 15:15:54.0357 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/24 15:15:54.0381 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/24 15:15:54.0413 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/24 15:15:54.0422 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/24 15:15:54.0435 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/24 15:15:54.0446 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/24 15:15:54.0471 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/24 15:15:54.0483 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/24 15:15:54.0495 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/24 15:15:54.0515 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/24 15:15:54.0530 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/24 15:15:54.0552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/24 15:15:54.0582 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/24 15:15:54.0597 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/24 15:15:54.0608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/24 15:15:54.0617 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/24 15:15:54.0643 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/24 15:15:54.0668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/24 15:15:54.0699 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/24 15:15:54.0831 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/24 15:15:54.0879 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/24 15:15:54.0905 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/24 15:15:54.0928 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/24 15:15:54.0946 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/24 15:15:54.0997 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2010/12/24 15:15:55.0043 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/24 15:15:55.0091 ================================================================================
2010/12/24 15:15:55.0091 Scan finished
2010/12/24 15:15:55.0091 ================================================================================
2010/12/24 15:15:55.0097 Detected object count: 1
2010/12/24 15:16:08.0268 \HardDisk1 - will be cured after reboot
2010/12/24 15:16:08.0269 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/24 15:16:23.0722 Deinitialize success




Thanks,
- Nick
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
Hiya Nick,

Looks like TDSSKiller caught that one by the tail, run the following scan to ensure all is clean:

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your
system.

Post the log from ESET in your reply,

Kevin
 

BrotherMalachi

Thread Starter
Joined
Dec 24, 2010
Messages
6
This scanner can detect Alureon, right? Because nothing was found yay!
Thanks a bunch and happy holidays! :)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
Good to hear nothing was found, asfollows please

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click
    icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big
    button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Next,

Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet from Control Panel, select the ESET Online Scanner entry and click Uninstall, this will happen very quickly; only re-boot if requested.

Do you have any remaining issues/concerns, if not hit the mark solved tab at the top of the thread...

Kevin
 

BrotherMalachi

Thread Starter
Joined
Dec 24, 2010
Messages
6
Thanks a lot Kevin.

Just had one more quick question.
During this whole process I noticed that some of my drives have a "$RECYCLE.BIN" folder. On some of the drives these are as large as 15 gigs! I seem to be unable to wipe them off the drive. Any ideas? I tried booting into safe mode, but it still won't let me clear them. I know back in win98 days we could use DOS :D not sure what to do here though.

Thanks,
- Nick
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
As far as I`m aware you should leave those alone, usually they are hidden and not shown.

Right click on Start > Select > Open Windows Explorer > Select > Tools > Folder Options > View > Make sure "Dont show hidden, files, folders or drives" is selected.
Also "Hide protected operating system files" (recommended) is selected. If not, select them, apply then OK
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top