1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't get rid of Alureon.A even after a windows7 reinstall.

Discussion in 'Virus & Other Malware Removal' started by BrotherMalachi, Dec 24, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    Hi! Please help.
    My computer has been infected with ALureon.A
    I have Windows Security essentials installed, which "discovered" the virus and apparently removed it. However, after each restart the virus/rootkit reappears. Only MSE is able to find the virus. I've tried Malwarebytes, trendMicro...none of them can detect it.




    hijack this logfile:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:53:18 PM, on 12/23/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Nick\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Form Filler\CPFillerCo.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: KDWin Keyboard Driver.lnk = C:\KDWin\KDWIN.EXE
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    O4 - Global Startup: GammaTray.exe.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: hplun.dll
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9698 bytes




    DDS.txt:



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Nick at 22:57:33.33 on Thu 12/23/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10061 [GMT -8:00]

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k yksvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Nick\Desktop\OTS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\explorer.exe
    C:\Users\Nick\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Nick\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Form Filler\CPFillerCo.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KDWINK~1.LNK - C:\KDWin\KDWIN.EXE
    StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: hplun.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
    STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\fxylfo37.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&ss=1&scc=1&ltmpl=default&ltmplcache=2|https://www.google.com/a/arquell.co.../login.live.com/login.srf?id=2&vv=900&lc=1033
    FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF - Ext: LavaFox V1-Blue: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
    FF - Ext: Foxdie for Firefox: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Foxdie (Graphite): [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Foxdie: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2010-1-26 179752]
    R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2007-1-25 31464]
    R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2007-1-25 27880]
    R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2007-1-25 27880]
    R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2007-1-25 27880]
    R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2007-1-25 35048]
    R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2007-1-25 30952]
    R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2007-1-25 23272]
    R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2007-1-25 27368]
    R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2007-1-25 48360]
    R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2007-1-25 33000]
    R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2007-1-25 31464]
    R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2007-1-25 58088]
    R1 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2007-1-25 25320]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-19 203776]
    R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 27136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2007-1-25 15080]
    R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2007-1-25 13032]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-12-19 21712]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk62x64l.sys [2009-9-22 88064]
    S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\System32\drivers\yk62x64v.sys [2009-8-28 25600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-19 1255736]

    =============== Created Last 30 ================

    2010-12-24 04:43:30 -------- d-----w- C:\Downloads
    2010-12-24 04:23:06 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{9AEC2B6A-B99C-45E3-B3C2-B5B6B6BB2EFA}\mpengine.dll
    2010-12-23 18:07:56 -------- d-----w- C:\KDWin
    2010-12-23 07:53:48 -------- d-----w- C:\Users\Nick\AppData\Roaming\Free Download Manager
    2010-12-23 07:53:45 -------- d-----w- C:\Program Files (x86)\Free Download Manager
    2010-12-23 07:53:45 -------- d-----w- C:\PROGRA~3\FreeDownloadManager.ORG
    2010-12-23 07:02:16 -------- d-----w- C:\Program Files (x86)\Acro Software
    2010-12-22 09:15:38 -------- d-----w- C:\Users\Nick\AppData\Local\Cyberlink
    2010-12-22 09:07:57 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2010-12-21 04:48:31 -------- d-----w- C:\Program Files (x86)\Exterminate It!
    2010-12-21 04:33:17 -------- d-----w- C:\Windows\pss
    2010-12-20 07:51:40 -------- d-----w- C:\Program Files (x86)\GNU
    2010-12-20 07:17:07 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-20 02:23:11 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes
    2010-12-20 02:23:06 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 02:23:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-20 02:23:03 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-20 02:23:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-19 22:04:02 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{208FD420-8BD1-4911-9E7B-AA4C5DF22642}\gapaengine.dll
    2010-12-19 21:54:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2010-12-19 21:54:13 -------- d-----w- C:\Program Files\Microsoft Security Client
    2010-12-19 21:54:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2010-12-19 21:08:01 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2010-12-19 21:08:01 -------- d-----w- C:\Program Files (x86)\InstaCodecs
    2010-12-19 20:49:33 -------- d-----w- C:\Windows\Replay Media Splitter
    2010-12-19 20:49:32 -------- d-----w- C:\Program Files (x86)\Replay Media Splitter
    2010-12-19 20:44:13 -------- d-----w- C:\PROGRA~3\TreeCardGames
    2010-12-19 20:44:12 -------- d-----w- C:\Users\Nick\AppData\Roaming\SolSuite
    2010-12-19 20:37:44 -------- d-----w- C:\Program Files (x86)\SolSuite
    2010-12-19 20:23:05 -------- d-----w- C:\Users\Nick\AppData\Roaming\ACD Systems
    2010-12-19 20:23:05 -------- d-----w- C:\Users\Nick\AppData\Local\ACD Systems
    2010-12-19 20:22:18 -------- d-----w- C:\PROGRA~3\ACD Systems
    2010-12-19 20:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
    2010-12-19 20:22:13 -------- d-----w- C:\Program Files (x86)\ACD Systems
    2010-12-19 20:20:38 -------- d-----w- C:\Users\Nick\AppData\Local\Downloaded Installations
    2010-12-19 19:57:40 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2010-12-19 19:57:30 -------- d-----w- C:\Windows\PCHEALTH
    2010-12-19 19:57:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-12-19 19:55:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2010-12-19 19:55:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2010-12-19 19:54:45 -------- d-----w- C:\Users\Nick\AppData\Local\Microsoft Help
    2010-12-19 19:15:30 -------- d-----w- C:\Users\Nick\AppData\Local\ODUI
    2010-12-19 19:15:09 -------- d-----w- C:\Users\Nick\AppData\Local\Stardock
    2010-12-19 19:15:05 -------- d-----w- C:\Users\Nick\AppData\Roaming\Stardock
    2010-12-19 19:14:51 -------- dc-h--w- C:\PROGRA~3\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
    2010-12-19 19:14:51 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
    2010-12-19 19:14:51 -------- d-----w- C:\PROGRA~3\Stardock
    2010-12-19 19:14:45 -------- d-----w- C:\Program Files (x86)\Stardock
    2010-12-19 19:14:34 -------- d-----w- C:\Users\Nick\AppData\Local\PackageAware
    2010-12-19 19:04:00 -------- d-----w- C:\Program Files (x86)\Creative
    2010-12-19 19:00:19 -------- d-----w- C:\Program Files (x86)\MonitorDriver
    2010-12-19 18:57:56 994304 ----a-w- C:\Windows\System32\ykx64ncu.dll
    2010-12-19 18:57:20 -------- d-----w- C:\Program Files (x86)\Marvell
    2010-12-19 18:57:19 -------- d-----w- C:\Users\Nick\AppData\Local\TMP
    2010-12-19 18:56:03 16896 ----a-w- C:\Windows\AsTaskSched.dll
    2010-12-19 18:54:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2010-12-19 18:54:37 -------- d-----w- C:\Intel
    2010-12-19 18:37:00 -------- d-----w- C:\Users\Nick\AppData\Local\ATI
    2010-12-19 18:35:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2010-12-19 18:35:16 125456 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
    2010-12-19 18:35:15 478208 ----a-w- C:\Windows\System32\atieclxx.exe
    2010-12-19 18:35:15 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2010-12-19 18:35:15 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
    2010-12-19 18:35:15 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2010-12-19 18:35:15 -------- d-----w- C:\CIMTEMP
    2010-12-19 18:34:58 -------- d-----w- C:\Program Files\ATI Technologies
    2010-12-19 18:34:54 -------- d-----w- C:\Program Files\ATI
    2010-12-19 18:30:26 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL
    2010-12-19 18:30:26 176128 ----a-w- C:\Windows\SysWow64\BROSNMP.DLL
    2010-12-19 18:30:26 111928 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE
    2010-12-19 18:30:25 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL
    2010-12-19 18:30:25 24223 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL
    2010-12-19 18:21:00 -------- d-----w- C:\Program Files (x86)\GRETECH
    2010-12-19 18:16:56 -------- d-----w- C:\Users\Nick\AppData\Local\Adobe
    2010-12-19 17:33:43 -------- d-----w- C:\Program Files (x86)\Siber Systems
    2010-12-19 17:28:06 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
    2010-12-19 17:28:06 -------- d-----w- C:\Users\Nick\AppData\Local\eSupport.com
    2010-12-19 17:20:22 -------- d-----w- C:\Program Files (x86)\Jetico
    2010-12-19 17:08:41 -------- d-----w- C:\Windows\SysWow64\Wat
    2010-12-19 17:08:41 -------- d-----w- C:\Windows\System32\Wat
    2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\XPSViewer
    2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
    2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\ru
    2010-12-19 17:08:35 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
    2010-12-19 17:08:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
    2010-12-19 17:08:21 -------- d-----w- C:\Windows\System32\drivers\ru-RU
    2010-12-19 17:08:20 -------- d-----w- C:\Windows\System32\wbem\ru-RU
    2010-12-19 17:08:20 -------- d-----w- C:\Windows\System32\ru
    2010-12-19 17:08:06 -------- d-----w- C:\Windows\ru-RU
    2010-12-19 17:02:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-12-19 17:02:13 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-12-19 16:42:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2010-12-19 16:42:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2010-12-19 16:39:06 23096 ----a-w- C:\Windows\System32\drivers\MTiCtwl.sys
    2010-12-19 16:34:15 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
    2010-12-19 16:30:53 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-12-19 16:30:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2010-12-19 16:30:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2010-12-19 16:30:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2010-12-19 16:30:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2010-12-19 16:30:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2010-12-19 16:30:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2010-12-19 16:30:53 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2010-12-19 16:30:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2010-12-19 16:30:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2010-12-19 16:22:23 -------- d-sh--w- C:\Windows\Installer
    2010-12-19 16:22:14 -------- d-----w- C:\Program Files (x86)\MagicTune Premium
    2010-12-19 16:17:21 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-12-19 16:17:21 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2010-12-19 16:07:52 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2010-12-19 16:06:57 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-12-19 16:05:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-12-19 16:00:52 0 ----a-w- C:\Windows\ativpsrm.bin
    2010-12-19 15:59:18 -------- d-----w- C:\Users\Nick\AppData\Local\ElevatedDiagnostics
    2010-12-19 15:36:45 8199504 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6EA5ADAA-F5A9-4608-B296-25D80C0273D9}\mpengine.dll
    2010-12-19 15:36:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-12-19 15:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2010-12-19 15:32:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2010-12-19 15:32:37 139264 ----a-w- C:\Windows\System32\cabview.dll
    2010-12-19 15:32:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2010-12-19 15:30:54 -------- d-sh--w- C:\Recovery
    2010-12-19 15:15:38 -------- d-----w- C:\Windows\Panther

    ==================== Find3M ====================

    2010-12-22 09:06:58 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2010-12-22 09:06:58 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2010-12-19 18:32:25 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
    2010-11-10 10:49:26 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
    2010-11-10 10:49:02 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
    2010-11-10 10:47:14 416352 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
    2010-11-10 10:45:54 4162784 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
    2010-11-10 10:45:32 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
    2010-11-10 10:45:32 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
    2010-11-10 10:45:32 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
    2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
    2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\System32\LogiDPP.dll
    2010-11-10 10:45:20 316248 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
    2010-11-10 10:45:20 316248 ----a-w- C:\Windows\System32\DevManagerCore.dll
    2010-11-10 10:45:02 767584 ----a-w- C:\Windows\System32\LVUI64.dll
    2010-11-10 10:44:24 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
    2010-11-10 10:43:32 259680 ----a-w- C:\Windows\System32\lvco13101216.dll
    2010-11-10 10:43:12 400480 ----a-w- C:\Windows\System32\lvcod64.dll
    2010-11-10 10:32:14 38238 ----a-w- C:\Windows\System32\Repository.reg
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:50:28 1580368 ----a-w- C:\Windows\System32\LogiLDA.DLL
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 12:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2010-10-27 11:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
    2010-10-27 11:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2010-10-27 10:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2010-10-27 10:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2010-10-27 10:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
    2010-10-27 10:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-10-27 10:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2010-10-27 10:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2010-10-27 10:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2010-10-27 10:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2010-10-27 10:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2010-10-27 10:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2010-10-27 10:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2010-10-27 10:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
    2010-10-27 10:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2010-10-27 10:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2010-10-27 10:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2010-10-27 10:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2010-10-27 10:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
    2010-10-27 10:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2010-10-27 10:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2010-10-27 10:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
    2010-10-27 10:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
    2010-10-27 10:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2010-10-27 10:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2010-10-27 10:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2010-10-27 10:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2010-10-27 10:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
    2010-10-27 10:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2010-10-27 10:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2010-10-27 10:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2010-10-27 10:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2010-10-27 10:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
    2010-10-27 10:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2010-10-27 10:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-10-27 09:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
    2010-10-27 09:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
    2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 22:57:50.88 ===============



    ark.txt was empty (didn't find any system modifications)
    Don't know if this is a good sign :(



    Thank you very much,
    - Nick
     

    Attached Files:

  2. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    As a side note, I went through several threads that I found on this forum. However, almost all of them had custom instructions based on the log files the users had posted. Therefore i was unable to follow any of those instructions :(
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya BrotherMalachi

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
    • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
    • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

    Please proceed as follows :-

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin
     
  4. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    Thanks for the reply Kevin!

    Here is the log:

    2010/12/24 15:15:41.0184 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/24 15:15:41.0184 ================================================================================
    2010/12/24 15:15:41.0184 SystemInfo:
    2010/12/24 15:15:41.0184
    2010/12/24 15:15:41.0184 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/24 15:15:41.0184 Product type: Workstation
    2010/12/24 15:15:41.0184 ComputerName: NICK-PC
    2010/12/24 15:15:41.0184 UserName: Nick
    2010/12/24 15:15:41.0185 Windows directory: C:\Windows
    2010/12/24 15:15:41.0185 System windows directory: C:\Windows
    2010/12/24 15:15:41.0185 Running under WOW64
    2010/12/24 15:15:41.0185 Processor architecture: Intel x64
    2010/12/24 15:15:41.0185 Number of processors: 8
    2010/12/24 15:15:41.0185 Page size: 0x1000
    2010/12/24 15:15:41.0185 Boot type: Normal boot
    2010/12/24 15:15:41.0185 ================================================================================
    2010/12/24 15:15:41.0185 Utility is running under WOW64
    2010/12/24 15:15:42.0189 Initialize success
    2010/12/24 15:15:46.0382 ================================================================================
    2010/12/24 15:15:46.0382 Scan started
    2010/12/24 15:15:46.0382 Mode: Manual;
    2010/12/24 15:15:46.0382 ================================================================================
    2010/12/24 15:15:48.0209 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/12/24 15:15:48.0227 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/12/24 15:15:48.0245 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/12/24 15:15:48.0302 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
    2010/12/24 15:15:48.0347 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/12/24 15:15:48.0368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/12/24 15:15:48.0384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/12/24 15:15:48.0418 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/12/24 15:15:48.0438 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2010/12/24 15:15:48.0456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2010/12/24 15:15:48.0491 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2010/12/24 15:15:48.0510 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/24 15:15:48.0691 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/24 15:15:48.0804 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
    2010/12/24 15:15:48.0818 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/12/24 15:15:48.0839 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/12/24 15:15:48.0854 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/12/24 15:15:48.0865 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/12/24 15:15:48.0895 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/12/24 15:15:48.0945 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2010/12/24 15:15:48.0956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/12/24 15:15:48.0981 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/24 15:15:48.0997 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/12/24 15:15:49.0049 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
    2010/12/24 15:15:49.0107 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2010/12/24 15:15:49.0133 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/12/24 15:15:49.0157 bcbus (9417afaf1ae21fa8e5bedced9f09415e) C:\Windows\system32\DRIVERS\bcbus.sys
    2010/12/24 15:15:49.0178 BC_3DES (ec18c22fcf21193a7e672de5890a024f) C:\Windows\system32\drivers\BC_3DES.sys
    2010/12/24 15:15:49.0190 BC_BF128 (6421acffaeba81b310a98b6c433efc29) C:\Windows\system32\drivers\BC_BF128.sys
    2010/12/24 15:15:49.0208 BC_BF448 (f20dbf705411f647a2ef33e5ba07a37f) C:\Windows\system32\drivers\BC_BF448.sys
    2010/12/24 15:15:49.0219 BC_BFish (24d5c31056a4ad1c3f08d35fdbe57b4a) C:\Windows\system32\drivers\BC_BFish.sys
    2010/12/24 15:15:49.0242 BC_CAST (1fd85889aa29827ffd49458101589ea7) C:\Windows\system32\drivers\BC_CAST.sys
    2010/12/24 15:15:49.0255 BC_DES (9998653d9942e474e7defb8bd9b57d04) C:\Windows\system32\drivers\BC_DES.sys
    2010/12/24 15:15:49.0273 BC_Gost (6186708e28e74978f58283269abd3190) C:\Windows\system32\drivers\BC_Gost.sys
    2010/12/24 15:15:49.0288 BC_RC6 (e7061d93455dd80b6be71ffacea4f817) C:\Windows\system32\drivers\BC_RC6.sys
    2010/12/24 15:15:49.0304 BC_RIJN (1f458e13c355b50fb5e65d369584a1f7) C:\Windows\system32\drivers\BC_RIJN.sys
    2010/12/24 15:15:49.0322 BC_SERP (4821d9fe63e0a3db0c4dcfb7d8968426) C:\Windows\system32\drivers\BC_SERP.sys
    2010/12/24 15:15:49.0334 BC_TFISH (775261c0490547026af2e0309ca3169d) C:\Windows\system32\drivers\BC_TFISH.sys
    2010/12/24 15:15:49.0370 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/12/24 15:15:49.0418 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/12/24 15:15:49.0428 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/24 15:15:49.0439 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/24 15:15:49.0447 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/24 15:15:49.0492 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
    2010/12/24 15:15:49.0520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/12/24 15:15:49.0535 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/12/24 15:15:49.0550 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/12/24 15:15:49.0559 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/12/24 15:15:49.0585 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    2010/12/24 15:15:49.0595 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/12/24 15:15:49.0609 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/24 15:15:49.0632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/24 15:15:49.0645 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2010/12/24 15:15:49.0670 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/12/24 15:15:49.0702 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/24 15:15:49.0711 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/12/24 15:15:49.0731 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/12/24 15:15:49.0752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/24 15:15:49.0774 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/12/24 15:15:49.0788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/12/24 15:15:49.0830 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2010/12/24 15:15:49.0843 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/24 15:15:49.0850 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/12/24 15:15:49.0857 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/12/24 15:15:49.0886 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/24 15:15:49.0964 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
    2010/12/24 15:15:50.0012 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/24 15:15:50.0112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2010/12/24 15:15:50.0170 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/12/24 15:15:50.0196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2010/12/24 15:15:50.0241 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/12/24 15:15:50.0253 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/12/24 15:15:50.0266 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/24 15:15:50.0283 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/24 15:15:50.0302 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/12/24 15:15:50.0311 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/24 15:15:50.0326 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/24 15:15:50.0351 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/12/24 15:15:50.0408 fsh (9a2b70d9a6608c9c2d04906531ce0226) C:\Windows\system32\drivers\fsh.sys
    2010/12/24 15:15:50.0420 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/24 15:15:50.0436 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/12/24 15:15:50.0455 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/12/24 15:15:50.0489 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/12/24 15:15:50.0517 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/24 15:15:50.0529 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/24 15:15:50.0548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/12/24 15:15:50.0569 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/12/24 15:15:50.0589 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2010/12/24 15:15:50.0602 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/24 15:15:50.0622 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/12/24 15:15:50.0649 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/12/24 15:15:50.0664 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/12/24 15:15:50.0687 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/24 15:15:50.0715 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/12/24 15:15:50.0765 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/12/24 15:15:50.0781 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/24 15:15:50.0794 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/24 15:15:50.0818 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/24 15:15:50.0835 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/24 15:15:50.0845 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/12/24 15:15:50.0859 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/12/24 15:15:50.0874 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/12/24 15:15:50.0902 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/24 15:15:50.0922 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/24 15:15:50.0933 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/24 15:15:50.0947 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/24 15:15:50.0995 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/12/24 15:15:51.0012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/12/24 15:15:51.0035 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/24 15:15:51.0066 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/12/24 15:15:51.0077 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/12/24 15:15:51.0104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/24 15:15:51.0130 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/24 15:15:51.0143 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/12/24 15:15:51.0217 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
    2010/12/24 15:15:51.0321 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
    2010/12/24 15:15:51.0370 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
    2010/12/24 15:15:51.0384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2010/12/24 15:15:51.0399 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/12/24 15:15:51.0433 mhk (5e90f711cc25e4e1b4d86c334d6bb808) C:\Windows\system32\drivers\mhk.sys
    2010/12/24 15:15:51.0456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/12/24 15:15:51.0465 moh (eca02eebd38f19fc4c6205dcf0ebd73e) C:\Windows\system32\drivers\moh.sys
    2010/12/24 15:15:51.0489 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/24 15:15:51.0498 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/24 15:15:51.0520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/24 15:15:51.0531 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/24 15:15:51.0567 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
    2010/12/24 15:15:51.0590 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2010/12/24 15:15:51.0611 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2010/12/24 15:15:51.0630 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/24 15:15:51.0657 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/24 15:15:51.0702 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/24 15:15:51.0722 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/24 15:15:51.0757 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/24 15:15:51.0777 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2010/12/24 15:15:51.0795 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/12/24 15:15:51.0813 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/12/24 15:15:51.0828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/12/24 15:15:51.0837 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/12/24 15:15:51.0878 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/24 15:15:51.0891 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/24 15:15:51.0902 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/24 15:15:51.0918 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/24 15:15:51.0933 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/24 15:15:51.0944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/24 15:15:51.0966 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/12/24 15:15:52.0014 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    2010/12/24 15:15:52.0027 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/12/24 15:15:52.0067 mv61xx (8274fe4fbe25d28fe2637b167ec76a5c) C:\Windows\system32\DRIVERS\mv61xx.sys
    2010/12/24 15:15:52.0106 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/24 15:15:52.0142 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2010/12/24 15:15:52.0193 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/12/24 15:15:52.0205 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/24 15:15:52.0238 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/24 15:15:52.0251 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/24 15:15:52.0266 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/24 15:15:52.0280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/24 15:15:52.0296 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/24 15:15:52.0325 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/12/24 15:15:52.0341 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2010/12/24 15:15:52.0356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/12/24 15:15:52.0369 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/24 15:15:52.0409 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/24 15:15:52.0439 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/12/24 15:15:52.0460 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/12/24 15:15:52.0471 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/12/24 15:15:52.0496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/12/24 15:15:52.0507 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/24 15:15:52.0554 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2010/12/24 15:15:52.0565 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/12/24 15:15:52.0579 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2010/12/24 15:15:52.0593 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2010/12/24 15:15:52.0618 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/12/24 15:15:52.0629 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/12/24 15:15:52.0647 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/12/24 15:15:52.0704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/24 15:15:52.0720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2010/12/24 15:15:52.0737 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/24 15:15:52.0783 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/12/24 15:15:52.0824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/12/24 15:15:52.0848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/24 15:15:52.0867 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/24 15:15:52.0914 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/12/24 15:15:52.0939 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/24 15:15:52.0958 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/24 15:15:52.0972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/24 15:15:52.0989 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/24 15:15:53.0006 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/12/24 15:15:53.0026 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/24 15:15:53.0069 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/24 15:15:53.0090 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/24 15:15:53.0102 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/12/24 15:15:53.0130 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/24 15:15:53.0143 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/12/24 15:15:53.0170 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/24 15:15:53.0195 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2010/12/24 15:15:53.0209 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/12/24 15:15:53.0237 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/12/24 15:15:53.0255 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/12/24 15:15:53.0285 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/12/24 15:15:53.0295 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/12/24 15:15:53.0327 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/12/24 15:15:53.0374 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/24 15:15:53.0408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/24 15:15:53.0424 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/24 15:15:53.0436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/12/24 15:15:53.0462 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/24 15:15:53.0472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/12/24 15:15:53.0511 SkLaggProtocol (e6152bf23bf29585fbceeecbfbae000c) C:\Windows\system32\DRIVERS\yk62x64l.sys
    2010/12/24 15:15:53.0542 SkVlanProtocol (fbf71f6e89d3d9ab57dc81829f95c2f1) C:\Windows\system32\DRIVERS\yk62x64v.sys
    2010/12/24 15:15:53.0559 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/24 15:15:53.0583 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/12/24 15:15:53.0637 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/24 15:15:53.0665 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/24 15:15:53.0687 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/24 15:15:53.0708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/12/24 15:15:53.0738 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2010/12/24 15:15:53.0748 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2010/12/24 15:15:53.0759 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/24 15:15:53.0837 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2010/12/24 15:15:53.0904 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/24 15:15:53.0931 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/24 15:15:53.0964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/24 15:15:53.0974 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/24 15:15:53.0996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/24 15:15:54.0007 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/24 15:15:54.0039 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/24 15:15:54.0076 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/24 15:15:54.0087 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/12/24 15:15:54.0111 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/24 15:15:54.0132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/12/24 15:15:54.0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/24 15:15:54.0155 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2010/12/24 15:15:54.0187 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/24 15:15:54.0198 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/24 15:15:54.0209 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/12/24 15:15:54.0220 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/24 15:15:54.0244 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/24 15:15:54.0264 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/24 15:15:54.0296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/24 15:15:54.0309 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/24 15:15:54.0320 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/24 15:15:54.0330 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/24 15:15:54.0357 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    2010/12/24 15:15:54.0381 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/12/24 15:15:54.0413 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/24 15:15:54.0422 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/12/24 15:15:54.0435 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/12/24 15:15:54.0446 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2010/12/24 15:15:54.0471 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2010/12/24 15:15:54.0483 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2010/12/24 15:15:54.0495 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/12/24 15:15:54.0515 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/24 15:15:54.0530 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/12/24 15:15:54.0552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/12/24 15:15:54.0582 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2010/12/24 15:15:54.0597 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/12/24 15:15:54.0608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/24 15:15:54.0617 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/24 15:15:54.0643 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2010/12/24 15:15:54.0668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/24 15:15:54.0699 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/12/24 15:15:54.0831 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/12/24 15:15:54.0879 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/24 15:15:54.0905 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/24 15:15:54.0928 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/12/24 15:15:54.0946 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/24 15:15:54.0997 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
    2010/12/24 15:15:55.0043 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/24 15:15:55.0091 ================================================================================
    2010/12/24 15:15:55.0091 Scan finished
    2010/12/24 15:15:55.0091 ================================================================================
    2010/12/24 15:15:55.0097 Detected object count: 1
    2010/12/24 15:16:08.0268 \HardDisk1 - will be cured after reboot
    2010/12/24 15:16:08.0269 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2010/12/24 15:16:23.0722 Deinitialize success




    Thanks,
    - Nick
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Nick,

    Looks like TDSSKiller caught that one by the tail, run the following scan to ensure all is clean:

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    Post the log from ESET in your reply,

    Kevin
     
  6. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    This scanner can detect Alureon, right? Because nothing was found yay!
    Thanks a bunch and happy holidays! :)
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Good to hear nothing was found, asfollows please

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.

    Next,

    Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet from Control Panel, select the ESET Online Scanner entry and click Uninstall, this will happen very quickly; only re-boot if requested.

    Do you have any remaining issues/concerns, if not hit the mark solved tab at the top of the thread...

    Kevin
     
  8. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    Thanks a lot Kevin.

    Just had one more quick question.
    During this whole process I noticed that some of my drives have a "$RECYCLE.BIN" folder. On some of the drives these are as large as 15 gigs! I seem to be unable to wipe them off the drive. Any ideas? I tried booting into safe mode, but it still won't let me clear them. I know back in win98 days we could use DOS :D not sure what to do here though.

    Thanks,
    - Nick
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    As far as I`m aware you should leave those alone, usually they are hidden and not shown.

    Right click on Start > Select > Open Windows Explorer > Select > Tools > Folder Options > View > Make sure "Dont show hidden, files, folders or drives" is selected.
    Also "Hide protected operating system files" (recommended) is selected. If not, select them, apply then OK
     
  10. BrotherMalachi

    BrotherMalachi Thread Starter

    Joined:
    Dec 24, 2010
    Messages:
    6
    Cool. Thanks again.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You`re welcome....
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970343

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice