Jump to content

Virus -> Avast Malicious URL

SanderZ
 Share

Recommended Posts

SanderZ

SanderZ

Posted
Posted

I'm running Avast! AV and something got through. Avast is blocking it attemtping to contact other URL's, but I can access windows update, or post to thise site from the infected computer.

Below are the contents of the DDS.txt file

and attached are the ARK.ZIP and Attach.ZIP files as well as my las MBAM log

please note : while running GMER I received the following messages:

c:\Windows\system32\config\software: The process cannot access the file because it is being used by another process

GMER has found system modification caused by ROOTKIT activity

DDS.txt

======================

.

DDS (Ver_11-03-05.01) - FAT32x86

Run by Sander at 22:43:36.94 on Mon 05/09/2011

Internet Explorer: 8.0.6001.18702

.

============== Running Processes ===============

.

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\System32\TpScrLk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\CheckPoint\Endpoint Connect\TrGUI.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast5\setup\avast.setup

C:\Documents and Settings\Sander\Desktop\MBAM2\dds.scr

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\CheckPoint\Endpoint Connect\TracSrvWrapper.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Prism Deploy\Client\PTClient.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

uInternet Settings,ProxyOverride = *.local

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TrackPointSrv] tp4serv.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe

mRun: [bMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TP4EX] tp4ex.exe

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [storageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r

mRun: [Prism Deploy Client] "c:\program files\prism deploy\client\PTClient.exe" /Subscriber

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Hot Key Kbd Daemon] SKDAEMON.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Check Point Endpoint Security] "c:\program files\checkpoint\endpoint connect\TrGUI.exe"

mRun: [QCWLIcon] c:\program files\thinkpad\connectutilities\QCWLICON.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: ameritrade.com

Trusted Zone: ameritrade.com\wwws

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279371672830

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289654353177

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37944.3708333333

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: ckpNotify - ckpNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R? itlperf;Intel CPU

R? nosGetPlusHelper;getPlus® Helper 3004

R? sdAuxService;PC Tools Auxiliary Service

R? sdCoreService;PC Tools Security Service

S? aswFsBlk;aswFsBlk

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? Channel Deployer;Channel Deployer

S? CP_OMDRV;Check Point Office Mode Module

S? FW1;SecuRemote Miniport

S? IHA_MessageCenter;IHA_MessageCenter

S? PCTCore;PCTools KDS

S? Tb2Device;TB2 Remote Control Driver

S? Tb2MirrorSys;TB2 Remote Control Mirror Driver

S? TPPWR;TPPWR

S? TracSrvWrapper;Check Point Endpoint Security

S? vna_ap;Check Point Virtual Network Adapter - Apollo

S? VNASC;Check Point Virtual Network Adapter - SecureClient

S? VPN-1;VPN-1 Module

S? vsdatant;vsdatant

.

=============== Created Last 30 ================

.

2011-04-26 03:24:00 -------- d-sh--w- C:\FOUND.009

2011-04-14 02:11:01 -------- d-----w- c:\program files\common files\Motive

2011-04-14 02:10:31 45 ----a-w- c:\windows\system32\stopSvc.bat

2011-04-14 02:10:31 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-04-14 02:00:41 -------- d-----w- c:\program files\Verizon

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:12 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 03:36:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-26 03:36:08 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-22 23:06:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:40 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll

2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: IC25N030ATMR04-0 rev.MOAOAD4A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x83F134F0]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83f197d0]; MOV EAX, [0x83f1984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83F3CAB8]

3 CLASSPNP[0xF7660FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x83F5FE50]

5 PCTCore[0xF744388F] -> nt!IofCallDriver[0x804E37D5] -> \Device\000000b0[0x83F249E8]

7 ACPI[0xF7557620] -> nt!IofCallDriver[0x804E37D5] -> [0x83F60940]

\Driver\atapi[0x83F33CB0] -> IRP_MJ_CREATE -> 0x83F134F0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { CLI ; XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; MOV AX, 0x6df; PUSH AX; RET ; ADD [bX], CL; ADD [bX+DI], AL; OR AL, [DI+0x72]; JB 0x95; JB 0x48; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x83F1333B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:47:41.04 ===============

ark.zip

Attach.zip

mbam-log-2011-05-09 (22-27-45).txt

Link to post
Share on other sites
heir

heir

Posted
Posted

Welcome back.

You were helped here a couple of months ago.

What did you do to get infected so soon again?

Let's go through the process again.

Something I should point out, regarding CCleaner, RegCure, Registry Patrol, Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the Experts miekiemoes has an excellent writeup here

Another excellent article by Bill Castner is located here.

Step 1.

TDSSKiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.

ComboFix:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 3.

Things I would like to see in your reply:

  1. The content of the log from TDSSKiller in step 1.
  2. The content of C:\ComboFix.txt in step 2.

Link to post
Share on other sites
SanderZ

SanderZ

Posted
  • Author
Posted

Thanks ... I had the instructions frommyprevious issue, but didn't want to run the same utils in case there was something different required. I wish I knew what was going on, but rest assured (not that you're losing any sleepover my problems)that I will be replacing Avast as my A/V SW, since apparently it's not catching this.

As requested here are the results of The content of the log from TDSSKiller in step 1. and The content of C:\ComboFix.txt in step 2.

TDSKILLER

====================

2011/05/11 21:36:33.0701 0908 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/11 21:36:34.0362 0908 ================================================================================

2011/05/11 21:36:34.0362 0908 SystemInfo:

2011/05/11 21:36:34.0372 0908

2011/05/11 21:36:34.0372 0908 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/11 21:36:34.0372 0908 Product type: Workstation

2011/05/11 21:36:34.0372 0908 ComputerName: ANNSZABENXP

2011/05/11 21:36:34.0372 0908 UserName: Sander

2011/05/11 21:36:34.0372 0908 Windows directory: C:\WINDOWS

2011/05/11 21:36:34.0372 0908 System windows directory: C:\WINDOWS

2011/05/11 21:36:34.0372 0908 Processor architecture: Intel x86

2011/05/11 21:36:34.0372 0908 Number of processors: 1

2011/05/11 21:36:34.0372 0908 Page size: 0x1000

2011/05/11 21:36:34.0372 0908 Boot type: Normal boot

2011/05/11 21:36:34.0372 0908 ================================================================================

2011/05/11 21:36:35.0203 0908 Initialize success

2011/05/11 21:36:37.0296 2272 ================================================================================

2011/05/11 21:36:37.0296 2272 Scan started

2011/05/11 21:36:37.0296 2272 Mode: Manual;

2011/05/11 21:36:37.0296 2272 ================================================================================

2011/05/11 21:36:38.0748 2272 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/05/11 21:36:39.0139 2272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/05/11 21:36:39.0399 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/11 21:36:39.0559 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/11 21:36:39.0739 2272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/11 21:36:39.0930 2272 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/05/11 21:36:40.0100 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/11 21:36:40.0260 2272 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/05/11 21:36:40.0480 2272 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/11 21:36:40.0771 2272 AgereSoftModem (aff071b6290776e1fa162837c35eac78) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/05/11 21:36:41.0061 2272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/11 21:36:41.0222 2272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/05/11 21:36:41.0372 2272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/05/11 21:36:41.0572 2272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/11 21:36:41.0722 2272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/11 21:36:41.0852 2272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/05/11 21:36:42.0413 2272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/05/11 21:36:42.0634 2272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/05/11 21:36:42.0794 2272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/05/11 21:36:42.0954 2272 ANC (59def31547e31923e4679b866744d99c) C:\WINDOWS\system32\drivers\ANC.SYS

2011/05/11 21:36:43.0124 2272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/05/11 21:36:43.0325 2272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/05/11 21:36:43.0615 2272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/05/11 21:36:43.0915 2272 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/05/11 21:36:44.0006 2272 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/05/11 21:36:44.0266 2272 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/05/11 21:36:44.0536 2272 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/05/11 21:36:44.0757 2272 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/05/11 21:36:44.0857 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/11 21:36:45.0037 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/11 21:36:45.0448 2272 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/05/11 21:36:45.0628 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/11 21:36:45.0748 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/11 21:36:45.0868 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/11 21:36:46.0249 2272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/05/11 21:36:46.0349 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/11 21:36:46.0499 2272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/11 21:36:46.0679 2272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/05/11 21:36:46.0749 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/11 21:36:46.0990 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/11 21:36:47.0110 2272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/11 21:36:47.0481 2272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/11 21:36:47.0651 2272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/05/11 21:36:47.0801 2272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/11 21:36:48.0041 2272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/05/11 21:36:48.0652 2272 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\WINDOWS\system32\drivers\omdrv.sys

2011/05/11 21:36:48.0742 2272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/05/11 21:36:48.0893 2272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/05/11 21:36:48.0993 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/11 21:36:49.0193 2272 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/05/11 21:36:49.0393 2272 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/05/11 21:36:49.0584 2272 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/05/11 21:36:49.0764 2272 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/05/11 21:36:49.0974 2272 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/05/11 21:36:50.0144 2272 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/05/11 21:36:50.0315 2272 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/05/11 21:36:50.0495 2272 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/05/11 21:36:50.0655 2272 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/05/11 21:36:50.0915 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/11 21:36:51.0116 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/11 21:36:51.0186 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/11 21:36:51.0326 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/11 21:36:51.0516 2272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/11 21:36:51.0687 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/11 21:36:51.0887 2272 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/05/11 21:36:52.0117 2272 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/05/11 21:36:52.0317 2272 E1000 (2e2f6f46f4d297471a4e015bdb75399d) C:\WINDOWS\system32\DRIVERS\e1000325.sys

2011/05/11 21:36:52.0558 2272 E100B (01e9cbf441800228391bdeaa41449430) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/11 21:36:52.0788 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/11 21:36:52.0888 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/11 21:36:53.0069 2272 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/05/11 21:36:53.0199 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/11 21:36:53.0299 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/11 21:36:53.0509 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/11 21:36:53.0579 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/11 21:36:53.0790 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/11 21:36:54.0280 2272 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\WINDOWS\system32\DRIVERS\fw.sys

2011/05/11 21:36:54.0811 2272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/11 21:36:54.0981 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/11 21:36:55.0162 2272 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys

2011/05/11 21:36:55.0252 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/11 21:36:55.0472 2272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/05/11 21:36:55.0803 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/11 21:36:56.0023 2272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/11 21:36:56.0123 2272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/05/11 21:36:56.0263 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/11 21:36:56.0433 2272 IBMPMDRV (293131c1da5f53cb05f75d637739d79c) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2011/05/11 21:36:56.0524 2272 IBMTPCHK (28deeba2e29cb0e91b641ca95f7740fd) C:\WINDOWS\system32\drivers\IBMBLDID.SYS

2011/05/11 21:36:56.0684 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/11 21:36:56.0954 2272 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys

2011/05/11 21:36:57.0195 2272 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

2011/05/11 21:36:57.0395 2272 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys

2011/05/11 21:36:57.0595 2272 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys

2011/05/11 21:36:57.0825 2272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/05/11 21:36:58.0006 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/11 21:36:58.0166 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/11 21:36:58.0346 2272 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/11 21:36:58.0436 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/11 21:36:58.0597 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/11 21:36:58.0697 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/11 21:36:58.0797 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/11 21:36:58.0977 2272 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/05/11 21:36:59.0117 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/11 21:36:59.0237 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/11 21:36:59.0428 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/11 21:36:59.0598 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/11 21:36:59.0668 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/11 21:36:59.0878 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/11 21:37:00.0519 2272 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2011/05/11 21:37:01.0060 2272 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/05/11 21:37:01.0551 2272 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/05/11 21:37:01.0921 2272 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/05/11 21:37:02.0162 2272 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/05/11 21:37:02.0532 2272 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/05/11 21:37:02.0843 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/11 21:37:02.0923 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/11 21:37:02.0993 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/11 21:37:03.0163 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/11 21:37:03.0343 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/11 21:37:03.0464 2272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/05/11 21:37:03.0614 2272 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/05/11 21:37:03.0854 2272 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/05/11 21:37:04.0124 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/11 21:37:04.0455 2272 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/11 21:37:04.0645 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/11 21:37:04.0775 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/11 21:37:04.0946 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/11 21:37:05.0196 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/11 21:37:05.0366 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/11 21:37:05.0506 2272 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/11 21:37:05.0727 2272 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/11 21:37:05.0857 2272 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/11 21:37:06.0047 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/11 21:37:06.0248 2272 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/11 21:37:06.0338 2272 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/11 21:37:06.0418 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/11 21:37:06.0498 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/11 21:37:06.0698 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/11 21:37:06.0838 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/11 21:37:07.0019 2272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/11 21:37:07.0279 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/11 21:37:07.0449 2272 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2011/05/11 21:37:07.0619 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/11 21:37:07.0790 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/11 21:37:07.0880 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/11 21:37:07.0980 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/11 21:37:08.0070 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/11 21:37:08.0210 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/11 21:37:08.0300 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/11 21:37:08.0451 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/11 21:37:08.0861 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/11 21:37:08.0981 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/11 21:37:09.0232 2272 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/05/11 21:37:10.0283 2272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/05/11 21:37:10.0434 2272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/05/11 21:37:10.0634 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/11 21:37:10.0804 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/11 21:37:10.0904 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/11 21:37:11.0125 2272 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/11 21:37:11.0295 2272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/05/11 21:37:11.0465 2272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/05/11 21:37:11.0585 2272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/05/11 21:37:11.0775 2272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/05/11 21:37:11.0976 2272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/05/11 21:37:12.0056 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/11 21:37:12.0166 2272 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/05/11 21:37:12.0266 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/11 21:37:12.0336 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/11 21:37:12.0426 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/11 21:37:12.0677 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/11 21:37:12.0807 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/11 21:37:13.0047 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/11 21:37:13.0338 2272 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/11 21:37:13.0608 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/11 21:37:13.0828 2272 s24trans (d40f1e33d9153df7f5e2881b1f9c56e9) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/05/11 21:37:14.0129 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/11 21:37:14.0399 2272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/11 21:37:14.0680 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/11 21:37:14.0890 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/05/11 21:37:15.0311 2272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/05/11 21:37:15.0571 2272 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/11 21:37:15.0701 2272 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

2011/05/11 21:37:16.0112 2272 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys

2011/05/11 21:37:16.0332 2272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/05/11 21:37:16.0602 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/11 21:37:16.0753 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys

2011/05/11 21:37:17.0023 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/11 21:37:17.0414 2272 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/11 21:37:17.0534 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/11 21:37:17.0764 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/11 21:37:17.0994 2272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/11 21:37:18.0195 2272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/11 21:37:18.0345 2272 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS

2011/05/11 21:37:18.0515 2272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/11 21:37:18.0645 2272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/11 21:37:18.0866 2272 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/05/11 21:37:19.0176 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/11 21:37:19.0537 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/11 21:37:19.0797 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/11 21:37:19.0947 2272 TDSMAPI (e64da7318acaddf0a4400baa921e8ac1) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

2011/05/11 21:37:20.0178 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/11 21:37:20.0418 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/11 21:37:20.0608 2272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/05/11 21:37:20.0708 2272 TPPWR (970ab1aef38db6f5e1aae277a6843d54) C:\WINDOWS\system32\drivers\Tppwr.sys

2011/05/11 21:37:20.0939 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/11 21:37:21.0119 2272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/05/11 21:37:21.0279 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/11 21:37:21.0540 2272 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/11 21:37:21.0670 2272 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/05/11 21:37:21.0890 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/11 21:37:22.0070 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/11 21:37:22.0341 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/11 21:37:22.0531 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/11 21:37:22.0781 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/11 21:37:23.0022 2272 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/11 21:37:23.0242 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/11 21:37:23.0472 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/11 21:37:23.0663 2272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/05/11 21:37:23.0863 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/11 21:37:24.0163 2272 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\WINDOWS\system32\DRIVERS\vnasc.sys

2011/05/11 21:37:24.0344 2272 vna_ap (48007916b1d0dab3e6c0d701de7c4afb) C:\WINDOWS\system32\DRIVERS\vnaap.sys

2011/05/11 21:37:24.0564 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/11 21:37:24.0874 2272 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\WINDOWS\System32\drivers\vpn.sys

2011/05/11 21:37:26.0126 2272 vsdatant (09ad6bcf7d55ef8e8d81f2ba56dcddc1) C:\WINDOWS\system32\vsdatant.sys

2011/05/11 21:37:26.0437 2272 w70n51 (8e5cf571c00c806ed7c08dbb74356646) C:\WINDOWS\system32\DRIVERS\w70n51.sys

2011/05/11 21:37:26.0677 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/11 21:37:27.0168 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/11 21:37:27.0498 2272 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/11 21:37:27.0688 2272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/11 21:37:27.0879 2272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/11 21:37:28.0009 2272 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/11 21:37:28.0019 2272 ================================================================================

2011/05/11 21:37:28.0019 2272 Scan finished

2011/05/11 21:37:28.0019 2272 ================================================================================

2011/05/11 21:37:28.0049 5148 Detected object count: 1

2011/05/11 21:38:07.0456 5148 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/11 21:38:07.0456 5148 \HardDisk0 - ok

2011/05/11 21:38:07.0456 5148 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/11 21:38:26.0303 5720 Deinitialize success

===================================

Combo Fix log

ComboFix 11-05-11.01 - Sander 05/11/2011 21:53:47.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.409 [GMT -4:00]

Running from: c:\documents and settings\Sander\Desktop\MBAM2\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\program files\Drop Down Deals

c:\program files\Drop Down Deals\YontooIEClient.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_ITLPERF

-------\Service_6to4

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))

.

.

2011-05-12 01:18 . 2011-05-12 01:18 -------- d-----w- C:\FOUND.000

2011-04-26 03:24 . 2011-04-26 03:24 -------- d-----w- C:\FOUND.009

2011-04-14 02:13 . 2011-04-14 02:13 -------- d-----w- c:\documents and settings\Sander\Application Data\Motive

2011-04-14 02:11 . 2011-04-14 02:11 -------- d-----w- c:\program files\Common Files\Motive

2011-04-14 02:10 . 2011-04-14 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2011-04-14 02:10 . 2011-04-14 02:10 45 ----a-w- c:\windows\system32\stopSvc.bat

2011-04-14 02:10 . 2011-04-14 02:10 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-04-14 02:00 . 2011-04-14 02:00 -------- d-----w- c:\program files\Verizon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-12 00:52 . 2004-02-04 05:02 90112 ----a-w- c:\windows\DUMP5615.tmp

2011-03-07 05:33 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-11-19 15:48 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2001-08-23 16:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 03:36 . 2011-02-26 03:36 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-26 03:36 . 2011-02-26 03:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-22 23:06 . 2004-12-07 20:37 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-11-19 15:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2003-11-19 15:48 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:42 . 2004-08-04 04:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2001-08-23 16:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2001-08-23 16:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-22 23:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2001-08-23 16:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 19:00 . 2008-11-20 23:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrackPointSrv"="tp4serv.exe" [2002-12-03 87552]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-09-30 204800]

"TPKBDLED"="c:\windows\System32\TpScrLk.exe" [2002-10-09 40960]

"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 20480]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]

"TP4EX"="tp4ex.exe" [2002-09-04 53248]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-02 335872]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 897024]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"Prism Deploy Client"="c:\program files\Prism Deploy\Client\PTClient.exe" [2006-12-05 2117632]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]

"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-03-05 40960]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"Check Point Endpoint Security"="c:\program files\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-09-26 738824]

"QCWLIcon"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-11-04 53248]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2009-12-15 17:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=

"c:\\Program Files\\CheckPoint\\Endpoint Connect\\TracSrvWrapper.exe"=

"c:\\Program Files\\CheckPoint\\Endpoint Connect\\TrGUI.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/17/2009 9:38 PM 207280]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/3/2010 7:49 PM 294608]

R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [11/19/2003 11:05 AM 15360]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/3/2010 7:49 PM 17744]

R2 Channel Deployer;Channel Deployer;c:\program files\Common Files\New Boundary\PrismXL\channeldeploy.sys [2/3/2004 2:18 PM 65536]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [3/24/2011 10:21 AM 118784]

R2 TracSrvWrapper;Check Point Endpoint Security;c:\program files\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [9/26/2010 6:55 PM 4142608]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624]

R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\drivers\vnaap.sys [9/26/2010 6:55 PM 129304]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 12:00 PM 14336]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/17/2009 9:37 PM 358600]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2003-11-19 c:\windows\Tasks\BMMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-11-19 05:34]

.

2011-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

.

2011-01-14 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 22:20]

.

2011-04-02 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 22:20]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ameritrade.com

Trusted Zone: ameritrade.com\wwws

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-11 22:06

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2911765694-2805738209-4071888707-1010\

Link to post
Share on other sites
heir

heir

Posted
Posted
I will be replacing Avast as my A/V SW, since apparently it's not catching this.
That is a bad call as avast is among the best free Av's out there.

It is a misconception that the AV software alone is stopping the malware.

You'll need Antvirus software, Antispyware softwares and a good firewall.

Even then you wont be safe unless you use your own judgment on where you go on the Internet, which links you click, what files you download and from where, what removable devices you attch to your computer, ....

Downloading popular things (like music, licensed software,... )illegal for example is one really good way of getting infected.

I would advise you to keep avast. It has many great features.

Let's verify that TDSSKiller took care of this.

Step 1.

TDSSKIller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.

CKScanner:

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.

DDS:

Rerun DDS and post the logs in your reply.

Step 4.

Things I would like to see in your reply:

  1. The content of the log from TDSSKiller in step 1.
  2. The content of CKFiles.txt from step 2.
  3. The logs from DDS in step 3.
  4. Information on how your computer is running after those steps.

Link to post
Share on other sites
SanderZ

SanderZ

Posted
  • Author
Posted

Thanks

here is the info you requested...

Thing on the computer are much better now

1.The content of the log from TDSSKiller in step 1.

2011/05/12 20:49:35.0411 4996 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/12 20:49:36.0883 4996 ================================================================================

2011/05/12 20:49:36.0883 4996 SystemInfo:

2011/05/12 20:49:36.0883 4996

2011/05/12 20:49:36.0883 4996 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/12 20:49:36.0883 4996 Product type: Workstation

2011/05/12 20:49:36.0883 4996 ComputerName: ANNSZABENXP

2011/05/12 20:49:36.0893 4996 UserName: Sander

2011/05/12 20:49:36.0893 4996 Windows directory: C:\WINDOWS

2011/05/12 20:49:36.0893 4996 System windows directory: C:\WINDOWS

2011/05/12 20:49:36.0893 4996 Processor architecture: Intel x86

2011/05/12 20:49:36.0893 4996 Number of processors: 1

2011/05/12 20:49:36.0893 4996 Page size: 0x1000

2011/05/12 20:49:36.0893 4996 Boot type: Normal boot

2011/05/12 20:49:36.0893 4996 ================================================================================

2011/05/12 20:49:37.0624 4996 Initialize success

2011/05/12 20:49:58.0424 4604 ================================================================================

2011/05/12 20:49:58.0424 4604 Scan started

2011/05/12 20:49:58.0424 4604 Mode: Manual;

2011/05/12 20:49:58.0424 4604 ================================================================================

2011/05/12 20:49:58.0785 4604 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/05/12 20:49:59.0105 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/05/12 20:49:59.0356 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/12 20:49:59.0466 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/12 20:49:59.0646 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/12 20:49:59.0766 4604 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/05/12 20:49:59.0926 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/12 20:50:00.0127 4604 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/05/12 20:50:00.0337 4604 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/12 20:50:00.0577 4604 AgereSoftModem (aff071b6290776e1fa162837c35eac78) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/05/12 20:50:00.0898 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/12 20:50:01.0048 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/05/12 20:50:01.0278 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/05/12 20:50:01.0449 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/12 20:50:01.0629 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/12 20:50:01.0759 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/05/12 20:50:01.0919 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/05/12 20:50:02.0090 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/05/12 20:50:02.0240 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/05/12 20:50:02.0350 4604 ANC (59def31547e31923e4679b866744d99c) C:\WINDOWS\system32\drivers\ANC.SYS

2011/05/12 20:50:02.0520 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/05/12 20:50:02.0690 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/05/12 20:50:02.0851 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/05/12 20:50:03.0141 4604 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/05/12 20:50:03.0291 4604 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/05/12 20:50:03.0522 4604 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/05/12 20:50:03.0802 4604 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/05/12 20:50:04.0022 4604 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/05/12 20:50:04.0152 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/12 20:50:04.0303 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/12 20:50:04.0723 4604 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/05/12 20:50:04.0934 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/12 20:50:05.0054 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/12 20:50:05.0234 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/12 20:50:05.0414 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/05/12 20:50:05.0524 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/12 20:50:05.0705 4604 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/12 20:50:05.0845 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/05/12 20:50:05.0935 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/12 20:50:06.0075 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/12 20:50:06.0205 4604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/12 20:50:06.0576 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/12 20:50:06.0736 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/05/12 20:50:06.0866 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/12 20:50:07.0137 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/05/12 20:50:07.0377 4604 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\WINDOWS\system32\drivers\omdrv.sys

2011/05/12 20:50:07.0527 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/05/12 20:50:07.0688 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/05/12 20:50:07.0818 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/12 20:50:08.0028 4604 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/05/12 20:50:08.0298 4604 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/05/12 20:50:08.0489 4604 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/05/12 20:50:08.0659 4604 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/05/12 20:50:08.0839 4604 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/05/12 20:50:08.0969 4604 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/05/12 20:50:09.0140 4604 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/05/12 20:50:09.0340 4604 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/05/12 20:50:09.0470 4604 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/05/12 20:50:09.0700 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/12 20:50:09.0911 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/12 20:50:09.0951 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/12 20:50:10.0051 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/12 20:50:10.0251 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/12 20:50:10.0411 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/12 20:50:10.0622 4604 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/05/12 20:50:10.0852 4604 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/05/12 20:50:11.0032 4604 E1000 (2e2f6f46f4d297471a4e015bdb75399d) C:\WINDOWS\system32\DRIVERS\e1000325.sys

2011/05/12 20:50:11.0363 4604 E100B (01e9cbf441800228391bdeaa41449430) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/12 20:50:11.0573 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/12 20:50:11.0653 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/12 20:50:11.0824 4604 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/05/12 20:50:11.0984 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/12 20:50:12.0094 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/12 20:50:12.0324 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/12 20:50:12.0414 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/12 20:50:12.0595 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/12 20:50:13.0165 4604 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\WINDOWS\system32\DRIVERS\fw.sys

2011/05/12 20:50:13.0606 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/12 20:50:13.0726 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/12 20:50:13.0886 4604 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys

2011/05/12 20:50:14.0037 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/12 20:50:14.0217 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/05/12 20:50:14.0547 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/12 20:50:14.0748 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/12 20:50:14.0848 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/05/12 20:50:14.0938 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/12 20:50:15.0138 4604 IBMPMDRV (293131c1da5f53cb05f75d637739d79c) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2011/05/12 20:50:15.0298 4604 IBMTPCHK (28deeba2e29cb0e91b641ca95f7740fd) C:\WINDOWS\system32\drivers\IBMBLDID.SYS

2011/05/12 20:50:15.0439 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/12 20:50:15.0669 4604 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys

2011/05/12 20:50:15.0889 4604 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

2011/05/12 20:50:16.0120 4604 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys

2011/05/12 20:50:16.0380 4604 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys

2011/05/12 20:50:16.0620 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/05/12 20:50:16.0761 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/12 20:50:16.0951 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/12 20:50:17.0111 4604 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/12 20:50:17.0211 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/12 20:50:17.0361 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/12 20:50:17.0452 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/12 20:50:17.0602 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/12 20:50:17.0722 4604 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/05/12 20:50:17.0882 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/12 20:50:17.0992 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/12 20:50:18.0193 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/12 20:50:18.0363 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/12 20:50:18.0423 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/12 20:50:18.0613 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/12 20:50:19.0254 4604 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2011/05/12 20:50:19.0775 4604 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/05/12 20:50:20.0296 4604 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/05/12 20:50:20.0676 4604 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/05/12 20:50:20.0917 4604 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/05/12 20:50:21.0297 4604 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/05/12 20:50:21.0588 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/12 20:50:21.0678 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/12 20:50:21.0758 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/12 20:50:21.0958 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/12 20:50:22.0128 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/12 20:50:22.0289 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/05/12 20:50:22.0459 4604 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/05/12 20:50:22.0739 4604 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/05/12 20:50:22.0980 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/12 20:50:23.0270 4604 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/12 20:50:23.0450 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/12 20:50:23.0600 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/12 20:50:23.0721 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/12 20:50:23.0951 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/12 20:50:24.0181 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/12 20:50:24.0321 4604 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/12 20:50:24.0552 4604 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/12 20:50:24.0702 4604 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/12 20:50:24.0852 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/12 20:50:25.0153 4604 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/12 20:50:25.0263 4604 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/12 20:50:25.0363 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/12 20:50:25.0433 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/12 20:50:25.0653 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/12 20:50:25.0794 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/12 20:50:25.0934 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/12 20:50:26.0164 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/12 20:50:26.0284 4604 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2011/05/12 20:50:26.0445 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/12 20:50:26.0565 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/12 20:50:26.0655 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/12 20:50:26.0725 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/12 20:50:26.0835 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/12 20:50:26.0925 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/12 20:50:26.0995 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/12 20:50:27.0085 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/12 20:50:27.0476 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/12 20:50:27.0576 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/12 20:50:27.0806 4604 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/05/12 20:50:28.0948 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/05/12 20:50:29.0138 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/05/12 20:50:29.0379 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/12 20:50:29.0459 4604 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/12 20:50:29.0549 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/12 20:50:29.0759 4604 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/12 20:50:29.0940 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/05/12 20:50:30.0130 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/05/12 20:50:30.0270 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/05/12 20:50:30.0480 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/05/12 20:50:30.0631 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/05/12 20:50:30.0741 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/12 20:50:30.0861 4604 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/05/12 20:50:30.0941 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/12 20:50:31.0021 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/12 20:50:31.0081 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/12 20:50:31.0372 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/12 20:50:31.0492 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/12 20:50:31.0732 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/12 20:50:32.0053 4604 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/12 20:50:32.0283 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/12 20:50:32.0483 4604 s24trans (d40f1e33d9153df7f5e2881b1f9c56e9) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/05/12 20:50:32.0754 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/12 20:50:33.0024 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/12 20:50:33.0264 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/12 20:50:33.0485 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/05/12 20:50:33.0865 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/05/12 20:50:34.0176 4604 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/12 20:50:34.0296 4604 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

2011/05/12 20:50:34.0566 4604 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys

2011/05/12 20:50:34.0777 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/05/12 20:50:35.0007 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/12 20:50:35.0127 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/12 20:50:35.0417 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/12 20:50:35.0718 4604 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/12 20:50:35.0848 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/12 20:50:36.0058 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/12 20:50:36.0319 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/12 20:50:36.0519 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/12 20:50:36.0659 4604 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS

2011/05/12 20:50:36.0860 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/12 20:50:37.0000 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/12 20:50:37.0240 4604 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/05/12 20:50:37.0550 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/12 20:50:37.0891 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/12 20:50:38.0171 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/12 20:50:38.0292 4604 TDSMAPI (e64da7318acaddf0a4400baa921e8ac1) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

2011/05/12 20:50:38.0572 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/12 20:50:38.0852 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/12 20:50:39.0043 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/05/12 20:50:39.0173 4604 TPPWR (970ab1aef38db6f5e1aae277a6843d54) C:\WINDOWS\system32\drivers\Tppwr.sys

2011/05/12 20:50:39.0383 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/12 20:50:39.0573 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/05/12 20:50:39.0784 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/12 20:50:40.0084 4604 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/12 20:50:40.0244 4604 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/05/12 20:50:40.0475 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/12 20:50:40.0605 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/12 20:50:40.0895 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/12 20:50:41.0096 4604 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/12 20:50:41.0356 4604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/12 20:50:41.0566 4604 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/12 20:50:41.0757 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/12 20:50:41.0957 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/12 20:50:42.0147 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/05/12 20:50:42.0397 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/12 20:50:42.0658 4604 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\WINDOWS\system32\DRIVERS\vnasc.sys

2011/05/12 20:50:42.0828 4604 vna_ap (48007916b1d0dab3e6c0d701de7c4afb) C:\WINDOWS\system32\DRIVERS\vnaap.sys

2011/05/12 20:50:43.0078 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/12 20:50:43.0369 4604 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\WINDOWS\System32\drivers\vpn.sys

2011/05/12 20:50:44.0701 4604 vsdatant (09ad6bcf7d55ef8e8d81f2ba56dcddc1) C:\WINDOWS\system32\vsdatant.sys

2011/05/12 20:50:44.0991 4604 w70n51 (8e5cf571c00c806ed7c08dbb74356646) C:\WINDOWS\system32\DRIVERS\w70n51.sys

2011/05/12 20:50:45.0232 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/12 20:50:45.0672 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/12 20:50:46.0033 4604 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/12 20:50:46.0213 4604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/12 20:50:46.0393 4604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/12 20:50:46.0804 4604 ================================================================================

2011/05/12 20:50:46.0804 4604 Scan finished

2011/05/12 20:50:46.0804 4604 ================================================================================

2.The content of CKFiles.txt from step 2.

CKScanner - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11

----- EOF -----

3.The logs from DDS in step 3. (I also attached the attach.txt file if you need it)

.

DDS (Ver_11-03-05.01) - FAT32x86

Run by Sander at 20:55:24.51 on Thu 05/12/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.329 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

SVCHOST.EXE

SVCHOST.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\System32\TpScrLk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

SVCHOST.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\SKDAEMON.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\CheckPoint\Endpoint Connect\TrGUI.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\CheckPoint\Endpoint Connect\TracSrvWrapper.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Prism Deploy\Client\PTClient.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sander\Desktop\MBAM2\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

uInternet Settings,ProxyOverride = *.local

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TrackPointSrv] tp4serv.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe

mRun: [bMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TP4EX] tp4ex.exe

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [storageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r

mRun: [Prism Deploy Client] "c:\program files\prism deploy\client\PTClient.exe" /Subscriber

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Hot Key Kbd Daemon] SKDAEMON.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Check Point Endpoint Security] "c:\program files\checkpoint\endpoint connect\TrGUI.exe"

mRun: [QCWLIcon] c:\program files\thinkpad\connectutilities\QCWLICON.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: ameritrade.com

Trusted Zone: ameritrade.com\wwws

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279371672830

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289654353177

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37944.3708333333

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: ckpNotify - ckpNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-17 207280]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-3 294608]

R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2003-11-19 15360]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-1-1 535328]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-3 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-3 40384]

R2 Channel Deployer;Channel Deployer;c:\program files\common files\new boundary\prismxl\channeldeploy.sys [2004-2-3 65536]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504]

R2 TracSrvWrapper;Check Point Endpoint Security;c:\program files\checkpoint\endpoint connect\TracSrvWrapper.exe [2010-9-26 4142608]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2009-12-15 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2009-12-15 684280]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2009-12-15 2245624]

R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\drivers\vnaap.sys [2010-9-26 129304]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2001-8-23 14336]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-17 358600]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-17 1141200]

.

=============== Created Last 30 ================

.

2011-05-12 03:40:39 -------- d-----w- c:\windows\system32\XPSViewer

2011-05-12 03:39:59 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2011-05-12 03:39:30 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2011-05-12 03:39:30 117760 ------w- c:\windows\system32\prntvpt.dll

2011-05-12 03:39:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2011-05-12 03:39:29 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2011-05-12 03:39:29 575488 ------w- c:\windows\system32\xpsshhdr.dll

2011-05-12 03:39:29 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2011-05-12 03:39:29 1676288 ------w- c:\windows\system32\xpssvcs.dll

2011-05-12 03:39:29 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2011-05-12 03:39:28 -------- d-----w- C:\d1c41a12f518af237d74

2011-05-12 01:49:55 98816 ----a-w- c:\windows\sed.exe

2011-05-12 01:49:55 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 01:49:55 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 01:49:55 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 01:18:42 -------- d-----w- C:\FOUND.000

2011-04-26 03:24:00 -------- d-----w- C:\FOUND.009

2011-04-14 02:11:01 -------- d-----w- c:\program files\common files\Motive

2011-04-14 02:10:31 45 ----a-w- c:\windows\system32\stopSvc.bat

2011-04-14 02:10:31 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-04-14 02:00:41 -------- d-----w- c:\program files\Verizon

.

==================== Find3M ====================

.

2011-05-12 00:52:38 90112 ----a-w- c:\windows\DUMP5615.tmp

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:12 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 03:36:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-26 03:36:08 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-22 23:06:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:40 290432 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 20:56:35.64 ===============

Attach2.zip

Link to post
Share on other sites
heir

heir

Posted
Posted

Let's follow up with some scans for leftovers.

Step 1.

Clean temp locations:

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2.

Scan with MBAM:

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.

Scan with ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 4.

Things I would like to see in your reply:

  1. The content of the report from MBAM from Step 2.
  2. The content of the report from ESET Online Scanner from Step 3.

Link to post
Share on other sites
SanderZ

SanderZ

Posted
  • Author
Posted

So Far So good ...

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6571

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/13/2011 9:25:18 PM

mbam-log-2011-05-13 (21-25-18).txt

Scan type: Quick scan

Objects scanned: 189558

Time elapsed: 15 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=02f62f01a11c8b4c84fbe75d6d0e80af

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-14 02:48:34

# local_time=2011-05-13 10:48:34 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 16422422 16422422 0 0

# compatibility_mode=1024 16777215 100 0 24997434 24997434 0 0

# compatibility_mode=8192 67108863 100 0 6579384 6579384 0 0

# scanned=81987

# found=2

# cleaned=2

# scan_time=4411

C:\System Volume Information\_restore{989C1DF8-9154-46E2-A20E-217350DF1BAB}\RP1\A0000020.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Drop Down Deals\YontooIEClient.dll.vir Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites
heir

heir

Posted
Posted

Hey there, SanderZ !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.

Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Run_ComboFix {47}Uninstall.jpg

Second:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Now delete any tools/logs that is left over after you ran OTC.

Step 2.

Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:

Older versions of Adobe Acrobat Reader are vulnerable to attack.

Please go to the link below to download an update.

http://www.adobe.com/products/acrobat/readstep2.html

Remove the older versions and install the latest.

Second:

One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the Internet.
  • Click Apply then OK.

Third:

Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.

.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Fourth:

Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

Fifth:

On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs

Sixth:

Nearly done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Lastly:

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.