Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

IE and Firefox Redirecting URL / IE and Firefox Not Loading

This is a discussion on IE and Firefox Redirecting URL / IE and Firefox Not Loading within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I am having a major issue here. 50% of the time when I attempt to open IE or Firefox the


 
 
Thread Tools Search this Thread
Old 11-14-2010, 02:54 PM   #1
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



I am having a major issue here. 50% of the time when I attempt to open IE or Firefox the process will show as loaded in task manager but program will not load resulting in me having to open taskmgr and ending the process only to try to launch it again. When the browsers do load the majority of the time when I attempt to visit a url via a search from google or yahoo I get redirected to some random website. This has been going on for about a week now and is quite frustrating. Having tried to fix the problem for countless hours I have decided to turn to the professionals here. Listed below are the DDS and ATTACH logs.

Also, I do use Daemon tools as well as bittorrent but for the purpose of this I have uninstalled both. I am also running Win7 64-bit so I was unable to run GMER. Thanks in advance.


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Ben at 17:42:20.26 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2725 [GMT -5:00]

AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ben\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: Google Sidewiki...
IE: Se&nd to OneNote
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\8fc8q5zs.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-9-24 23304]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-1-9 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-6 1153368]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2009-9-4 31744]
S3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-9-24 27776]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-1-10 12744]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-9-10 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-9-10 9096]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-8-26 30344]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]

=============== Created Last 30 ================

2010-11-13 06:46:18 -------- d-----w- C:\DFU
2010-11-13 04:57:13 -------- d-----w- C:\Users\Ben\AppData\Local\Activision
2010-11-13 04:57:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2010-11-13 04:57:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2010-11-13 04:57:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2010-11-13 04:57:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2010-11-13 04:57:00 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2010-11-13 04:57:00 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2010-11-13 04:44:26 -------- d-----w- C:\Program Files (x86)\Activision
2010-11-12 16:28:53 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F06909D8-24F3-4B71-A22F-DA7F5789AB93}\mpengine.dll
2010-11-12 04:20:27 -------- d-----w- C:\Users\Ben\DoctorWeb
2010-11-12 01:14:44 -------- d-----w- C:\Users\Ben\AppData\Roaming\com.id.travelocityDesktopApplication.945EA8FFAD8503D7A99EBC64831F957F5157DD31.1
2010-11-12 01:14:23 -------- d-----w- C:\Users\Ben\AppData\Local\Adobe
2010-11-10 23:29:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-10 23:29:14 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-10 23:17:55 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-11-10 23:10:43 -------- d-----w- C:\Users\Ben\AppData\Local\Apple
2010-11-09 00:00:12 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Toolbar
2010-11-08 05:37:36 -------- d-----w- C:\Users\Ben\AppData\Roaming\AVG10
2010-11-08 05:35:29 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-08 05:32:57 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-08 05:31:58 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-06 04:59:02 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
2010-11-02 15:44:35 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-02 15:44:35 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-02 15:44:35 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-02 15:44:35 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-02 15:44:35 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-02 15:44:35 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-02 15:44:35 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-02 15:44:23 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 21:53:08 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-25 17:54:39 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2010-10-25 17:50:36 -------- d-----w- C:\PROGRA~3\pIeDj01200
2010-10-25 17:08:18 -------- d-----w- C:\Program Files (x86)\CDYNE

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-11 0929 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 17:43:21.31 ===============
Attached Files
File Type: zip Attach.zip (3.9 KB, 22 views)
penbralat is offline  
Sponsored Links
Advertisement
 
Old 11-21-2010, 03:41 AM   #2
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

Welcome to TSF.

Sorry for the delay in getting to your thread.

I am K27 and will be assisting with any Malware issues that you have

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


If you still require assistance, please post a fresh set of DDS logs.

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-22-2010, 04:12 PM   #3
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



I know you guys are busy so no problem. I appreciate the help.

As requested, I have pasted the DDS log as well as attached a new attach.txt (in .zip format) file. Thanks.


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Ben at 19:10:47.38 on Mon 11/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2708 [GMT -5:00]

AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Users\Ben\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Ben\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: Google Sidewiki...
IE: Se&nd to OneNote
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\8fc8q5zs.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-9-24 23304]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-1-9 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-6 1153368]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-9-24 27776]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-1-10 12744]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-9-10 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-9-10 9096]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-8-26 30344]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]

=============== Created Last 30 ================

2010-11-20 06:29:43 -------- d-----w- C:\Program Files (x86)\Android Commander
2010-11-20 05:11:10 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2010-11-20 05:11:10 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2010-11-20 04:26:20 -------- d-----w- C:\Users\Ben\AppData\Roaming\Teleca
2010-11-20 04:26:02 -------- d-----w- C:\Program Files (x86)\Common Files\Teleca Shared
2010-11-20 04:25:24 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2010-11-20 04:25:15 -------- d-----w- C:\Program Files (x86)\HTC
2010-11-20 04:20:10 -------- d-----w- C:\android-sdk-windows
2010-11-19 17:18:44 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{12712A73-0A52-4B1A-AD20-D697B57B3206}\mpengine.dll
2010-11-13 06:46:18 -------- d-----w- C:\DFU
2010-11-13 04:57:13 -------- d-----w- C:\Users\Ben\AppData\Local\Activision
2010-11-13 04:57:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2010-11-13 04:57:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2010-11-13 04:57:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2010-11-13 04:57:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2010-11-13 04:57:00 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2010-11-13 04:57:00 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2010-11-13 04:44:26 -------- d-----w- C:\Program Files (x86)\Activision
2010-11-12 04:20:27 -------- d-----w- C:\Users\Ben\DoctorWeb
2010-11-12 01:14:44 -------- d-----w- C:\Users\Ben\AppData\Roaming\com.id.travelocityDesktopApplication.945EA8FFAD8503D7A99EBC64831F957F5157DD31.1
2010-11-12 01:14:23 -------- d-----w- C:\Users\Ben\AppData\Local\Adobe
2010-11-10 23:29:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-10 23:29:14 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-10 23:17:55 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-11-10 23:10:43 -------- d-----w- C:\Users\Ben\AppData\Local\Apple
2010-11-09 00:00:12 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Toolbar
2010-11-08 05:37:36 -------- d-----w- C:\Users\Ben\AppData\Roaming\AVG10
2010-11-08 05:35:29 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-08 05:32:57 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-08 05:31:58 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-06 04:59:02 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
2010-11-02 15:44:35 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-02 15:44:35 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-02 15:44:35 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-02 15:44:35 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-02 15:44:35 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-02 15:44:35 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-02 15:44:35 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-02 15:44:23 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 21:53:08 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-25 17:54:39 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2010-10-25 17:50:36 -------- d-----w- C:\PROGRA~3\pIeDj01200
2010-10-25 17:08:18 -------- d-----w- C:\Program Files (x86)\CDYNE

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-11 0929 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

============= FINISH: 19:11:26.44 ===============
Attached Files
File Type: zip Attach.zip (2.3 KB, 24 views)
penbralat is offline  
Sponsored Links
Advertisement
 
Old 11-23-2010, 03:23 PM   #4
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

Please disable the TeaTimer function of Spybot Search & Destroy as it is known to interfere with the tools that we will be using. Please DO NOT re-enable TeaTimer until we are finished with the clean up.

You can find instructions for disabling TeaTimer via the link below:

https://www.techsupportforum.com/f50/...ns-490111.html



1) Please tell me, do you recognize this application:

com.id.travelocityDesktopApplication.945EA8FFAD8503D7A99EBC64831F957F5157DD31.1


2) Please Open notepad and copy/paste the text in the codebox below into it:

Code:
@echo off
dir /a /s "C:\PROGRA~3\pIeDj01200" > log.txt
notepad log.txt
del log.txt
Save this as peek.bat
Choose to "Save type as - All Files"
Save it on your desktop.

It should look like this:
Double click on peek.bat & allow it to run.

Once the finished there will be a notepad file with some data in it, please copy/paste the contents of the notepad file be to me.



3) Then Download OTL to your desktop.

Double click the icon to start the tool. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Put a check in the box next to Lop Check and Purity Check
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized
.

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

These will be long logs, so please use multiple post if need be.


Please post back the answer to the application question, the log that was created after running peek.bat, and both OTL logs.

Thanks
K27.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-23-2010, 03:32 PM   #5
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



I recognize the app travelocity but I thought that I had uninstalled everything having to do with it as I don't use it anymore.

OTL.exe and the peek.bat thing do not work. I am running Win7 64bit and neither of these files work for some reason.

Peek.bat simply closes when I try to run it and no data/logs ever appear.
OTL.exe says that it's not a valid win32 application.
penbralat is offline  
Old 11-23-2010, 03:35 PM   #6
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



please right click them and then click "Run as Administrator".

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-23-2010, 03:37 PM   #7
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



Quote:
Originally Posted by K27 View Post
please right click them and then click "Run as Administrator".

Thanks.
I tried that, too, and it doesn't work. Peek.bat opens and closes really quick and I get the win32 error w/ the other file.
penbralat is offline  
Old 11-23-2010, 03:45 PM   #8
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Strange, Both work fine on my Windows 7 x64 system.

You are going to need to disable all active protection for this next tool to run correctly.



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-23-2010, 04:17 PM   #9
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



Well, after doing that my computer's getting the dreaded BSOD and I can't get into Windows. I tried safe mode w/ networking but the computer restarted itself. Ugh. Any ideas from here?
penbralat is offline  
Old 11-23-2010, 10:38 PM   #10
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

I am going to need as much information as you can give me here.

Did TDSSKiller find an infection and prompt for a reboot?

If so, what infection did it say that it found?

Was TDSSKiller clean and this happened after the next reboot?

Was all active protection disabled before you run the tool?

Do you have your Windows installation media?

Do you have access to another machine with a disc burner?

What error code is the BSOD giving?

We can repair this but I need as much detail as you can give me.

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-23-2010, 10:51 PM   #11
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



Quote:
Originally Posted by K27 View Post
Hi,

I am going to need as much information as you can give me here.

Did TDSSKiller find an infection and prompt for a reboot?

If so, what infection did it say that it found?

Was TDSSKiller clean and this happened after the next reboot?

Was all active protection disabled before you run the tool?

Do you have your Windows installation media?

Do you have access to another machine with a disc burner?

What error code is the BSOD giving?

We can repair this but I need as much detail as you can give me.

Thanks.
1) TDSSKiller did come up and say something about curing a file(s) as well as skipping something but I have no idea what the name of the file(s) were.

2) Yes, once the file(s) were cured and/or skipped TDSSKiller asked for a reboot which I did. However, during the Win7 splash screen the computer experiences a BSOD (it flashes super quick and restarts so I can't make out the error message; is there a setting in BIOS to freeze it on the error screen?!)

3) Since Windows won't restart I have no idea whether or not TDSSKiller is now clean (in terms of searching for new issues). If you're asking whether or not the file itself was clean I would assume as I downloaded the program via the link you supplied and protection was turned off so the file wasn't checked for viruses.

4) I had all protection turned off; firewall, teatimer, microsoft essentails, etc.

5) I was actually trying to find my Win7 DVD but was unsuccessful. I know it's in my house somethere (might be boxed up in the garage) so that I could try a repair. I did, however, get into the repair console but the system said that the problem(s) could not be repaired. I even shelled to DOS and did a chkdsk /f w/ no errors being found. I am wondering if something was written to the registry that's causing this.

6) Yes, I have 3 other computers w/ burners so that's not an issue. If you can direct me to a site to download a boot disc of some sort then I can do that. This is assuming that I can't locate my Win7 DVD which I'll look for in the morning.

7) See #2 above.

Man, this has been a hell of an evening trying to fix this thing. I really don't want to have to do a fresh install of Windows...again. Thanks for any help.
penbralat is offline  
Old 11-23-2010, 11:33 PM   #12
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

I am just about to leave for work so will not be able to continue until later.

There are many other things we can try, but the Windows disk would be the best option. If you are unable to locate the disk, we will try an alternative route.

I will post back soon with further instructions.

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-24-2010, 04:39 AM   #13
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

I think it is going to be best to hold tight on the more extravagant fixes until you can confirm as to whether you are able to find the Windows 7 disc.

Post back once you have had time to search, and we will go from there.

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-24-2010, 06:44 AM   #14
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



I am in search of the elusive disc so once I find it I'll update the thread. It WILL be today, though. Thanks for your help.
penbralat is offline  
Old 11-24-2010, 08:11 AM   #15
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



Sweet! I found the disc.
penbralat is offline  
Old 11-24-2010, 11:15 AM   #16
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Excellent, here's what I need you to do.

You will first need to set the system to boot from a CD/DVD before it will boot from the Windows disk.

Start your machine and when the manufacture splash screen first shows up, hit F2 (may be another F key) to take you into BIOS. Use the arrow keys to navigate to boot options and make sure your DVD drive is at the top of the boot list. This is normally done by using the plus (+) and minus (-) keys to move a boot drive up and down. Navigate to [b]Exit[/u] and be sure to scroll down to EXIT and SAVE changes and hit Enter.

NOTE: The above instructions may differ depending on your system and manufacture.

  • Insert the Windows 7 installation disk and allow the system to reboot once it blue screens
  • Press any key when you are prompted
  • Give the machine some time to boot from the disk
  • From the drop down menus, select the appropriate Country for your preferred Language, Time & Date Format and Currency and then click Next
  • Click Repair your computer DO NOT click the Install button, this WILL overwrite all of you Data
  • After confirming that the Use Recovery tools option is checked, click the Operating System that you want to repair,(Windows 7, normally on C:\) and then click Next
  • You will then see the System Recovery Options Screen
  • On the System Recovery Options Screen you will see the option Startup Repair, please click this option and allow the startup repair to complete


The Start up Repair can take quite some time so please be very patient with it. If it fails to get the system booting after the first attempt, please try it exactly as above for a second time.

If after attempting the Start up Repair twice, the system will still not boot, please post back and let me know.

If the start up repair does work, please navigate to, and post the TDSSKiller log, if one was created. The TDSSKiller log can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-24-2010, 12:45 PM   #17
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



Well, I've ran into yet another issue. While loading the Win7 disc I am getting a Windows Boot Manager error:

Windows has encountered a problem communicating with the device connected to your computer.

This error can be caused by unplugging a removable storage device such as an external USB drive while the device is in use, or by faulty hardware such as a hard drive or CD-ROM drive that is failing. Make sure any removable storage is properly connected and then restart your computer.

If you continue to receive this error message, contact the hardware manufacturer.

Status: 0xc00000e9
Info: An unexpected I/O error has occurred.

This is a new one. I have never seen this message before. However, when I get to the repair console via booting regularly the repair fails but it gives me the chance to shell to DOS. Going this route I am able to boot the Win7 disc but I only see an 'Install' option and nothing about repairing although I might be missing something. Have you seen this before? The drive seems to be working perfectly fine from DOS in terms of copying, renaming, making directories, moving directories, etc. so I don't believe it's the drive. Plus, chkdsk doesn't give any errors, either. Not sure where to go from here. Hopefully, you have an idea or two. Thanks.

It also gives you the option to continue (Enter) or Exit (ESC). ESC restarts the computer and pressing enter attempts to load the Window files with no success (continuous looping of the message above).
penbralat is offline  
Old 11-24-2010, 01:00 PM   #18
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



I can access the repair option by pressing F8 to access the Safe Mode menu but it's via the recovery drive X:\ so I am not sure if that's the same thing as booting from the disc or not. Also, looking at DOS I saw the TDSSKiller text file so I copied it to my other computer and have attached it here. Maybe it'll give you some insight as to what's causing the computer not to boot.

Another thing I noticed is that for some reason when accessing my drives via the command prompt my C:\ is now labeled as E:\. Is that normal? Why would the drive letters change like that? It would seem to me that that would cause an issue in itself when attempting to boot. Hopefully this info helps.
Attached Files
File Type: txt TDSSKiller.2.4.8.0_23.11.2010_18.46.54_log.txt (64.8 KB, 30 views)
penbralat is offline  
Old 11-24-2010, 01:04 PM   #19
K27
Security Team
Analyst
 
K27's Avatar
 
Join Date: Aug 2009
Location: Kent, UK
Posts: 690
OS: Windows7,XP Pro,Vista Home Premium



Hi,

Please DO NOT use the "Repair my Computer" feature on the advanced boot option screen. This is to reset the system to factory setting on most systems and will over write all of your data.

Please give me some time to go over the TDSSKiller log and I will post back. Please copy/paste the log for me.

Thanks.
__________________


The Internet is the new age battle of the old age clash between good and evil.
To be old and wise you have to first be young and stupid.
K27 is offline  
Old 11-24-2010, 01:07 PM   #20
Registered Member
 
Join Date: Nov 2010
Posts: 28
OS: Win7 64-bit



2010/11/23 18:46:54.0716 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/23 18:46:54.0716 ================================================================================
2010/11/23 18:46:54.0716 SystemInfo:
2010/11/23 18:46:54.0716
2010/11/23 18:46:54.0716 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/23 18:46:54.0716 Product type: Workstation
2010/11/23 18:46:54.0716 ComputerName: BEN-PC
2010/11/23 18:46:54.0717 UserName: Ben
2010/11/23 18:46:54.0717 Windows directory: C:\Windows
2010/11/23 18:46:54.0717 System windows directory: C:\Windows
2010/11/23 18:46:54.0717 Running under WOW64
2010/11/23 18:46:54.0717 Processor architecture: Intel x64
2010/11/23 18:46:54.0717 Number of processors: 4
2010/11/23 18:46:54.0717 Page size: 0x1000
2010/11/23 18:46:54.0717 Boot type: Normal boot
2010/11/23 18:46:54.0717 ================================================================================
2010/11/23 18:46:54.0717 Utility is running under WOW64
2010/11/23 18:46:55.0596 Initialize success
2010/11/23 18:46:58.0062 ================================================================================
2010/11/23 18:46:58.0062 Scan started
2010/11/23 18:46:58.0062 Mode: Manual;
2010/11/23 18:46:58.0062 ================================================================================
2010/11/23 18:47:00.0056 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/23 18:47:00.0105 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/23 18:47:00.0132 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/23 18:47:00.0175 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/23 18:47:00.0223 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/23 18:47:00.0249 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/23 18:47:00.0304 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/23 18:47:00.0372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/23 18:47:00.0411 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/23 18:47:00.0436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/23 18:47:00.0462 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/23 18:47:00.0493 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/23 18:47:00.0514 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/23 18:47:00.0536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/23 18:47:00.0562 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/23 18:47:00.0620 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
2010/11/23 18:47:00.0736 AODDriver (43ed1d08c19626688db34f63e55114fb) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys
2010/11/23 18:47:00.0777 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/23 18:47:00.0823 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/23 18:47:00.0848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/23 18:47:00.0886 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/23 18:47:00.0907 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/23 18:47:01.0009 ATIAVPCI (2fdf783e6285c3765de5520296df1cab) C:\Windows\system32\DRIVERS\atinavrr.sys
2010/11/23 18:47:01.0097 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2010/11/23 18:47:01.0299 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/23 18:47:01.0425 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/23 18:47:01.0461 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/23 18:47:01.0499 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/23 18:47:01.0537 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/23 18:47:01.0583 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/23 18:47:01.0601 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/23 18:47:01.0624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/23 18:47:01.0671 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/23 18:47:01.0701 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/23 18:47:01.0724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/23 18:47:01.0740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/23 18:47:01.0831 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/23 18:47:01.0886 BtHidBus (88b11d73cc023274e590fbc3565ae519) C:\Windows\system32\Drivers\BtHidBus.sys
2010/11/23 18:47:01.0909 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/23 18:47:01.0931 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/23 18:47:01.0975 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2010/11/23 18:47:02.0037 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/23 18:47:02.0087 btnetBUs (23ef863df7e0b3185b60ec71c2b291a7) C:\Windows\system32\Drivers\btnetBus.sys
2010/11/23 18:47:02.0122 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/23 18:47:02.0171 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/23 18:47:02.0204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/23 18:47:02.0242 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/23 18:47:02.0308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/23 18:47:02.0327 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/23 18:47:02.0360 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/23 18:47:02.0394 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/23 18:47:02.0424 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/23 18:47:02.0521 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/23 18:47:02.0560 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/11/23 18:47:02.0597 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/23 18:47:02.0614 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/23 18:47:02.0638 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/23 18:47:02.0686 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/23 18:47:02.0740 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/23 18:47:02.0786 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/23 18:47:02.0908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/23 18:47:02.0983 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/23 18:47:03.0060 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2010/11/23 18:47:03.0125 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2010/11/23 18:47:03.0159 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/23 18:47:03.0197 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2010/11/23 18:47:03.0232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/23 18:47:03.0259 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/23 18:47:03.0293 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/23 18:47:03.0315 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/23 18:47:03.0339 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/23 18:47:03.0354 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/23 18:47:03.0376 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/23 18:47:03.0407 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/23 18:47:03.0425 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/23 18:47:03.0478 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/23 18:47:03.0514 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/23 18:47:03.0540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/23 18:47:03.0592 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/11/23 18:47:03.0626 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/23 18:47:03.0649 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/23 18:47:03.0680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/23 18:47:03.0708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/23 18:47:03.0750 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/23 18:47:03.0806 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/23 18:47:03.0863 HTCAND64 (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2010/11/23 18:47:03.0904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/23 18:47:03.0933 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/23 18:47:03.0972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/23 18:47:03.0998 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/23 18:47:04.0028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/23 18:47:04.0058 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/23 18:47:04.0075 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/23 18:47:04.0106 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/23 18:47:04.0129 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/23 18:47:04.0152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/23 18:47:04.0188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/23 18:47:04.0206 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/23 18:47:04.0231 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/23 18:47:04.0288 IvtBtBUs (70ebda3ed637b0212450c5542edd11a7) C:\Windows\system32\Drivers\IvtBtBus.sys
2010/11/23 18:47:04.0329 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/23 18:47:04.0356 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/23 18:47:04.0380 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/23 18:47:04.0432 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/23 18:47:04.0446 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/23 18:47:04.0522 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/23 18:47:04.0556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/23 18:47:04.0577 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/23 18:47:04.0608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/23 18:47:04.0628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/23 18:47:04.0649 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/23 18:47:04.0693 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/23 18:47:04.0720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/23 18:47:04.0779 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
2010/11/23 18:47:04.0860 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2010/11/23 18:47:04.0903 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/23 18:47:04.0934 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/23 18:47:04.0964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/23 18:47:04.0997 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/23 18:47:05.0023 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/23 18:47:05.0055 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/23 18:47:05.0074 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/23 18:47:05.0106 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/23 18:47:05.0130 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/23 18:47:05.0152 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/23 18:47:05.0201 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/23 18:47:05.0238 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/23 18:47:05.0312 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/23 18:47:05.0348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/23 18:47:05.0378 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/23 18:47:05.0423 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/23 18:47:05.0449 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/23 18:47:05.0467 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/23 18:47:05.0507 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/23 18:47:05.0528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/23 18:47:05.0549 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/23 18:47:05.0573 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/23 18:47:05.0601 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/23 18:47:05.0622 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/23 18:47:05.0637 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/23 18:47:05.0698 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/11/23 18:47:05.0737 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/23 18:47:05.0781 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/23 18:47:05.0837 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/23 18:47:05.0875 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/23 18:47:05.0903 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/23 18:47:05.0933 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/23 18:47:05.0954 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/23 18:47:05.0968 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/23 18:47:05.0986 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/23 18:47:06.0006 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/23 18:47:06.0088 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
2010/11/23 18:47:06.0183 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2010/11/23 18:47:06.0244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/23 18:47:06.0269 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/23 18:47:06.0301 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/23 18:47:06.0350 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/23 18:47:06.0390 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/23 18:47:06.0415 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/23 18:47:06.0442 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/23 18:47:06.0483 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/23 18:47:06.0502 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/23 18:47:06.0553 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/23 18:47:06.0574 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/23 18:47:06.0630 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/23 18:47:06.0649 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/23 18:47:06.0678 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/23 18:47:06.0750 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2010/11/23 18:47:06.0795 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/23 18:47:06.0823 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/23 18:47:06.0986 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/23 18:47:07.0082 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/23 18:47:07.0142 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/23 18:47:07.0196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/23 18:47:07.0236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/23 18:47:07.0269 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/23 18:47:07.0290 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/23 18:47:07.0326 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/23 18:47:07.0357 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/23 18:47:07.0397 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/23 18:47:07.0437 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/23 18:47:07.0475 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/23 18:47:07.0493 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/23 18:47:07.0512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/23 18:47:07.0536 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/11/23 18:47:07.0583 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/23 18:47:07.0605 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/23 18:47:07.0636 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/23 18:47:07.0667 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/23 18:47:07.0741 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/23 18:47:07.0796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/23 18:47:07.0832 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/11/23 18:47:07.0865 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/23 18:47:07.0894 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/23 18:47:07.0961 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/23 18:47:07.0989 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/23 18:47:08.0021 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/23 18:47:08.0038 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/23 18:47:08.0062 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/23 18:47:08.0093 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/23 18:47:08.0106 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/23 18:47:08.0125 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/23 18:47:08.0142 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/23 18:47:08.0166 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/23 18:47:08.0189 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/23 18:47:08.0215 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/23 18:47:08.0257 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/23 18:47:08.0334 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
2010/11/23 18:47:08.0335 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
2010/11/23 18:47:08.0353 sptd - detected Locked file (1)
2010/11/23 18:47:08.0414 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/23 18:47:08.0443 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/23 18:47:08.0466 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/23 18:47:08.0501 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/23 18:47:08.0533 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/23 18:47:08.0563 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/23 18:47:08.0580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/23 18:47:08.0675 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/23 18:47:08.0753 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/23 18:47:08.0784 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/23 18:47:08.0806 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/23 18:47:08.0823 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/23 18:47:08.0848 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/23 18:47:08.0869 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/23 18:47:08.0951 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2010/11/23 18:47:09.0017 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/23 18:47:09.0062 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/23 18:47:09.0099 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/23 18:47:09.0129 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/23 18:47:09.0177 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/23 18:47:09.0215 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/23 18:47:09.0233 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/23 18:47:09.0279 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/23 18:47:09.0307 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/23 18:47:09.0338 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/23 18:47:09.0365 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/23 18:47:09.0399 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/23 18:47:09.0434 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/23 18:47:09.0483 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/23 18:47:09.0515 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/23 18:47:09.0552 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/23 18:47:09.0600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/23 18:47:09.0627 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/23 18:47:09.0649 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/23 18:47:09.0674 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/23 18:47:09.0696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/23 18:47:09.0708 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/23 18:47:09.0724 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/23 18:47:09.0747 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/23 18:47:09.0780 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/23 18:47:09.0809 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/23 18:47:09.0855 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/23 18:47:09.0881 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/23 18:47:09.0901 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/23 18:47:09.0921 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/11/23 18:47:09.0944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/23 18:47:09.0979 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/23 18:47:09.0987 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/23 18:47:10.0022 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/23 18:47:10.0051 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/23 18:47:10.0105 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/23 18:47:10.0126 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/23 18:47:10.0206 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/11/23 18:47:10.0268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/23 18:47:10.0307 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/23 18:47:10.0339 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/23 18:47:10.0374 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/23 18:47:10.0453 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2010/11/23 18:47:10.0521 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/23 18:47:10.0524 ================================================================================
2010/11/23 18:47:10.0524 Scan finished
2010/11/23 18:47:10.0524 ================================================================================
2010/11/23 18:47:10.0531 Detected object count: 2
2010/11/23 18:47:33.0342 Locked file(sptd) - User select action: Skip
2010/11/23 18:47:33.0429 \HardDisk1 - will be cured after reboot
2010/11/23 18:47:33.0429 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/11/23 18:48:02.0665 Deinitialize success
penbralat is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:20 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts