having problems with dds

M

MinPin

New member
I am infected with i think with the vundo virus i have tried many things and to no avail. I am in need of some advanced help but i cannot get the dds log going. Any advice maybe a script blocking tool is running i dont know?
 
Last edited by a moderator:
ya i still need help

I have gotten ckfiles, and gmer output but no dds output- running rkill and superantispyware remover, defogger. I also get something that says my boot system is corrupted, finally ran mabm completely through last night without any failures or bluescreen of death.
 
ok see if you can post a HJT log instead:

Download HJT version 2.0.4 Executable to your desktop. Doubleclick to start. Click on the scan log at the bottom, then the save log button at the bottom. Save the log somewhere you can find it then copy/paste the log contents in your reply.
 
HJT log and thanks for your help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:58 PM, on 12/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Documents and Settings\Christina M. Womack\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5E0A9F4E-5968-4C63-B6DC-F577565E4A38} - (no file)
O2 - BHO: (no name) - {80FB2CF9-5805-49EB-923D-3A953DBB10EA} - (no file)
O2 - BHO: (no name) - {8D3AA993-07D5-436F-8EA4-91F8E9A114CA} - (no file)
O2 - BHO: (no name) - {A9330ABF-FBA0-4C52-AA0D-FBB180E28BF7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ljJYPHbC - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 7677 bytes
 
hi,

the vundo virus
Click to expand...
Why do you think you have "vundo." Have you updated Spybot lately?

We will get another download to use as a check for malware. You can keep it.

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually and a scan started manually.
 
Hello again

I was infected with vundo about a year ago- wife did not protect her computer with any antivirus program. The computer began slowing so i ran spybot and it said I had vundo-trojan and then cleaned it up with spybot but I am still having problems with a slow computer and redirecting to websites. So that is where I am at now. I cannot seem to progress any further with this virus or malware. Anyways I ran malwarebytes a couple of days ago and had one thing pop but today it was clean.
Here is the log.
Thanks

12/16/2010 11:14:39 PM
mbam-log-2010-12-16 (23-14-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 220482
Time elapsed: 51 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
ok we will get another download to use. If you still have redirects after using it let me know.

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malicious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report
 
working good!

Ok looks like no redirecting, and here is the log and thanks again


2010/12/17 22:15:53.0250 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/17 22:15:53.0250 ================================================================================
2010/12/17 22:15:53.0250 SystemInfo:
2010/12/17 22:15:53.0250
2010/12/17 22:15:53.0250 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/17 22:15:53.0250 Product type: Workstation
2010/12/17 22:15:53.0250 ComputerName: ACER-D8E77F41BE
2010/12/17 22:15:53.0250 UserName: Christina M. Womack
2010/12/17 22:15:53.0250 Windows directory: C:\WINDOWS
2010/12/17 22:15:53.0250 System windows directory: C:\WINDOWS
2010/12/17 22:15:53.0250 Processor architecture: Intel x86
2010/12/17 22:15:53.0250 Number of processors: 1
2010/12/17 22:15:53.0250 Page size: 0x1000
2010/12/17 22:15:53.0250 Boot type: Normal boot
2010/12/17 22:15:53.0250 ================================================================================
2010/12/17 22:15:53.0781 Initialize success
2010/12/17 22:16:07.0593 ================================================================================
2010/12/17 22:16:07.0593 Scan started
2010/12/17 22:16:07.0593 Mode: Manual;
2010/12/17 22:16:07.0593 ================================================================================
2010/12/17 22:16:08.0968 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/17 22:16:09.0343 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/17 22:16:09.0546 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/17 22:16:09.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/17 22:16:09.0875 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/17 22:16:10.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/17 22:16:10.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/17 22:16:10.0359 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/17 22:16:10.0546 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/17 22:16:10.0734 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/17 22:16:10.0937 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/17 22:16:11.0140 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/17 22:16:11.0359 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/17 22:16:11.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/17 22:16:11.0703 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/17 22:16:11.0875 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/17 22:16:12.0109 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/12/17 22:16:12.0312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/17 22:16:12.0500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/17 22:16:12.0703 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/17 22:16:12.0984 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/17 22:16:13.0281 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/17 22:16:13.0515 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/17 22:16:13.0765 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/17 22:16:14.0078 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/17 22:16:14.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/17 22:16:14.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/17 22:16:14.0828 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/17 22:16:15.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/17 22:16:15.0203 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/17 22:16:15.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/17 22:16:15.0875 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/17 22:16:15.0984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/17 22:16:16.0171 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/17 22:16:16.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/17 22:16:16.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/17 22:16:16.0562 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/17 22:16:16.0906 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/17 22:16:17.0140 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/17 22:16:17.0281 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/17 22:16:17.0500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/17 22:16:17.0703 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/17 22:16:17.0906 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/17 22:16:18.0078 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/17 22:16:18.0296 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/12/17 22:16:18.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/17 22:16:18.0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/17 22:16:18.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/17 22:16:18.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/17 22:16:19.0078 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/17 22:16:19.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/17 22:16:19.0453 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
2010/12/17 22:16:19.0671 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
2010/12/17 22:16:19.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/17 22:16:19.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/17 22:16:20.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/17 22:16:20.0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/17 22:16:20.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/17 22:16:20.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/17 22:16:20.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/17 22:16:20.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/17 22:16:21.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/17 22:16:21.0390 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/17 22:16:21.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/17 22:16:21.0843 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/17 22:16:22.0125 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/17 22:16:22.0312 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/17 22:16:22.0453 HSFHWAZL (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/12/17 22:16:22.0640 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/17 22:16:22.0812 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/17 22:16:23.0031 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/17 22:16:23.0171 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/17 22:16:23.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/17 22:16:23.0593 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/17 22:16:23.0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/17 22:16:24.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/17 22:16:24.0421 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/17 22:16:24.0718 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/17 22:16:24.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/17 22:16:25.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/17 22:16:25.0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/17 22:16:25.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/17 22:16:25.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/17 22:16:25.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/17 22:16:25.0812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/17 22:16:25.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/17 22:16:26.0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/17 22:16:26.0343 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/17 22:16:26.0484 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/17 22:16:26.0828 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/17 22:16:27.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/17 22:16:27.0187 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/17 22:16:27.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/17 22:16:27.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/17 22:16:27.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/17 22:16:27.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/17 22:16:28.0031 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/17 22:16:28.0187 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/17 22:16:28.0390 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/17 22:16:28.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/17 22:16:28.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/17 22:16:28.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/17 22:16:29.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/17 22:16:29.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/17 22:16:29.0375 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/17 22:16:29.0578 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
2010/12/17 22:16:29.0687 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/17 22:16:29.0812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/17 22:16:29.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/17 22:16:30.0093 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/17 22:16:30.0234 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/17 22:16:30.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/17 22:16:30.0656 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
2010/12/17 22:16:30.0890 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/12/17 22:16:31.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/17 22:16:31.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/17 22:16:31.0468 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/12/17 22:16:31.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/17 22:16:31.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/17 22:16:31.0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/17 22:16:32.0000 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2010/12/17 22:16:32.0218 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2010/12/17 22:16:32.0453 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2010/12/17 22:16:32.0515 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/17 22:16:32.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/17 22:16:32.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/17 22:16:32.0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/17 22:16:33.0343 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/17 22:16:33.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/17 22:16:34.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/17 22:16:34.0625 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/17 22:16:34.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/17 22:16:35.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/17 22:16:35.0125 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/12/17 22:16:35.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/17 22:16:35.0453 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/17 22:16:35.0656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/17 22:16:35.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/17 22:16:36.0062 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/17 22:16:36.0281 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/17 22:16:36.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/17 22:16:36.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/17 22:16:36.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/17 22:16:36.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/17 22:16:36.0953 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/17 22:16:37.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/17 22:16:37.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/17 22:16:37.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/17 22:16:37.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/17 22:16:37.0906 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/12/17 22:16:38.0343 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/17 22:16:38.0531 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/17 22:16:38.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/17 22:16:39.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/17 22:16:39.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/17 22:16:39.0593 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/17 22:16:39.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/17 22:16:39.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/17 22:16:40.0046 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/17 22:16:40.0312 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/17 22:16:40.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/17 22:16:40.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/17 22:16:40.0906 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/17 22:16:41.0109 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/17 22:16:41.0328 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/12/17 22:16:41.0531 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/17 22:16:41.0750 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/17 22:16:41.0968 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/17 22:16:42.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/17 22:16:42.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/17 22:16:42.0468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/17 22:16:42.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/17 22:16:42.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/17 22:16:43.0078 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/17 22:16:43.0281 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/12/17 22:16:43.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/17 22:16:43.0687 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/17 22:16:43.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/17 22:16:44.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/17 22:16:44.0515 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/17 22:16:44.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/17 22:16:44.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/17 22:16:45.0015 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/17 22:16:45.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/17 22:16:45.0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/17 22:16:45.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/17 22:16:45.0671 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/17 22:16:45.0812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/17 22:16:45.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/17 22:16:46.0406 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/12/17 22:16:46.0781 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/12/17 22:16:47.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/17 22:16:47.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/17 22:16:47.0546 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/17 22:16:47.0734 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/17 22:16:47.0812 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/17 22:16:47.0812 ================================================================================
2010/12/17 22:16:47.0812 Scan finished
2010/12/17 22:16:47.0812 ================================================================================
2010/12/17 22:16:47.0828 Detected object count: 1
2010/12/17 22:17:38.0125 \HardDisk0 - will be cured after reboot
2010/12/17 22:17:38.0125 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/17 22:18:12.0109 Deinitialize success
 
hi,

ok good. We will get another download to use as a check for any other malware. Its called combofix. There is a guide to read first. Read through the guide and apply the directions on your own machine. Please post the log in your reply.

Guide to using Combofix


You had a rootkit on your machine. Rootkits can hide malicious files and components from traditional antivirus/antimalware software. They are burying themselves deeper and deeper into the operating system. Often special software is used to remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected. You might consider a reformat/reinstall of Windows.
The best source for information on how to do this would be the computer vendors website.
 
combofix

hi again sorry but for some reason combofix is not completing. I turned off avast and zone alarm runs all the way the checking point where it says it will be 10 mins or maybe more and then just sticks.

Thanks
 
ok no problem. You can try running Combofix in safe mode. To reach safe mode you would tap the f8 key during a computer restart. Select the first option from the list: safe mode. Log on to your normal account. Once at the safe mode desktop run combofix.
 
Combofix could take up to 20 minutes to complete a scan. You said you had a gmer log, can you rerun gmer and post a new log from it.
 
Gmer log

ya i ran that program several times for atleast 30mins a pop but here is the log you asked for


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-20 19:23:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS421260H9AT00 rev.HA2OA70S
Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1.WOM\LOCALS~1\Temp\pwtyraow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAA799CF0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAA432782]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAA4516DC]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAA44BEB4]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAA44C2A2]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAA455916]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAA433398]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAA452FE4]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAA45293C]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAA44ADF0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAA45393C]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA453B44]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAA432FAA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAA799C86]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAA44E1CE]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAA44DDF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAA799DA6]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAA4548D2]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAA454208]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAA4552A4]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAA4387DC]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAA43375C]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAA454E12]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAA4520C4]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAA44CF0A]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAA44CC86]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA7A6B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80579608 7 Bytes JMP AA7A6B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEC 5 Bytes JMP AA7A25D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B64 5 Bytes JMP AA7A3FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[588] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA43BC2A] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA43BC2A] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA43BC2A] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA43BC2A] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA43D672] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA43BC2A] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA43DCBA] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA43D4C8] \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----
 
ok. Your welcome. You can remove combofix like this:

start>run and type in combofix /uninstall
click ok or enter
note the space between the x and the /

You can delete the tdsskiller icon from your desktop

Note that in the free version of Malwarebytes: it must be updated manually and a scan started manually.

You can make a new restore point: the how and the why:

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

And last:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself. How to harden FireFox. for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures in links below.

Happy Safe Surfing.
 
You must log in or register to reply here.
Back
Top