Malware Infection, keep coming back

Status
Not open for further replies.
Hi Ken!

I didn't se your edit on the post. I just followed the e-mail so i did the CF in safemode. Just tell me if you want we to do the way you edited.

ComboFix 10-07-23.04 - Olsson 2010-07-24 22:30:30.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.1789 [GMT 2:00]
Körs från: c:\documents and settings\Olsson\Skrivbord\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.dll

.
(((((((((((((((((((((((( Filer Skapade från 2010-06-24 till 2010-07-24 ))))))))))))))))))))))))))))))
.

2010-07-24 12:55 . 2010-07-24 12:55 -------- d-----w- C:\_OTL
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\documents and settings\Olsson\Application Data\Malwarebytes
2010-07-23 13:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2010-07-23 13:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 15:14 . 2010-07-14 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-07-14 13:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-28 12:55 . 2010-06-28 12:55 -------- d-----w- c:\documents and settings\Olsson\Application Data\U3
2010-06-26 17:45 . 2010-06-26 17:45 14720 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-26 15:05 . 2010-06-26 15:05 -------- d-----w- c:\program\iPod
2010-06-26 14:51 . 2010-06-26 14:51 -------- d-----w- c:\program\Bonjour
2010-06-26 14:49 . 2010-06-26 14:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 14:48 . 2010-06-26 14:49 -------- d-----w- c:\program\Safari
2010-06-26 14:47 . 2010-06-26 14:47 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 10:18 . 2010-01-30 10:57 -------- d-----w- c:\documents and settings\Olsson\Application Data\Skype
2010-07-24 09:15 . 2010-01-30 10:59 -------- d-----w- c:\documents and settings\Olsson\Application Data\skypePM
2010-07-19 21:12 . 2009-11-01 15:12 -------- d-----w- c:\documents and settings\Olsson\Application Data\Spotify
2010-07-15 09:58 . 2009-06-20 15:48 -------- d-----w- c:\program\Pando Networks
2010-06-29 21:05 . 2010-05-13 11:35 -------- d-----w- c:\documents and settings\Olsson\Application Data\Apple Computer
2010-06-26 15:52 . 2010-02-04 09:48 -------- d-----w- c:\program\World of Warcraft Trial
2010-06-26 15:07 . 2010-05-13 11:32 -------- d-----w- c:\program\iTunes
2010-06-26 15:04 . 2010-05-13 11:25 -------- d-----w- c:\program\Delade filer\Apple
2010-06-22 19:15 . 2004-08-04 12:00 87766 ----a-w- c:\windows\system32\perfc01D.dat
2010-06-22 19:15 . 2004-08-04 12:00 454926 ----a-w- c:\windows\system32\perfh01D.dat
2010-06-19 17:14 . 2010-06-19 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-06-18 19:06 . 2010-01-17 17:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 14:31 . 2007-11-07 09:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 10:47 . 2008-03-24 20:53 -------- d-----w- c:\program\Microsoft Silverlight
2010-05-29 09:10 . 2010-01-30 10:56 -------- d-----r- c:\program\Skype
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 11:43 . 2010-05-13 11:43 321328 ----a-w- c:\program\utorrent.exe
2010-05-13 11:36 . 2010-05-13 11:36 562864 ----a-w- c:\program\GoogleEarthPluginSetup.exe
2010-05-13 11:18 . 2010-05-13 11:18 97547048 ----a-w- c:\program\iTunesSetup.exe
2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 14:58 . 2010-05-04 14:58 282624 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-04 14:58 . 2010-05-04 14:58 655360 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-04 14:58 . 2010-05-04 14:58 208896 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-12-28 19:48 . 2009-12-28 19:48 1971 ----a-w- c:\program\Harry Potter(TM) och Fången från Azkaban.lnk
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"DAEMON Tools-1033"="c:\program\D-Tools\daemon.exe" [2004-08-22 81920]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"fssui"="c:\program\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 16:05 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 21:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 21:55 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 21:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-11-23 02:12 1060864 ----a-r- c:\program\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34 16143872 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jenny\\Lokala inställningar\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\mph.exe"=
"c:\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Mohaa\\Mohaa\\MOHAA.exe"=
"c:\\Program\\Ventrilo\\Ventrilo.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Team17\\Worms Armageddon\\WA.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Java\\jre6\\bin\\java.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-11-25 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-11-25 5248]
S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2009-09-13 16384]
S2 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\FSfilter.sys [2009-09-13 47280]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\win2k\fsgk.sys [2009-09-13 37456]
S2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\FSrec.sys [2009-09-13 15984]
S2 FSpm;F-Secure Policy Manager;c:\program\F-Secure\Common\FSpm.sys [2009-09-13 65328]
S2 gupdate;Google Update Service (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2010-01-27 17792]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-02-07 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 16:05]

2010-02-06 c:\windows\Tasks\Genomsök alla lokala hårddiskar.job
- c:\program\F-Secure\ANTI-V~1\fsavstrt.exe [2009-09-13 15:44]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 11:36]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 11:36]

2010-07-14 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\program\SPYBOT~1\SpybotSD.exe [2007-11-08 13:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2C8DC5CE-1445-4847-B385-34C3AC51553E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{C4030E41-5E64-40C0-B6D9-D952AC516761}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://forums.spybot.info/index.php
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jenny\Start-meny\Program\IMVU\Run IMVU.lnk
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Worms Pinball - c:\team17\Worms Pinball\Uninst.isu
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program\NOS\bin\getPlus_HelperSvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4DD248]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x8a4dd248
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7868bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7875a21
SendHandler -> NDIS.sys @ 0xf785387b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-789336058-682003330-1775052-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2420B5BB-416C-03FE-7DD8-043FEB80489B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaoihfhdedlcocinfl"=hex:69,61,61,6d,70,6c,6b,64,67,66,6b,67,6d,6c,61,64,70,62,
00,00
"haijbhbmoefjaaal"=hex:69,61,61,6d,70,6c,6b,64,67,66,6b,67,6d,6c,61,64,70,62,
00,00
"iackpenkdhejipclep"=hex:63,61,6e,6c,64,6d,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Sluttid: 2010-07-24 22:43:02
ComboFix-quarantined-files.txt 2010-07-24 20:42

Före genomsökningen: 10*666*192*896 byte ledigt
Efter genomsökningen: 10*679*812*096 byte ledigt

- - End Of File - - C6E18B31B5F6C66BCD521593374C312A
 
No, thats fine, you got it to run, those instructions I posted in my edit where for incase CF stalled again.

See if you can run GMER in Safemode also
 
Hi Ken!

I get the same message running GMER in safemode. I forgot to inform you when running CF in safemode i got the message like "Detected rootkit, computer will reboot"

Br
 
Lets try this one

Please download RootRepeal from one of these locations and save it to your desktop
Here
Here
Here
  • Open
    rootRepealDesktopIcon.png
    on your desktop.
  • Click the
    reportTab.png
    tab.
  • Click the
    btnScan.png
    button.
  • Check just these boxes:
  • post-75503-1250480183.gif
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the
    saveReport.png
    button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
 
Hi Ken!

Push Ok (After this the report was made automatically so i couldn't proceed any steps after clicking OK)

Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/24 23:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xB9EE5000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAD516000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA61C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD07B000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "d347bus.sys" at address 0xb9f8e818

#: 041 Function Name: NtCreateKey
Status: Hooked by "d347bus.sys" at address 0xb9f8e7d0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xb9f82a20

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xb9f832a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xb9f8e910

#: 119 Function Name: NtOpenKey
Status: Hooked by "d347bus.sys" at address 0xb9f8e794

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xb9f832c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "d347bus.sys" at address 0xb9f8e866

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xb9f8e0b0

==EOF==
 
  • Download TDSSKiller and save it to your Desktop.

Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

Please post the content of the TDSSKiller log
 
Last edited:
Hi Ken!

Do you know why CF removed the .sys file for daemon tools?
Here's the log:

2010/07/25 09:44:37.0375 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/25 09:44:37.0375 ================================================================================
2010/07/25 09:44:37.0375 SystemInfo:
2010/07/25 09:44:37.0375
2010/07/25 09:44:37.0375 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/25 09:44:37.0375 Product type: Workstation
2010/07/25 09:44:37.0375 ComputerName: JEOH1
2010/07/25 09:44:37.0390 UserName: Olsson
2010/07/25 09:44:37.0390 Windows directory: C:\WINDOWS
2010/07/25 09:44:37.0390 System windows directory: C:\WINDOWS
2010/07/25 09:44:37.0390 Processor architecture: Intel x86
2010/07/25 09:44:37.0390 Number of processors: 1
2010/07/25 09:44:37.0390 Page size: 0x1000
2010/07/25 09:44:37.0390 Boot type: Normal boot
2010/07/25 09:44:37.0390 ================================================================================
2010/07/25 09:44:37.0640 Initialize success
2010/07/25 09:45:17.0781 ================================================================================
2010/07/25 09:45:17.0781 Scan started
2010/07/25 09:45:17.0781 Mode: Manual;
2010/07/25 09:45:17.0781 ================================================================================
2010/07/25 09:45:18.0734 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/25 09:45:18.0984 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/25 09:45:19.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/25 09:45:19.0953 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/25 09:45:21.0046 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/07/25 09:45:22.0093 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
2010/07/25 09:45:22.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/25 09:45:22.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/25 09:45:23.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/25 09:45:23.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/25 09:45:23.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/25 09:45:23.0781 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/07/25 09:45:24.0093 BTHPORT (5393b93cacf7f0f91ebacd014fe2b4c9) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/07/25 09:45:24.0406 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/07/25 09:45:24.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/25 09:45:24.0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/25 09:45:25.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/25 09:45:25.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/25 09:45:25.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/25 09:45:26.0828 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/07/25 09:45:27.0046 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/07/25 09:45:27.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/25 09:45:28.0156 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/25 09:45:28.0671 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/25 09:45:28.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/25 09:45:29.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/25 09:45:29.0593 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/25 09:45:29.0828 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
2010/07/25 09:45:29.0921 F-Secure Filter (704cacd94794169efa2e43e913746591) C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys
2010/07/25 09:45:30.0000 F-Secure Gatekeeper (1658c72b6c96f3dcaa70d41bcf0b1b43) C:\Program\F-Secure\Anti-Virus\Win2K\FSgk.sys
2010/07/25 09:45:30.0078 F-Secure Recognizer (bb1daf5bcb2c6e4f22bb4be87e3f73aa) C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys
2010/07/25 09:45:30.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/25 09:45:30.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/25 09:45:30.0906 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/07/25 09:45:31.0156 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2010/07/25 09:45:31.0406 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/25 09:45:31.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/07/25 09:45:31.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/25 09:45:32.0281 FSpm (7f1c5075b89fcdd3cdc371f10ce15322) C:\Program\F-Secure\Common\FSPM.SYS
2010/07/25 09:45:32.0546 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/07/25 09:45:32.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/25 09:45:33.0109 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/25 09:45:33.0531 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/07/25 09:45:33.0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/25 09:45:34.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/25 09:45:34.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/25 09:45:34.0953 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/25 09:45:35.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/25 09:45:36.0218 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/25 09:45:36.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/25 09:45:38.0218 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/07/25 09:45:38.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/25 09:45:39.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/25 09:45:39.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/25 09:45:39.0656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/25 09:45:39.0906 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/25 09:45:40.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/25 09:45:40.0390 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/25 09:45:40.0625 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/25 09:45:40.0890 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/25 09:45:41.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/25 09:45:41.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/25 09:45:41.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/25 09:45:42.0203 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/25 09:45:42.0437 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/25 09:45:42.0703 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/25 09:45:42.0937 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/25 09:45:43.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/25 09:45:43.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/25 09:45:44.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/25 09:45:44.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/25 09:45:44.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/25 09:45:44.0734 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/25 09:45:44.0968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/25 09:45:45.0187 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/25 09:45:45.0453 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/25 09:45:45.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/25 09:45:46.0062 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/25 09:45:46.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/25 09:45:46.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/25 09:45:46.0812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/25 09:45:47.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/25 09:45:47.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/25 09:45:47.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/25 09:45:47.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/25 09:45:48.0312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/25 09:45:48.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/25 09:45:48.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/25 09:45:51.0000 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/25 09:45:53.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/25 09:45:53.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/25 09:45:53.0562 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/07/25 09:45:53.0828 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/07/25 09:45:54.0078 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/07/25 09:45:54.0359 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/25 09:45:54.0609 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/25 09:45:54.0859 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/25 09:45:55.0109 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/25 09:45:55.0765 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/25 09:45:57.0281 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/25 09:45:57.0531 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/25 09:45:57.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/25 09:45:58.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/25 09:45:58.0281 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/25 09:45:59.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/25 09:45:59.0843 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/25 09:46:00.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/25 09:46:00.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/25 09:46:00.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/25 09:46:00.0890 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/25 09:46:01.0171 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/25 09:46:01.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/25 09:46:01.0796 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/25 09:46:02.0078 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/07/25 09:46:02.0343 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2010/07/25 09:46:02.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/25 09:46:02.0859 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/25 09:46:03.0109 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/25 09:46:03.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/25 09:46:03.0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/25 09:46:04.0125 snpstd (7452187a8f1ac46ce4f21be616e8d5f3) C:\WINDOWS\system32\DRIVERS\snpstd.sys
2010/07/25 09:46:04.0656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/25 09:46:04.0906 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/25 09:46:05.0250 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/25 09:46:05.0531 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/25 09:46:05.0765 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/25 09:46:06.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/25 09:46:07.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/25 09:46:07.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/25 09:46:07.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/25 09:46:08.0031 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/25 09:46:08.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/25 09:46:08.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/25 09:46:09.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/25 09:46:09.0703 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/07/25 09:46:09.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/25 09:46:10.0234 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/25 09:46:10.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/25 09:46:10.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/25 09:46:11.0015 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/25 09:46:11.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/25 09:46:11.0500 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
2010/07/25 09:46:11.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/25 09:46:11.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/25 09:46:12.0218 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/07/25 09:46:12.0453 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/25 09:46:12.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/25 09:46:13.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/25 09:46:13.0437 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/07/25 09:46:13.0703 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/25 09:46:13.0953 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/25 09:46:14.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/25 09:46:14.0281 ================================================================================
2010/07/25 09:46:14.0281 Scan finished
2010/07/25 09:46:14.0281 ================================================================================
2010/07/25 09:46:58.0859 Deinitialize success
 
Really not sure on daemon.dll, it may have been infected, nowadays malware writers are infecting anything they can. Why don't you just redownload the program and install it.

How are things running now ?
 
I've the installed one on a other server so i will do that.

Things are alot better now thanks to you. But i still experince that the computer is kind of slow. Can i scan with any tool?

Br
 
Try running this cleaner again


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean



We just do malware removal in this forum, why dont you post here at out sister site , tell them you posted here and we cleaned a lot of infections off your system but that your computer is slow and they can go through start up programs and such that may be slowing things down.

http://forums.whatthetech.com/index.php?showforum=119





Open OTL and click on the cleanup feature and it will remove all the tools we used to clean your machine







Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
Hi Ken!

Before i start the removing phase i need your help how to scan USB sticks that my daughter has been using on the infected PC.

Also if you recommend which scanner to use to check my other machines för malware/virus

Br
 
We use this one


Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.



What I will do is close this thread and you can start a new topic for the other computer, be sure to post in the title that it is your second computer, if and when I see it I will pick it up , we have a fine staff so if I miss it someone else will get it. Start the topic by posting a DDS log
 
Status
Not open for further replies.
Back
Top