Possible infection
- Thread starter _Lee_
- Start date
ken545
Emeritus-Security Expert
Spybot just adds bad sites to block on the hosts file, but you would have had to do that yourself. I dont need to see your hosts file.
You should not have two antivirus programs running, this will slow down your system, your call but you need to uninstall one of them
Immunet Protect
Avast5
These also may be slowing down your system
AnVir.exe
Panda USB Vaccine
GMER would have not damaged your system, its just a scanner, it does not remove anything. You may have a rootkit infection but hard to tell since I cant see the report.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
The log that was produced after running ESET Online Scanner.
You should not have two antivirus programs running, this will slow down your system, your call but you need to uninstall one of them
Immunet Protect
Avast5
These also may be slowing down your system
AnVir.exe
Panda USB Vaccine
GMER would have not damaged your system, its just a scanner, it does not remove anything. You may have a rootkit infection but hard to tell since I cant see the report.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click on
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the button.
- Push
The log that was produced after running ESET Online Scanner.
Last edited:
The two programms aren't both antivirus programms- Immunet Protect is a additional type of program more like an antispyware, from all the articles I've read. it should not interfere with avast.
AnVir and Panda USB Vaccine have been running on this pc for nearly a year, so I'm sure enough none of those programs is causing this.
I know that gmer is a scanner, but I cannot think of anything else that might have caused this performance loss- I didn't install or run anything else new this week.
I'll have to be away for a few days, so I'll scan and post the eset log on monday, I hope it's not a problem.
AnVir and Panda USB Vaccine have been running on this pc for nearly a year, so I'm sure enough none of those programs is causing this.
I know that gmer is a scanner, but I cannot think of anything else that might have caused this performance loss- I didn't install or run anything else new this week.
I'll have to be away for a few days, so I'll scan and post the eset log on monday, I hope it's not a problem.
ken545
Emeritus-Security Expert
That will be fine, I will keep this thread open for you.
Another option is to do a System Restore to restore your computer prior to running GMER
http://support.microsoft.com/kb/306084
Another option is to do a System Restore to restore your computer prior to running GMER
http://support.microsoft.com/kb/306084
Well I did a scan with eset- It didn't find anything...
And System Restore was the first thing I tried when noticed this performance loss.
Also I had a look at the CPU usage percentage, it seems like about 5-70% CPU is missing somewhere from time to time.
It can be clearly seen in Anvir readings:
I had a look in the task manager too, to make sure this isn't a Anvir glitch, and I saw the same readings.
And System Restore was the first thing I tried when noticed this performance loss.
Also I had a look at the CPU usage percentage, it seems like about 5-70% CPU is missing somewhere from time to time.
It can be clearly seen in Anvir readings:
I had a look in the task manager too, to make sure this isn't a Anvir glitch, and I saw the same readings.
ken545
Emeritus-Security Expert
I am not seeing anything bad in the scans, try this one and see if it finds anything in the form of a rootkit
- Download TDSSKiller and save it to your Desktop.
- Extract the file and run it.
- Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
- Please post the content of the TDSSKiller log
2010/12/11 17:52:25.0625 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:25.0625 SystemInfo:
2010/12/11 17:52:25.0625
2010/12/11 17:52:25.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 17:52:25.0625 Product type: Workstation
2010/12/11 17:52:25.0625 ComputerName: IBM-NETVISTA
2010/12/11 17:52:25.0625 UserName: Administrator
2010/12/11 17:52:25.0625 Windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 System windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 Processor architecture: Intel x86
2010/12/11 17:52:25.0625 Number of processors: 1
2010/12/11 17:52:25.0625 Page size: 0x1000
2010/12/11 17:52:25.0625 Boot type: Normal boot
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:27.0515 Initialize success
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:37.0484 Scan started
2010/12/11 17:52:37.0484 Mode: Manual;
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:38.0703 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/11 17:52:39.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 17:52:40.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 17:52:40.0953 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/11 17:52:41.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 17:52:41.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 17:52:44.0578 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/11 17:52:45.0015 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/11 17:52:45.0562 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/11 17:52:46.0046 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/11 17:52:46.0562 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/11 17:52:46.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 17:52:47.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 17:52:47.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 17:52:48.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 17:52:48.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 17:52:49.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 17:52:49.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 17:52:50.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 17:52:50.0609 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 17:52:52.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 17:52:53.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 17:52:54.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 17:52:54.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 17:52:55.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 17:52:55.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 17:52:56.0171 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/11 17:52:56.0609 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/11 17:52:57.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 17:52:57.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/11 17:52:57.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 17:52:58.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/11 17:52:58.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 17:52:59.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 17:52:59.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 17:53:00.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 17:53:00.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 17:53:01.0421 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 17:53:02.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 17:53:03.0406 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/11 17:53:04.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 17:53:04.0625 ImmunetSelfProtectDriver (ab1fa3bf16c3ed39388ca8d77ad03774) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
2010/12/11 17:53:05.0546 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/11 17:53:06.0359 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/11 17:53:06.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 17:53:07.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 17:53:07.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 17:53:08.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 17:53:08.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 17:53:09.0187 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 17:53:09.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 17:53:09.0906 ISWKL (f2804916d52acb5e9141aa731fb01765) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/12/11 17:53:10.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 17:53:10.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/11 17:53:11.0093 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2010/12/11 17:53:11.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 17:53:12.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 17:53:13.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 17:53:13.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 17:53:14.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 17:53:14.0875 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/11 17:53:15.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 17:53:16.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 17:53:16.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 17:53:17.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 17:53:18.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 17:53:18.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 17:53:18.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 17:53:19.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 17:53:19.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 17:53:20.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 17:53:20.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 17:53:21.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 17:53:21.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 17:53:22.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 17:53:22.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 17:53:23.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 17:53:24.0218 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/11 17:53:24.0718 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/11 17:53:25.0125 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/12/11 17:53:25.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 17:53:26.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 17:53:27.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 17:53:27.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 17:53:27.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 17:53:28.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/11 17:53:28.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 17:53:28.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 17:53:29.0265 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/11 17:53:29.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 17:53:30.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/11 17:53:30.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 17:53:32.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 17:53:33.0093 Profos (1bfe86c679a43994e36e623fb6898cdb) c:\program files\immunet protect\tetra\profos.sys
2010/12/11 17:53:33.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 17:53:33.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 17:53:34.0203 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/11 17:53:36.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 17:53:36.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 17:53:36.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 17:53:37.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 17:53:37.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 17:53:38.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 17:53:38.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/11 17:53:39.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 17:53:39.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 17:53:40.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 17:53:40.0531 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/11 17:53:40.0875 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/11 17:53:41.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 17:53:42.0218 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/11 17:53:43.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 17:53:43.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 17:53:43.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 17:53:44.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 17:53:44.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 17:53:46.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 17:53:47.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 17:53:47.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 17:53:48.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 17:53:48.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 17:53:49.0156 Trufos (2d81f753af1093877572d8a0b680f924) c:\program files\immunet protect\tetra\trufos.sys
2010/12/11 17:53:49.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 17:53:50.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 17:53:50.0968 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/11 17:53:51.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/11 17:53:51.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 17:53:52.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 17:53:52.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/11 17:53:52.0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/11 17:53:53.0203 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/11 17:53:53.0578 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/11 17:53:53.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 17:53:54.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/11 17:53:54.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 17:53:55.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 17:53:55.0812 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2010/12/11 17:53:56.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 17:53:57.0281 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/11 17:53:58.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 17:53:58.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/11 17:53:59.0171 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 17:53:59.0546 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 17:54:00.0000 ================================================================================
2010/12/11 17:54:00.0000 Scan finished
2010/12/11 17:54:00.0000 ================================================================================
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:25.0625 SystemInfo:
2010/12/11 17:52:25.0625
2010/12/11 17:52:25.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 17:52:25.0625 Product type: Workstation
2010/12/11 17:52:25.0625 ComputerName: IBM-NETVISTA
2010/12/11 17:52:25.0625 UserName: Administrator
2010/12/11 17:52:25.0625 Windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 System windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 Processor architecture: Intel x86
2010/12/11 17:52:25.0625 Number of processors: 1
2010/12/11 17:52:25.0625 Page size: 0x1000
2010/12/11 17:52:25.0625 Boot type: Normal boot
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:27.0515 Initialize success
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:37.0484 Scan started
2010/12/11 17:52:37.0484 Mode: Manual;
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:38.0703 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/11 17:52:39.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 17:52:40.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 17:52:40.0953 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/11 17:52:41.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 17:52:41.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 17:52:44.0578 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/11 17:52:45.0015 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/11 17:52:45.0562 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/11 17:52:46.0046 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/11 17:52:46.0562 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/11 17:52:46.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 17:52:47.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 17:52:47.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 17:52:48.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 17:52:48.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 17:52:49.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 17:52:49.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 17:52:50.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 17:52:50.0609 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 17:52:52.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 17:52:53.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 17:52:54.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 17:52:54.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 17:52:55.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 17:52:55.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 17:52:56.0171 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/11 17:52:56.0609 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/11 17:52:57.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 17:52:57.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/11 17:52:57.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 17:52:58.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/11 17:52:58.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 17:52:59.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 17:52:59.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 17:53:00.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 17:53:00.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 17:53:01.0421 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 17:53:02.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 17:53:03.0406 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/11 17:53:04.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 17:53:04.0625 ImmunetSelfProtectDriver (ab1fa3bf16c3ed39388ca8d77ad03774) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
2010/12/11 17:53:05.0546 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/11 17:53:06.0359 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/11 17:53:06.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 17:53:07.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 17:53:07.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 17:53:08.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 17:53:08.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 17:53:09.0187 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 17:53:09.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 17:53:09.0906 ISWKL (f2804916d52acb5e9141aa731fb01765) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/12/11 17:53:10.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 17:53:10.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/11 17:53:11.0093 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2010/12/11 17:53:11.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 17:53:12.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 17:53:13.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 17:53:13.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 17:53:14.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 17:53:14.0875 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/11 17:53:15.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 17:53:16.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 17:53:16.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 17:53:17.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 17:53:18.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 17:53:18.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 17:53:18.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 17:53:19.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 17:53:19.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 17:53:20.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 17:53:20.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 17:53:21.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 17:53:21.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 17:53:22.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 17:53:22.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 17:53:23.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 17:53:24.0218 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/11 17:53:24.0718 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/11 17:53:25.0125 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/12/11 17:53:25.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 17:53:26.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 17:53:27.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 17:53:27.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 17:53:27.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 17:53:28.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/11 17:53:28.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 17:53:28.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 17:53:29.0265 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/11 17:53:29.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 17:53:30.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/11 17:53:30.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 17:53:32.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 17:53:33.0093 Profos (1bfe86c679a43994e36e623fb6898cdb) c:\program files\immunet protect\tetra\profos.sys
2010/12/11 17:53:33.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 17:53:33.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 17:53:34.0203 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/11 17:53:36.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 17:53:36.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 17:53:36.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 17:53:37.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 17:53:37.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 17:53:38.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 17:53:38.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/11 17:53:39.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 17:53:39.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 17:53:40.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 17:53:40.0531 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/11 17:53:40.0875 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/11 17:53:41.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 17:53:42.0218 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/11 17:53:43.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 17:53:43.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 17:53:43.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 17:53:44.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 17:53:44.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 17:53:46.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 17:53:47.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 17:53:47.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 17:53:48.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 17:53:48.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 17:53:49.0156 Trufos (2d81f753af1093877572d8a0b680f924) c:\program files\immunet protect\tetra\trufos.sys
2010/12/11 17:53:49.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 17:53:50.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 17:53:50.0968 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/11 17:53:51.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/11 17:53:51.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 17:53:52.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 17:53:52.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/11 17:53:52.0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/11 17:53:53.0203 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/11 17:53:53.0578 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/11 17:53:53.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 17:53:54.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/11 17:53:54.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 17:53:55.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 17:53:55.0812 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2010/12/11 17:53:56.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 17:53:57.0281 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/11 17:53:58.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 17:53:58.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/11 17:53:59.0171 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 17:53:59.0546 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 17:54:00.0000 ================================================================================
2010/12/11 17:54:00.0000 Scan finished
2010/12/11 17:54:00.0000 ================================================================================
ken545
Emeritus-Security Expert
Well, lets run one more program. You mentioned in your original post about TDSS and the last scan did not find it but I am concerned about Sality.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I tried to run combofix, but shut it down because several odd things occurred-
1) programms pev.exe, PEV.cfxxe, iexplore.exe crashed down several times (microsoft error report messages appeared)
2) this pc started beeping on combofix messages, i think it's called a bios signal or something like that
3) I was sure that I shout down avast and immunet, but combofix gave me warnings that they are both on...
tell me what to do- run combofix again and ignore everything or something else?
1) programms pev.exe, PEV.cfxxe, iexplore.exe crashed down several times (microsoft error report messages appeared)
2) this pc started beeping on combofix messages, i think it's called a bios signal or something like that
3) I was sure that I shout down avast and immunet, but combofix gave me warnings that they are both on...
tell me what to do- run combofix again and ignore everything or something else?
ken545
Emeritus-Security Expert
Sality and Virut are in the same family, they are unrepairable
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
But running that AVG program may show if its present. Go ahead and run it and post the log and if no sality than we will work to get CF running
Kaspersky may show if its present also, run both scanners
Please go to Kaspersky website and perform an online antivirus scan.
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
But running that AVG program may show if its present. Go ahead and run it and post the log and if no sality than we will work to get CF running
Kaspersky may show if its present also, run both scanners
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply .
Last edited:
AVG found nothing...
I tried to scan with kaspersky, after it failed to start I had a look in the homepage as was written in the warning message and found the following info:
"Kaspersky Online Scanner
The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience."
I tried to scan with kaspersky, after it failed to start I had a look in the homepage as was written in the warning message and found the following info:
"Kaspersky Online Scanner
The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience."
ken545
Emeritus-Security Expert
The link worked for me, are you using Internet Explorer ?
Here is another link
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1292161006881
Here is another link
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1292161006881
I'm using Firefox.
No, the link works- the program installs and seems to download the definitions, but the fails to start. Afterward gives a prompt to close the window and re-open the application from Kaspersky home page.
Have a look in the Kaspersky homepage:
http://www.kaspersky.com/virusscanner
No, the link works- the program installs and seems to download the definitions, but the fails to start. Afterward gives a prompt to close the window and re-open the application from Kaspersky home page.
Have a look in the Kaspersky homepage:
http://www.kaspersky.com/virusscanner
ken545
Emeritus-Security Expert
Lee,
We're between a rock and hard place. Trying to determine if your issues are hardware, windows or malware related. So far i am not seeing any malware except what you posted in your original post. Its kind of hard to determine whats going on when you cant run any of the scans I ask for.
Just as a precaution, run this program.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
Please restart your computer.
Then lets give Combofix another try
Use CTRL. ALT. DEL to get to task manager and end task on the following
findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe
If ComboFix is still 'hung', then kill process on CFxxx.cfexe as well and then retry running it again
We're between a rock and hard place. Trying to determine if your issues are hardware, windows or malware related. So far i am not seeing any malware except what you posted in your original post. Its kind of hard to determine whats going on when you cant run any of the scans I ask for.
Just as a precaution, run this program.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
- Double-click Flash_Disinfector.exe to run it.
- Follow any prompts that may appear.
- Wait until the program has finished scanning, then please exit the program.
Please restart your computer.
Then lets give Combofix another try
Use CTRL. ALT. DEL to get to task manager and end task on the following
findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe
If ComboFix is still 'hung', then kill process on CFxxx.cfexe as well and then retry running it again
well... I did as you wrote and still no successful results.
I managed to get combofix to run till installing microsoft recovery console (got it installed), afer that the program started to continue (prompt said scan for malware) and got stuck after displaying in the program window:
"T was unexpected at this time."
And I had the same problem with immunet- I am sure It was both disabled and shut down, I didn't even find a immunet process in the task manager, but combofix still alarmed that it is running.
I managed to get combofix to run till installing microsoft recovery console (got it installed), afer that the program started to continue (prompt said scan for malware) and got stuck after displaying in the program window:
"T was unexpected at this time."
And I had the same problem with immunet- I am sure It was both disabled and shut down, I didn't even find a immunet process in the task manager, but combofix still alarmed that it is running.
ken545
Emeritus-Security Expert
Try this Lee
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.
* Reconnect to the internet
* Post the following logs/Reports:
- Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
- Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
Go to-> Run -> copy/paste in the following single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
- Click OK and this will start ComboFix in a special way.
- When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.
* Reconnect to the internet
* Post the following logs/Reports:
- ComboFix.txt