Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected by popup?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected by popup?

Unread postby SpectreWolf » January 23rd, 2011, 10:31 am

Hey. Recently, there was a popup that appeared when i was browsing the web in IE. After doing some research, i found out that people have actually gotten malware from those sort of popups and now I am worried that i might be infected. Can someone take a look at my log? Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:48 PM, on 23/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Wuffie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 3497 bytes
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am
Advertisement
Register to Remove

Re: Infected by popup?

Unread postby askey127 » January 24th, 2011, 7:01 pm

Hi SpectreWolf,
Please do not install, remove or scan with anything unless I ask, until we are through cleaning.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text from the code box below and paste it into the Custom Scans/Fixes box. Do not copy the word "Code:"
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the HiJackThis Uninstall list, and the two logs from OTL.
Also tell me if you have been removing (checking) HiJackThis lines yourself.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 25th, 2011, 7:09 am

uninstall list

ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Audacity 1.2.6
avast! Free Antivirus
Borderlands
Brothers In Arms
CCleaner
Command & Conquer The First Decade
Compatibility Pack for the 2007 Office system
CPUID CPU-Z 1.56
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
CyberLink PowerCinema
CyberLink PowerCinema
D3DX10
Defraggler
DEVIL MAY CRY 4
DiRT2
DiRT2
EA Download Manager
EAX4 Unified Redist
Enhanced Multimedia Keyboard Solution
Far Cry 2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Killing Floor
LabelPrint
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.32.1
LOST PLANET 2
LOST PLANET 2
Lost Planet: Extreme Condition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
MSVCRT
Need for Speed™ Carbon
NVIDIA 3D Vision Driver 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA nTune
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Penumbra
Power2Go
Power2Go
PowerDirector
PowerDirector
PVSonyDll
Python 2.6.1
Rapture3D 2.3.22 Game
REACTOR
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Speccy
Steam
SUPERAntiSpyware
The Sims™ 3
Tom Clancy's Rainbow Six Vegas 2
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell Double Agent
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
WinRAR 4.00 beta 2 (32-bit)

While running the OTL scan as an administrator, my screen suddenly turned white and the computer stopped responding. Had to hold down the power button and restart the computer. After logging in, there were 2 desktop.ini files on my desktop. I changed the setting back in the control panel so that it would not show hidden files, folders and extensions. What happened?
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 25th, 2011, 7:50 am

SpectreWolf,
I am not sure yet what happened when you tried to run OTL.
We need to check for a rootkit.
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
WinPatrol is now disabled and will not start at bootup.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Also please tell me if you have previously checked and removed some HiJackThis lines on your own.
Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 26th, 2011, 8:07 am

I am sorry, I have been very busy with my coursework and other school work. I will post the logs ASAP when i find the time.
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 26th, 2011, 12:54 pm

If you can get back within 72 hours, Ok.
Otherwise, the thread will be archived.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 27th, 2011, 5:27 am

2011/02/27 17:19:15.0434 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/02/27 17:19:15.0434 ================================================================================
2011/02/27 17:19:15.0434 SystemInfo:
2011/02/27 17:19:15.0434
2011/02/27 17:19:15.0434 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/27 17:19:15.0434 Product type: Workstation
2011/02/27 17:19:15.0434 ComputerName: WUFFIE-PC
2011/02/27 17:19:15.0434 UserName: Wuffie
2011/02/27 17:19:15.0434 Windows directory: C:\Windows
2011/02/27 17:19:15.0434 System windows directory: C:\Windows
2011/02/27 17:19:15.0434 Processor architecture: Intel x86
2011/02/27 17:19:15.0434 Number of processors: 4
2011/02/27 17:19:15.0434 Page size: 0x1000
2011/02/27 17:19:15.0434 Boot type: Normal boot
2011/02/27 17:19:15.0434 ================================================================================
2011/02/27 17:19:15.0746 Initialize success
2011/02/27 17:21:05.0634 ================================================================================
2011/02/27 17:21:05.0634 Scan started
2011/02/27 17:21:05.0634 Mode: Manual;
2011/02/27 17:21:05.0634 ================================================================================
2011/02/27 17:21:06.0757 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/27 17:21:06.0820 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/27 17:21:06.0867 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/27 17:21:06.0898 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/27 17:21:06.0976 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/27 17:21:07.0023 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/27 17:21:07.0054 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/27 17:21:07.0101 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/27 17:21:07.0147 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/27 17:21:07.0163 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/27 17:21:07.0194 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/27 17:21:07.0210 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/27 17:21:07.0241 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/27 17:21:07.0288 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/27 17:21:07.0335 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/27 17:21:07.0397 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/27 17:21:07.0413 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/27 17:21:07.0444 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/02/27 17:21:07.0459 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/02/27 17:21:07.0475 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/02/27 17:21:07.0522 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 17:21:07.0553 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/27 17:21:07.0600 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/27 17:21:07.0647 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/27 17:21:07.0662 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 17:21:07.0709 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/27 17:21:07.0740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/27 17:21:07.0803 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/27 17:21:07.0834 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/27 17:21:07.0849 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/27 17:21:07.0881 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/27 17:21:07.0896 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/27 17:21:07.0990 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 17:21:08.0037 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 17:21:08.0068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 17:21:08.0099 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/27 17:21:08.0146 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/27 17:21:08.0208 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/02/27 17:21:08.0255 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/02/27 17:21:08.0286 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/27 17:21:08.0317 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/27 17:21:08.0395 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 17:21:08.0427 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/27 17:21:08.0505 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 17:21:08.0551 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 17:21:08.0598 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/27 17:21:08.0661 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/27 17:21:08.0707 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/27 17:21:08.0739 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/27 17:21:08.0801 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/27 17:21:08.0832 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 17:21:08.0863 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 17:21:08.0910 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 17:21:08.0926 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 17:21:08.0957 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 17:21:08.0988 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 17:21:09.0035 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 17:21:09.0066 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/27 17:21:09.0113 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 17:21:09.0144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/27 17:21:09.0160 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 17:21:09.0175 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 17:21:09.0238 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/27 17:21:09.0285 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 17:21:09.0300 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/27 17:21:09.0347 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 17:21:09.0378 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/27 17:21:09.0409 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/27 17:21:09.0503 IntcAzAudAddService (903e17b027cf4e6b19a948a84fdbf05d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/27 17:21:09.0534 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/27 17:21:09.0565 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 17:21:09.0597 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 17:21:09.0643 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/27 17:21:09.0659 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/27 17:21:09.0690 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 17:21:09.0706 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/27 17:21:09.0753 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 17:21:09.0784 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/27 17:21:09.0799 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/27 17:21:09.0831 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 17:21:09.0846 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 17:21:09.0893 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 17:21:09.0924 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 17:21:09.0971 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/27 17:21:09.0987 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/27 17:21:10.0033 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/27 17:21:10.0049 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/27 17:21:10.0065 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/27 17:21:10.0111 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/27 17:21:10.0189 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/27 17:21:10.0236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 17:21:10.0267 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 17:21:10.0283 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 17:21:10.0299 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 17:21:10.0330 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/27 17:21:10.0361 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 17:21:10.0392 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/27 17:21:10.0423 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 17:21:10.0455 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 17:21:10.0486 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 17:21:10.0486 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 17:21:10.0533 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/27 17:21:10.0548 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/27 17:21:10.0595 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 17:21:10.0611 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/27 17:21:10.0642 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 17:21:10.0704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 17:21:10.0735 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 17:21:10.0767 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 17:21:10.0798 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 17:21:10.0813 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 17:21:10.0845 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/27 17:21:10.0891 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 17:21:10.0954 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/27 17:21:10.0985 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 17:21:11.0001 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 17:21:11.0032 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 17:21:11.0047 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 17:21:11.0063 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 17:21:11.0079 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 17:21:11.0157 netr73 (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
2011/02/27 17:21:11.0188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/27 17:21:11.0235 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 17:21:11.0266 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 17:21:11.0313 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 17:21:11.0359 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/27 17:21:11.0391 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/27 17:21:11.0437 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/27 17:21:11.0609 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/27 17:21:11.0687 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/02/27 17:21:11.0718 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/27 17:21:11.0749 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
2011/02/27 17:21:11.0781 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/27 17:21:11.0796 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/27 17:21:11.0859 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 17:21:11.0905 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/27 17:21:11.0937 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 17:21:11.0968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/27 17:21:11.0999 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/27 17:21:12.0030 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/27 17:21:12.0061 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/27 17:21:12.0108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/27 17:21:12.0202 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 17:21:12.0233 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/27 17:21:12.0295 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/02/27 17:21:12.0342 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 17:21:12.0405 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/27 17:21:12.0436 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/27 17:21:12.0467 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 17:21:12.0483 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 17:21:12.0514 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 17:21:12.0545 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 17:21:12.0561 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 17:21:12.0576 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 17:21:12.0592 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 17:21:12.0639 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/27 17:21:12.0654 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 17:21:12.0717 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 17:21:12.0841 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 17:21:12.0888 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/27 17:21:12.0904 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/27 17:21:12.0951 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/27 17:21:12.0982 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 17:21:13.0013 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/27 17:21:13.0044 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/27 17:21:13.0044 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/27 17:21:13.0091 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/27 17:21:13.0107 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/27 17:21:13.0122 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/27 17:21:13.0153 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/27 17:21:13.0231 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/27 17:21:13.0294 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/27 17:21:13.0356 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/27 17:21:13.0403 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 17:21:13.0434 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/27 17:21:13.0465 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 17:21:13.0481 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 17:21:13.0497 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 17:21:13.0543 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 17:21:13.0590 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/27 17:21:13.0653 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/27 17:21:13.0668 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/27 17:21:13.0746 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 17:21:13.0777 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 17:21:13.0793 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 17:21:13.0824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 17:21:13.0855 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 17:21:13.0887 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 17:21:13.0918 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 17:21:13.0965 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 17:21:14.0011 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/27 17:21:14.0011 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 17:21:14.0058 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/27 17:21:14.0105 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 17:21:14.0152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/27 17:21:14.0167 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/27 17:21:14.0199 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/27 17:21:14.0230 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/27 17:21:14.0261 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 17:21:14.0308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 17:21:14.0355 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 17:21:14.0401 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 17:21:14.0417 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 17:21:14.0433 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 17:21:14.0448 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/27 17:21:14.0479 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 17:21:14.0511 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 17:21:14.0542 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 17:21:14.0573 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/27 17:21:14.0604 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/27 17:21:14.0620 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/27 17:21:14.0635 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/27 17:21:14.0667 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/27 17:21:14.0682 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 17:21:14.0713 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/27 17:21:14.0745 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/27 17:21:14.0776 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/27 17:21:14.0807 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 17:21:14.0807 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 17:21:14.0854 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/27 17:21:14.0869 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 17:21:14.0963 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 17:21:15.0025 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 17:21:15.0228 ================================================================================
2011/02/27 17:21:15.0228 Scan finished
2011/02/27 17:21:15.0228 ================================================================================
2011/02/27 17:21:21.0733 ================================================================================
2011/02/27 17:21:21.0733 Scan started
2011/02/27 17:21:21.0733 Mode: Manual;
2011/02/27 17:21:21.0733 ================================================================================
2011/02/27 17:21:22.0077 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/27 17:21:22.0139 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/27 17:21:22.0155 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/27 17:21:22.0186 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/27 17:21:22.0201 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/27 17:21:22.0264 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/27 17:21:22.0295 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/27 17:21:22.0342 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/27 17:21:22.0389 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/27 17:21:22.0404 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/27 17:21:22.0420 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/27 17:21:22.0451 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/27 17:21:22.0467 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/27 17:21:22.0482 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/27 17:21:22.0513 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/27 17:21:22.0560 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/27 17:21:22.0591 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/27 17:21:22.0607 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/02/27 17:21:22.0623 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/02/27 17:21:22.0638 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/02/27 17:21:22.0654 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 17:21:22.0701 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/27 17:21:22.0732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/27 17:21:22.0779 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/27 17:21:22.0794 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 17:21:22.0825 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/27 17:21:22.0857 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/27 17:21:22.0903 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/27 17:21:22.0919 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/27 17:21:22.0950 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/27 17:21:22.0966 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/27 17:21:22.0997 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/27 17:21:23.0075 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 17:21:23.0106 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 17:21:23.0137 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 17:21:23.0169 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/27 17:21:23.0200 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/27 17:21:23.0215 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/02/27 17:21:23.0278 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/02/27 17:21:23.0309 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/27 17:21:23.0340 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/27 17:21:23.0387 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 17:21:23.0418 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/27 17:21:23.0465 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 17:21:23.0512 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 17:21:23.0543 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/27 17:21:23.0605 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/27 17:21:23.0637 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/27 17:21:23.0699 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/27 17:21:23.0761 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/27 17:21:23.0793 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 17:21:23.0808 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 17:21:23.0839 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 17:21:23.0871 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 17:21:23.0886 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 17:21:23.0917 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 17:21:23.0949 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 17:21:23.0980 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/27 17:21:24.0027 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 17:21:24.0058 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/27 17:21:24.0073 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 17:21:24.0105 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 17:21:24.0151 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/27 17:21:24.0183 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 17:21:24.0214 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/27 17:21:24.0245 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 17:21:24.0276 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/27 17:21:24.0307 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/27 17:21:24.0385 IntcAzAudAddService (903e17b027cf4e6b19a948a84fdbf05d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/27 17:21:24.0417 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/27 17:21:24.0432 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 17:21:24.0463 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 17:21:24.0510 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/27 17:21:24.0526 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/27 17:21:24.0557 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 17:21:24.0573 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/27 17:21:24.0619 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 17:21:24.0651 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/27 17:21:24.0666 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/27 17:21:24.0697 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 17:21:24.0713 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 17:21:24.0744 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 17:21:24.0791 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 17:21:24.0822 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/27 17:21:24.0853 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/27 17:21:24.0885 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/27 17:21:24.0885 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/27 17:21:24.0916 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/27 17:21:24.0963 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/27 17:21:24.0994 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/27 17:21:25.0041 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 17:21:25.0056 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 17:21:25.0072 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 17:21:25.0103 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 17:21:25.0134 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/27 17:21:25.0165 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 17:21:25.0197 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/27 17:21:25.0228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 17:21:25.0243 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 17:21:25.0275 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 17:21:25.0290 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 17:21:25.0321 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/27 17:21:25.0353 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/27 17:21:25.0399 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 17:21:25.0415 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/27 17:21:25.0446 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 17:21:25.0493 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 17:21:25.0524 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 17:21:25.0555 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 17:21:25.0571 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 17:21:25.0587 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 17:21:25.0618 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/27 17:21:25.0649 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 17:21:25.0680 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/27 17:21:25.0711 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 17:21:25.0727 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 17:21:25.0758 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 17:21:25.0774 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 17:21:25.0805 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 17:21:25.0821 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 17:21:25.0883 netr73 (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
2011/02/27 17:21:25.0914 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/27 17:21:25.0930 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 17:21:25.0961 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 17:21:26.0023 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 17:21:26.0055 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/27 17:21:26.0086 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/27 17:21:26.0133 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/27 17:21:26.0304 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/27 17:21:26.0382 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/02/27 17:21:26.0413 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/27 17:21:26.0429 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
2011/02/27 17:21:26.0460 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/27 17:21:26.0476 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/27 17:21:26.0554 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 17:21:26.0585 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/27 17:21:26.0616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 17:21:26.0647 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/27 17:21:26.0679 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/27 17:21:26.0725 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/27 17:21:26.0741 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/27 17:21:26.0788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/27 17:21:26.0866 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 17:21:26.0881 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/27 17:21:26.0928 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/02/27 17:21:26.0959 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 17:21:27.0006 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/27 17:21:27.0037 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/27 17:21:27.0069 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 17:21:27.0084 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 17:21:27.0115 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 17:21:27.0147 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 17:21:27.0162 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 17:21:27.0178 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 17:21:27.0193 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 17:21:27.0240 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/27 17:21:27.0256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 17:21:27.0318 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 17:21:27.0427 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 17:21:27.0459 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/27 17:21:27.0474 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/27 17:21:27.0521 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/27 17:21:27.0552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 17:21:27.0583 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/27 17:21:27.0615 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/27 17:21:27.0630 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/27 17:21:27.0677 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/27 17:21:27.0693 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/27 17:21:27.0708 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/27 17:21:27.0739 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/27 17:21:27.0771 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/27 17:21:27.0786 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/27 17:21:27.0802 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/27 17:21:27.0849 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 17:21:27.0880 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/27 17:21:27.0911 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 17:21:27.0927 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 17:21:27.0942 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 17:21:27.0989 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 17:21:28.0020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/27 17:21:28.0036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/27 17:21:28.0051 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/27 17:21:28.0114 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 17:21:28.0145 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 17:21:28.0176 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 17:21:28.0207 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 17:21:28.0223 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 17:21:28.0254 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 17:21:28.0285 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 17:21:28.0348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 17:21:28.0363 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/27 17:21:28.0379 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 17:21:28.0410 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/27 17:21:28.0457 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 17:21:28.0504 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/27 17:21:28.0519 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/27 17:21:28.0551 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/27 17:21:28.0582 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/27 17:21:28.0613 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 17:21:28.0644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 17:21:28.0660 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 17:21:28.0707 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 17:21:28.0722 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 17:21:28.0738 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 17:21:28.0769 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/27 17:21:28.0785 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 17:21:28.0816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 17:21:28.0863 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 17:21:28.0878 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/27 17:21:28.0909 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/27 17:21:28.0941 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/27 17:21:28.0956 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/27 17:21:28.0987 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/27 17:21:29.0003 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 17:21:29.0019 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/27 17:21:29.0065 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/27 17:21:29.0097 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/27 17:21:29.0128 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 17:21:29.0128 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 17:21:29.0175 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/27 17:21:29.0206 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 17:21:29.0299 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 17:21:29.0393 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 17:21:29.0596 ================================================================================
2011/02/27 17:21:29.0596 Scan finished
2011/02/27 17:21:29.0596 ================================================================================
2011/02/27 17:21:46.0459 Deinitialize success

I think i might have accidentally ran the scan twice... Sorry. I should focus more on the task at hand instead of doing more than one thing at once. Very sorry...
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 27th, 2011, 7:28 am

SpectreWolf,
If you look directly in the main directory of the C: Drive, you will likely see more than one file with a name like this:
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt where dd=day, mm=month,yyyy=year,hh=hour,mm=minute,ss=second
If there are two files from running the program twice, please copy and paste the content of the EARLIER one.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 27th, 2011, 8:57 am

There is only one type of that document. Looking at the log i posted above, looks like both of the logs are in the same post?
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 27th, 2011, 9:22 am

SpectreWolf,
That looks OK.
Let's see if you can run this scanner. First another tool to help clear the way.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 28th, 2011, 6:36 am

rkill.log


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 28/01/2011 at 18:32:23.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on 28/01/2011 at 18:32:27.

info.txt


info.txt logfile of random's system information tool 1.08 2011-01-28 18:35:17

======Uninstall list======

-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Brothers In Arms-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CPUID CPU-Z 1.56-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
DiRT2-->"C:\Program Files\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe" -runfromtemp -l0x0009 -removeonly
DiRT2-->MsiExec.exe /I{434D0820-3AA6-493A-80B9-301000028501}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Enhanced Multimedia Keyboard Solution-->C:\Program Files\Hewlett-Packard\KBD\Install.exe /u
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1591139-8B44-411B-A81B-D35F83A0565A}\setup.exe" -l0x9 -removeonly
HP Demo-->MsiExec.exe /X{48BF4489-0C58-4E80-BB17-94A673CE310A}
HP Picasso Media Center Add-In-->MsiExec.exe /X{03BF5CB1-B72E-4CA6-A278-F65680F05420}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95A747E0-DF19-46CB-A622-20A0107201BD}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Killing Floor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1250
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LAME v3.98.3 for Audacity-->"C:\Program Files\Lame For Audacity\unins000.exe"
LightScribe System Software 1.14.32.1-->MsiExec.exe /X{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}
LOST PLANET 2-->MsiExec.exe /I{43430808-081A-4C0D-B7CC-601000018301}
LOST PLANET 2-->MsiExec.exe /X{737369DC-08E8-4787-A78C-F86943247BDF}
Lost Planet: Extreme Condition-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6510
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Need for Speed™ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
NVIDIA 3D Vision Driver 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA Graphics Driver 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Penumbra-->"C:\Program Files\Paradox Interactive\Penumbra Collection\unins000.exe"
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Rapture3D 2.3.22 Game-->"C:\Program Files\BRS\unins000.exe"
REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Speccy-->"C:\Program Files\Speccy\uninst.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Splinter Cell Conviction-->"C:\Program Files\InstallShield Installation Information\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Splinter Cell Double Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD1691A-FA24-4B95-9009-3257B8440ECC}\setup.exe" -l0x9 -removeonly
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
WinRAR 4.00 beta 2 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Python;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario

-----------------EOF-----------------

log.txt


Logfile of random's system information tool 1.08 (written by random/random)
Run by Wuffie at 2011-01-28 18:35:03
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 317 GB (68%) free of 466 GB
Total RAM: 3069 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:16 PM, on 28/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wuffie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Wuffie\Downloads\RSIT.exe
C:\Program Files\trend micro\Wuffie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Wuffie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 3672 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2404443068-1754856675-2843188119-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2404443068-1754856675-2843188119-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2010-11-17 1242448]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Google Update"=C:\Users\Wuffie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-27 17:19:15 ----A---- C:\TDSSKiller.2.4.15.0_27.02.2011_17.19.15_log.txt
2011-02-27 17:17:56 ----ASH---- C:\hiberfil.sys
2011-01-28 18:35:03 ----D---- C:\rsit
2011-01-27 18:20:28 ----D---- C:\Windows\PCHEALTH
2011-01-27 18:17:46 ----D---- C:\Program Files\Windows Live
2011-01-27 18:15:01 ----SHD---- C:\Config.Msi
2011-01-25 19:52:24 ----D---- C:\Program Files\Recuva
2011-01-23 01:19:51 ----A---- C:\Windows\ntbtlog.txt
2011-01-17 17:11:25 ----A---- C:\Windows\system32\odbc32.dll
2011-01-17 17:11:21 ----A---- C:\Windows\system32\sdclt.exe
2011-01-09 17:13:04 ----D---- C:\ProgramData\Codemasters
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_vml_p4.dll
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_vml_p3.dll
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_vml_def.dll
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_p4.dll
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_p3.dll
2011-01-09 17:02:02 ----A---- C:\Windows\system32\mkl_lapack64.dll
2011-01-09 17:02:01 ----A---- C:\Windows\system32\rapture3d_oal.dll
2011-01-09 17:02:01 ----A---- C:\Windows\system32\mkl_lapack32.dll
2011-01-09 17:02:01 ----A---- C:\Windows\system32\mkl_def.dll
2011-01-09 17:02:01 ----A---- C:\Windows\system32\libguide40.dll
2011-01-09 17:02:00 ----D---- C:\Program Files\BRS
2011-01-09 17:01:45 ----RA---- C:\Windows\system32\tmp8039.tmp
2011-01-09 17:01:11 ----RA---- C:\Windows\system32\tmp8029.tmp
2011-01-09 16:50:03 ----D---- C:\Program Files\Codemasters
2011-01-07 16:05:51 ----D---- C:\Windows\system32\xlive
2011-01-07 16:05:51 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-12-30 20:19:44 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-30 20:19:44 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-30 20:19:44 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-30 20:19:43 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-30 20:19:42 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-30 20:19:32 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-30 20:19:19 ----D---- C:\Program Files\COMODO
2010-12-29 22:34:50 ----D---- C:\Users\Wuffie\AppData\Roaming\PeerNetworking

======List of files/folders modified in the last 1 months======

2011-02-27 17:19:15 ----D---- C:\Windows\system32\drivers
2011-01-28 18:35:16 ----D---- C:\Windows\Prefetch
2011-01-28 18:35:16 ----D---- C:\Program Files\Trend Micro
2011-01-28 18:34:52 ----D---- C:\Windows\temp
2011-01-28 15:53:07 ----D---- C:\Windows\System32
2011-01-28 15:53:07 ----D---- C:\Windows\inf
2011-01-28 15:53:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-28 15:49:46 ----D---- C:\Program Files\Steam
2011-01-28 15:48:19 ----D---- C:\ProgramData\NVIDIA
2011-01-27 20:27:20 ----SHD---- C:\System Volume Information
2011-01-27 20:27:12 ----D---- C:\Windows\Logs
2011-01-27 18:25:07 ----SHD---- C:\Windows\Installer
2011-01-27 18:20:32 ----SD---- C:\ProgramData\Microsoft
2011-01-27 18:20:28 ----D---- C:\Windows
2011-01-27 18:20:28 ----D---- C:\Program Files\Common Files\microsoft shared
2011-01-27 18:17:46 ----D---- C:\Program Files
2011-01-23 18:27:36 ----D---- C:\Windows\Tasks
2011-01-23 18:27:36 ----D---- C:\Windows\system32\Tasks
2011-01-17 17:11:52 ----A---- C:\Windows\system32\mrt.exe
2011-01-17 17:11:48 ----D---- C:\Windows\winsxs
2011-01-17 17:11:16 ----D---- C:\Windows\system32\catroot2
2011-01-17 17:11:16 ----D---- C:\Windows\system32\catroot
2011-01-13 15:48:17 ----D---- C:\Program Files\Common Files\Steam
2011-01-09 17:13:04 ----D---- C:\ProgramData
2011-01-09 17:01:45 ----A---- C:\Windows\system32\wrap_oal.dll
2011-01-09 17:01:45 ----A---- C:\Windows\system32\OpenAL32.dll
2011-01-09 17:01:33 ----RSD---- C:\Windows\assembly
2011-01-09 16:50:03 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-07 16:09:01 ----D---- C:\Program Files\CAPCOM
2010-12-30 20:18:41 ----D---- C:\ProgramData\Comodo
2010-12-30 02:55:21 ----D---- C:\Program Files\SUPERAntiSpyware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-11 67656]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-11-19 2241568]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-02-27 493568]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-17 10084360]
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclock.sys [2007-09-04 29696]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-13 19072]
S3 catchme;catchme; \??\C:\Users\Wuffie\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-10-22 73728]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-01-12 407336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-10-22 4093392]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 28th, 2011, 9:13 am

SpectreWolf,
I see you have run a number of tools on your own.
The current situation is that I do not see any malware on your system.

However, please do review your router situation to be sure that the Router admin password was changed during the router installation.
If it was not, the default password can be executed remotely by an attacker, and the router settings changed to insert an additional server address.
This can allow intercept (and interference with) any or all Internet communication.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers should now be re-enabled.

You can remove TDSSKIller, Defogger and Rkill from your desktop.

You can run EITHER SuperAntiSpyware OR Windows Defender as your anti-spyware type application, and Avast as your antivirus type application.
Don't double up on either type of application - just one of each. Make sure your Windows Firewall is turned ON.

If you ever get one of those "Your Computer is Infected" popups, close the browser immediately. If the browser won't close, do a forced shutdown by holding the Start button for 5 seconds.

If any other questions, let me know.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 28th, 2011, 9:14 am

Okay. Thanks for your help. How do I uninstall the tools used earlier? Also, I do not manage the router. The password isn't the default password. How do you know there is a problem with my router?
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: Infected by popup?

Unread postby askey127 » January 28th, 2011, 9:22 am

SW,
I edited my post while you were replying.
Please reread the latter part about popups.
All those tools are stand-alone executables, and are not "installed". Just just right click the desktop icons and choose delete.

Good luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected by popup?

Unread postby SpectreWolf » January 28th, 2011, 9:29 am

Okay. I edited my post as well. What problems did you see with my router? Did you see a problem with my router through the log files? I don't manage it.
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware