Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't get rid of www.landingsavetubevideo.com trojan in I.E.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't get rid of www.landingsavetubevideo.com trojan in I.E.

Unread postby j72 » November 17th, 2010, 3:59 am

It looks like I have managed to get rid of it in Mozilla Firefox, but it's still there in Internet Explorer and it is baffling, nothing comes up in Anti Virus search.

Weemi
Youtube Downloader
and something else called Cap something

have all been removed from Program Files and the Prefetch, Firefox has been re-installed and my PC has been re-booted.

I have been on Firefox for a few hours and it has been fine, but IE has the custom search and the http://landing.savetubevideo.com/?f=3 in the browser.

Here is my log from Hijack This

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:11 p.m., on 17/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Users\Jaz\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/20
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jaz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6571 bytes

Any help is greatly appreciated.
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am
Advertisement
Register to Remove

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 20th, 2010, 2:21 pm

Hello j72, :hello2:

My name is John, AKA Tequesta, and I will be assisting you with your malware issues.
Please be patient, as I need some time to review your Hijackthis log, and all of my responses are reviewed by a MRU Teacher. Once approved, I will post the recommendations for repairs.
  • Whatever repairs we make, are for your computer problems only, and by no means should they be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question, or do not understand my instructions, STOP, and reply back to me. I will try my best to help you!
  • Please bookmark or favorite this page, so you can return or use it as a reference easily.

While you wait please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


I need the

Uninstall Manager
  • Start HijackThis
  • Click on the Open the Misc Tools box
  • Click on the Open Uninstall Manager box
  • Click on the Save List box
  • Save to your desk top or some place you can find later.
  • Notepad will open with an uninstall list. Copy and paste it into your next post.
  • If notepad does not popup, navigate to were you saved the file and retrieve the list.

Please respond so I know you still need help, and please advise me if you have attempted any other fixes to your computer. Please provide details and logs.


Thank you,

John
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 22nd, 2010, 3:57 am

tequesta wrote:Hello j72, :hello2:

My name is John, AKA Tequesta, and I will be assisting you with your malware issues.
Please be patient, as I need some time to review your Hijackthis log, and all of my responses are reviewed by a MRU Teacher. Once approved, I will post the recommendations for repairs.
  • Whatever repairs we make, are for your computer problems only, and by no means should they be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question, or do not understand my instructions, STOP, and reply back to me. I will try my best to help you!
  • Please bookmark or favorite this page, so you can return or use it as a reference easily.

While you wait please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


I need the

Uninstall Manager
  • Start HijackThis
  • Click on the Open the Misc Tools box
  • Click on the Open Uninstall Manager box
  • Click on the Save List box
  • Save to your desk top or some place you can find later.
  • Notepad will open with an uninstall list. Copy and paste it into your next post.
  • If notepad does not popup, navigate to were you saved the file and retrieve the list.

Please respond so I know you still need help, and please advise me if you have attempted any other fixes to your computer. Please provide details and logs.


Thank you,

John


:D Thanks a lot John, here is the following you requested

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
All-in-One PDF Lite
Apple Application Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Final Uninstaller
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Codec Pack 5.1.0 (Basic)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.6.12)
MSVCRT
NetWaiting
OGA Notifier 2.0.0048.0
QuickTime
Ralink Wireless LAN Card
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.4.3
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SoulSeek 157 NS 13e
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xvid 1.2.1 final uninstall
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 22nd, 2010, 10:13 pm

Hello j72,

Please remember that any programs I have you download, or use you will need to right click on the icon and choose "run as administrator",


Fix HijackThis entries
  1. Run HijackThis right click and run as administrator
    • If you are on the Main Menu page... Click "Do a system scan only"
    • If you are on the "scan & fix stuff" page... Press the Scan...button.
  2. When the scan finishes...Place a check mark next to the following entries (if they are still present):
      *Only check those items listed below *
      O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
      O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
      R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3


    • After checking these items... CLOSE ALL open windows except HijackThis
    • Click the Fix Checked ...button...to remove the entries you checked.
    • Choose YES...when prompted to fix the selected items.
      Once it has fixed them, close HijackThis and reboot your computer normally.
    • Run HijackThis again...

    Now:

    GMER
    The downloaded file will have a random name... this prevents malware from detecting and blocking it.
    Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
    Note: Do not run any programs while Gmer is running.
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    1. Right click on the random named.exe and choose run as administrator to execute. If asked, allow the gmer.sys driver load.
    2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
    3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All <-- don't miss this one

      Image
      Click on image to enlarge

    4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
    5. Click the Scan button.
    6. Once the scan has finished... click Save. The Save... window will open.
    7. Save the scan results as gmerroot.log, save it to your Desktop.
    8. Double click on the desktop "gmerroot.log" file, to open in Notepad.
    9. Copy and paste the contents of the file gmerroot.log in your next reply.

    Next:

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware and save to your desktop.

    • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    and,

    RSIT (Random's System Information Tool)
    Please download RSIT by random/random... save it to your desktop.
    1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    2. Please read the disclaimer... click on Continue.
    3. RSIT will start running. When done... 2 logs files...will be produced.
      The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Please post the
Gmer log the
Mbam log and the
rsit logs.

Thank you,

John
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 22nd, 2010, 11:32 pm

tequesta wrote:Hello j72,

Please remember that any programs I have you download, or use you will need to right click on the icon and choose "run as administrator",


Fix HijackThis entries
  1. Run HijackThis right click and run as administrator
    • If you are on the Main Menu page... Click "Do a system scan only"
    • If you are on the "scan & fix stuff" page... Press the Scan...button.
  2. When the scan finishes...Place a check mark next to the following entries (if they are still present):
      *Only check those items listed below *
      O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
      O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
      R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3


    • After checking these items... CLOSE ALL open windows except HijackThis
    • Click the Fix Checked ...button...to remove the entries you checked.
    • Choose YES...when prompted to fix the selected items.
      Once it has fixed them, close HijackThis and reboot your computer normally.
    • Run HijackThis again...

    Now:

    GMER
    The downloaded file will have a random name... this prevents malware from detecting and blocking it.
    Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
    Note: Do not run any programs while Gmer is running.
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    1. Right click on the random named.exe and choose run as administrator to execute. If asked, allow the gmer.sys driver load.
    2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
    3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All <-- don't miss this one

      Image
      Click on image to enlarge

    4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
    5. Click the Scan button.
    6. Once the scan has finished... click Save. The Save... window will open.
    7. Save the scan results as gmerroot.log, save it to your Desktop.
    8. Double click on the desktop "gmerroot.log" file, to open in Notepad.
    9. Copy and paste the contents of the file gmerroot.log in your next reply.

    Next:

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware and save to your desktop.

    • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    and,

    RSIT (Random's System Information Tool)
    Please download RSIT by random/random... save it to your desktop.
    1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    2. Please read the disclaimer... click on Continue.
    3. RSIT will start running. When done... 2 logs files...will be produced.
      The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Please post the
Gmer log the
Mbam log and the
rsit logs.

Thank you,

John


Thanks John, your instructions are very clear and easy to use, I have encountered a problem though, the GMER program keeps saying it has an unexpected problem and needs to close, what should I do before I continue please John?
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 23rd, 2010, 7:50 am

Hello j72,

There is no need to quote my last post.

Please follow the instructions for Malwarebytes' Anti-Malware, and then run RKUnHooker instead of Gmer. If that scan fails also just post the logs you can:

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.

    Note: This is a rar file if you do not have a program to open it then download and install Peazip
  • After installing Peazip, right click on RkU3.8.388.590.rar, choose Peazip > extract files...
  • Once extracted right-click and run as administrator RKU3.8.388.590.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Please post the

Mbam log the
RKUnHooker log and the
rsit logs.

Thank you,

John
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 25th, 2010, 5:19 am

Hi John, I am in the middle of doing this but I am not sure how to check/tick the Drivers, Stealth, Files, Code Hooks.

Please explain.
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 25th, 2010, 1:36 pm

Hello j72,

I am in the middle of doing this but I am not sure how to check/tick the Drivers, Stealth, Files, Code Hooks.


Once you have Rootkit Unhooker installed and running along the top you will see 8 tabs. The last one is Report. Click on it. Along the bottom you will see the scan button, click it. A Select pages for Report will pop up, and that is where you will have seven choices.
Put check marks in the box next to Drivers, Stealth Code, Files, Code Hooks; the rest are unchecked. See illustration below.



I hope this helps.

Thanks,

John
You do not have the required permissions to view the files attached to this post.
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 25th, 2010, 10:20 pm

Mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5178

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

24/11/2010 1:02:51 p.m.
mbam-log-2010-11-24 (13-02-51).txt

Scan type: Quick scan
Objects scanned: 141065
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 61
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 25th, 2010, 10:23 pm

Runhooker log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F400000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7196672 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8223D000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8223D000 PnpManager 3903488 bytes
0x8223D000 RAW 3903488 bytes
0x8223D000 WMIxWDM 3903488 bytes
0x9020E000 C:\Windows\system32\drivers\RTKVHDA.sys 2228224 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x974F0000 Win32k 2109440 bytes
0x974F0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AE0E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AA72000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FC7A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8AC0A000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DC000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAAED6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8FE04000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA9A06000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8FADD000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AD1E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x906BE000 C:\Windows\system32\DRIVERS\netr73.sys 532480 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0x80601000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AA01000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80412000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA9B0D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAAE84000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8FC04000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80726000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90562000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049B000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FF0D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8FB95000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9060E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8ABA8000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAAE0B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AF1E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FD93000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8220A000 ACPI_HAL 208896 bytes
0x8220A000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807C2000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90530000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FEDE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x9042E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AB7D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FC50000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9AC6000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAAFCA000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAAE5C000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AF6E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9045B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8ADAB000 C:\Windows\system32\DRIVERS\Rtlh86.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x9066B000 C:\Windows\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8FF7B000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8AFA6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA9BC5000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x904B3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x907BA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807A4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA9B7A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8ACF4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9078A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA9B97000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FEC6000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAAE44000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90654000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FF59000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x905E7000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x905AA000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x90506000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x907A5000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA9BB0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FFC1000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9068E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA9BE6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8FFAD000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9051C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA9AFA000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x905CE000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x907D9000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8AF95000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FDC8000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80482000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805BC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x906AE000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA9AB6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8FFD6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8AD0F000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9077B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AF5F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80708000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FF9E000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FBD3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80717000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x97730000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x905C0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x904EF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80777000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90751000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FEB9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FD86000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8067D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAAFBE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x904A7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FB7E000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9075E000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8FFE6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8FFF1000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x904E4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FF70000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FF4E000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AFF0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FB8A000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x90771000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FD7C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9AF0000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9064A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x807F4000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAAFB4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8AFC7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90480000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x906A5000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x90748000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAAE00000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x904FD000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97710000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AE00000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D0000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8079C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80493000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90769000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x90740000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D9000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x904D4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x904DC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AF57000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAAFF2000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x90490000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x904A0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80770000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040B000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90489000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80785000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x905E1000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xAAED2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8FFFC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x906A3000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x63380000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 1196032 bytes
0x742E0000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 143360 bytes
0x62140000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 2375680 bytes
0x03FB0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x87DF13F8 ] PID: 3672, 28672 bytes
0x676D0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 380928 bytes
0x62390000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 4476928 bytes
0x01D60000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x87DF13F8 ] PID: 3672, 45056 bytes
0x627E0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 6197248 bytes
0x66450000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 659456 bytes
0x661B0000 Hidden Image-->System.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 671744 bytes
0x01C00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x87DF13F8 ] PID: 3672, 77824 bytes
0x660E0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x87D9A240 ] PID: 3964, 847872 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS09097.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B6PRTV1\WMP1d3a1940-0190-4d16-b7e8-c1e71d7f2659[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B6PRTV1\WMP23925a84-a589-4f10-a46b-86b45b9f72ba[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B6PRTV1\WMP7134406b-e7d2-4c6c-a5f4-3d980557c6b2[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B6PRTV1\WMP81c752e8-1df8-48db-870f-ad71accef566[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B6PRTV1\WMP9acf1e88-c145-43a0-999f-beb696db4785[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3BYBMUR\WMP3ae5eaf7-da60-4723-a9a2-c326b8e5e515[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7K1U28A\WMP55454abe-fd59-4456-aec2-7a39d46607e6[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7K1U28A\WMP8399e649-4c36-4050-9ff0-59a95caf3b70[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7K1U28A\WMPe7d1ad88-3b65-4ac4-9f36-8d688de51cc7[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X22Z5KRL\WMP6ecf5cd1-4aa9-4e86-8f7c-a53cea01774e[1]..jpg
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\009DCD19d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\00DFDEA0d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\011E3A04d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\075827B0d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\07BCCF1Ad01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\07FB4179d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0867A0A6d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0A1347F0d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0A9C2ECEd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0AE33F74d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0AEDE18Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0BF33799d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0E5DB72Fd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\0FA33A3Fd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\1104E7E3d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\113C0D7Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\11509959d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\1241A4A9d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\1AF7FC57d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\1B77C50Fd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\1CD0B85Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\2216E899d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\225C1EDCd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\22BCD06Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\24704A5Bd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\255073E9d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\25861DEAd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\28957D7Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\2C2369A1d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\2CB52C2Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\2F4F2C46d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\2FBD7FB8d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\3005390Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\32D1CAE0d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\339D8933d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\33D62D6Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\34B57748d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\351C9913d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\35677FECd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\358E8BC4d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\35CA11A9d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\372562CFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\376DFFE5d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\3A6D45F3d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\3B60C180d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\3E0C5A31d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\3E4CD25Ad01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\446B2FCBd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\46A6DB82d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\4A3FE68Fd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\4D0B803Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\5011A63Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\50A05694d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\50E8DC3Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\52E049A7d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\55B446DFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\5822C913d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\5D28F8D8d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\5DB19C8Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\62B7B132d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\62F24D6Bd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\63FC665Bd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\66367C90d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\66BD5A57d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\68B1D6ECd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\68C1B215d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\6AB75080d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\6B3E23A1d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\6D404265d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\6D63326Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\6F93C42Ad01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\70160B78d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\730C2802d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\737FD4E4d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\7D32E93Bd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\7EF38190d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\824967A5d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\83ACD584d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\8549737Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\858EE6AFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\8CA5EE3Ad01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\8CAF6503d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\8DB130FFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\90F197C9d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\912F6523d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\93462B64d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\97B12627d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\98F8B0E5d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\9B544D6Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\9C44EABFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\9CD7064Fd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\9E40616Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\A25A5705d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\A3233331d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\A45E56EFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\A4C65F33d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\A7D9412Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\ABFE6815d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\ADC26234d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\AE3532DDd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\AE9D9798d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\AF917AA8d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B0CBBDD1d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B226F984d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B30226C9d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B32C6025d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B4A36F27d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B6B4298Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B6F31BBCd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\B9EEB504d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\BA402108d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\BADCB735d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\BB13AF8Ed01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\C0826278d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\C8205AD4d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\C991672Ad01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\C9DF0CD4d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\D2E101F7d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\D6C92D20d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\D8113CB1d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\DD0CB24Bd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\DFD1FCDBd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\DFFDF66Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E2AF7B93d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E483A066d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E4CEF1C5d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E4E9AC2Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E5DC4D19d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E72AC18Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E87B109Cd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\E922BFCFd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\EA1D1554d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\EF5E8D4Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F00B26BCd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F17ADD94d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F19F4808d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F291BB41d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F2C68E70d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\F67B5CCEd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FA548703d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FA54B961d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FAD71F1Dd01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FBFB4697d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FC40D765d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FCA2A510d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FCC3EB82d01
!-->[Hidden] C:\Users\Jaz\AppData\Local\Mozilla\Firefox\Profiles\m5ze1iv0.default\Cache\FECEDEF5d01
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x822E57AA-->822E57B1 [ntkrnlpa.exe]
[3732]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7759A84F-->00000000 [unknown_code_page]
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 25th, 2010, 10:26 pm

info.txt logfile of random's system information tool 1.08 2010-11-24 13:13:48

======Uninstall list======

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
All-in-One PDF Lite-->"C:\Program Files\AllinOne PDF Lite\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IDel200fz.INF
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Final Uninstaller-->"C:\Program Files\FinalUninstaller\unins000.exe"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
K-Lite Codec Pack 5.1.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /X{095B1DCF-5E8B-47EC-9B18-481918A731DB}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Revo Uninstaller Pro 2.4.3-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Photo Gallery-->MsiExec.exe /X{EE39FFBD-544E-49E4-A999-6819828EAE91}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live Toolbar-->MsiExec.exe /X{1BD07DF4-FB06-41BA-B896-B2DA59000C96}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Jaz-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 278943
Source Name: Microsoft-Windows-WLAN-AutoCon
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 25th, 2010, 10:26 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jaz at 2010-11-25 21:53:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 249 GB (54%) free of 462 GB
Total RAM: 3316 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:56 p.m., on 25/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jaz\Downloads\RSIT(2).exe
C:\Program Files\trend micro\Jaz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/20
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jaz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6376 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911131111-2592637639-2695129085-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911131111-2592637639-2695129085-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{891027FC-3631-4807-B80D-D88730276F25}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-11-24 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-01-13 6609440]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-01-13 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-01-13 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-01-13 141848]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2010-11-24 274608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

C:\Users\Jaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-07-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-01-13 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-11-24 16:28:59 ----D---- C:\Program Files\Common Files\xing shared
2010-11-24 16:28:50 ----A---- C:\Windows\system32\rmoc3260.dll
2010-11-24 16:28:42 ----A---- C:\Windows\system32\pndx5032.dll
2010-11-24 16:28:42 ----A---- C:\Windows\system32\pndx5016.dll
2010-11-24 16:28:42 ----A---- C:\Windows\system32\pncrt.dll
2010-11-24 16:28:26 ----D---- C:\ProgramData\Real
2010-11-24 16:28:26 ----D---- C:\Program Files\Real
2010-11-24 16:28:25 ----D---- C:\Users\Jaz\AppData\Roaming\Real
2010-11-24 16:13:20 ----D---- C:\Program Files\Easy Radio Free Version
2010-11-24 16:13:20 ----A---- C:\Windows\system32\vbar332.dll
2010-11-24 16:01:55 ----A---- C:\Windows\system32\RSLSP.dll
2010-11-24 16:01:54 ----D---- C:\Program Files\Ratajik Software
2010-11-24 13:13:36 ----D---- C:\rsit
2010-11-24 12:47:22 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-24 12:47:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-24 12:38:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-17 18:43:58 ----D---- C:\ProgramData\Kaspersky Lab
2010-11-17 18:31:49 ----D---- C:\Users\Jaz\AppData\Roaming\QuickScan
2010-11-17 17:11:34 ----D---- C:\Program Files\Trend Micro
2010-11-17 16:08:19 ----D---- C:\Program Files\Spyware Doctor
2010-11-17 16:04:11 ----AD---- C:\ProgramData\TEMP
2010-11-17 13:18:04 ----D---- C:\Program Files\Mozilla Firefox
2010-11-17 05:19:38 ----D---- C:\Windows\Prefetch
2010-11-17 05:17:27 ----A---- C:\TDSSKiller.2.4.6.0_17.11.2010_05.17.27_log.txt
2010-11-17 04:56:47 ----A---- C:\TDSSKiller.2.4.6.0_17.11.2010_04.56.47_log.txt
2010-11-17 04:43:30 ----D---- C:\ProgramData\ReviverSoft
2010-11-17 01:14:45 ----A---- C:\Windows\ntbtlog.txt
2010-11-16 23:59:54 ----D---- C:\Users\Jaz\AppData\Roaming\Malwarebytes
2010-11-16 23:58:11 ----D---- C:\ProgramData\Malwarebytes
2010-11-16 22:03:13 ----D---- C:\ProgramData\SITEguard
2010-11-16 22:01:06 ----D---- C:\ProgramData\STOPzilla!
2010-11-16 22:01:06 ----D---- C:\Program Files\Common Files\iS3
2010-11-16 18:53:08 ----D---- C:\Users\Jaz\AppData\Roaming\CheeseSoft
2010-11-16 18:53:08 ----D---- C:\FU_Backup
2010-11-16 18:52:58 ----D---- C:\Program Files\FinalUninstaller
2010-11-16 17:12:44 ----A---- C:\Windows\system32\drivers\revoflt.sys
2010-11-16 17:12:43 ----D---- C:\Program Files\VS Revo Group
2010-11-16 12:26:39 ----D---- C:\Windows\Freecorder
2010-11-10 20:10:05 ----D---- C:\Users\Jaz\AppData\Roaming\All-in-One PDF Lite
2010-11-10 20:10:02 ----D---- C:\Program Files\AllinOne PDF Lite
2010-11-10 11:45:47 ----A---- C:\Windows\system32\srvsvc.dll
2010-11-10 11:45:47 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-11-10 11:45:47 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-11-10 11:45:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-11-10 11:45:46 ----A---- C:\Windows\system32\netevent.dll
2010-11-10 11:45:12 ----A---- C:\Windows\system32\schannel.dll
2010-11-10 11:45:06 ----A---- C:\Windows\system32\ole32.dll
2010-10-30 23:03:40 ----D---- C:\Program Files\Common Files\Java
2010-10-30 23:03:08 ----A---- C:\Windows\system32\javaws.exe
2010-10-30 23:03:08 ----A---- C:\Windows\system32\javaw.exe
2010-10-30 23:03:08 ----A---- C:\Windows\system32\java.exe
2010-10-23 12:11:57 ----A---- C:\Windows\system32\mfc40.dll
2010-10-23 12:11:56 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-23 12:11:41 ----A---- C:\Windows\system32\mshtml.dll
2010-10-23 12:11:40 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-23 12:11:40 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-23 12:11:40 ----A---- C:\Windows\system32\ieframe.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\wininet.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\urlmon.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\occache.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\mstime.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-23 12:11:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-23 12:11:39 ----A---- C:\Windows\system32\ieui.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iesetup.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iertutil.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iernonce.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iepeers.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-23 12:11:39 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-23 12:07:20 ----A---- C:\Windows\system32\wmp.dll
2010-10-23 12:07:17 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-23 12:06:12 ----A---- C:\Windows\system32\win32k.sys
2010-10-23 12:06:09 ----A---- C:\Windows\system32\comctl32.dll
2010-10-23 12:06:06 ----A---- C:\Windows\system32\t2embed.dll
2010-10-23 12:05:15 ----A---- C:\Windows\system32\msshsq.dll
2010-10-23 12:05:04 ----A---- C:\Windows\system32\wmpmde.dll
2010-09-30 11:45:26 ----A---- C:\Windows\system32\tzres.dll
2010-09-22 16:05:19 ----N---- C:\Windows\system32\MpSigStub.exe
2010-09-19 23:18:59 ----D---- C:\Users\Jaz\AppData\Roaming\Avira
2010-09-19 23:05:49 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-09-19 23:05:48 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-09-19 23:05:48 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-09-19 23:05:48 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-09-19 23:05:48 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-09-19 23:05:47 ----D---- C:\ProgramData\Avira
2010-09-19 23:05:47 ----D---- C:\Program Files\Avira
2010-09-15 17:41:30 ----A---- C:\Windows\system32\usp10.dll
2010-09-15 17:41:27 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-15 17:41:25 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-09-15 17:41:06 ----A---- C:\Windows\system32\inetcomm.dll
2010-08-30 12:21:08 ----D---- C:\Downloads

======List of files/folders modified in the last 3 months======

2010-11-25 21:53:41 ----D---- C:\Windows\Temp
2010-11-25 00:26:46 ----SHD---- C:\Windows\Installer
2010-11-25 00:25:25 ----A---- C:\Windows\system32\mrt.exe
2010-11-25 00:25:12 ----D---- C:\Windows\system32\catroot2
2010-11-25 00:25:10 ----SHD---- C:\System Volume Information
2010-11-24 19:54:00 ----D---- C:\ProgramData\Roxio
2010-11-24 16:30:20 ----D---- C:\Windows\System32
2010-11-24 16:29:24 ----D---- C:\Windows\system32\Tasks
2010-11-24 16:28:59 ----D---- C:\Program Files\Common Files
2010-11-24 16:28:31 ----A---- C:\Windows\system32\msvcr71.dll
2010-11-24 16:28:31 ----A---- C:\Windows\system32\msvcp71.dll
2010-11-24 16:28:26 ----HD---- C:\ProgramData
2010-11-24 16:28:26 ----D---- C:\Program Files
2010-11-24 13:59:21 ----D---- C:\ProgramData\Soulseek
2010-11-24 13:03:47 ----D---- C:\Windows\twain_32
2010-11-24 13:03:47 ----D---- C:\Windows\system32\drivers
2010-11-23 14:07:40 ----D---- C:\Windows\inf
2010-11-23 14:07:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-18 12:35:13 ----D---- C:\Windows
2010-11-17 17:11:34 ----SD---- C:\Users\Jaz\AppData\Roaming\Microsoft
2010-11-17 16:08:49 ----D---- C:\Windows\winsxs
2010-11-17 13:18:23 ----D---- C:\Users\Jaz\AppData\Roaming\Mozilla
2010-11-17 05:20:58 ----D---- C:\Windows\Tasks
2010-11-17 02:25:01 ----D---- C:\Program Files\Adobe
2010-11-17 01:11:26 ----D---- C:\Windows\system32\catroot
2010-11-17 00:49:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-17 00:23:02 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 18:53:34 ----D---- C:\ProgramData\Microsoft
2010-11-10 20:12:50 ----D---- C:\Windows\rescache
2010-11-10 20:04:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-10 15:49:52 ----D---- C:\Windows\system32\en-US
2010-10-30 23:03:05 ----D---- C:\Program Files\Java
2010-10-24 18:42:01 ----D---- C:\Windows\Microsoft.NET
2010-10-24 18:41:44 ----RSD---- C:\Windows\assembly
2010-10-23 17:48:45 ----D---- C:\Program Files\Windows Media Player
2010-10-23 17:48:44 ----D---- C:\Program Files\Internet Explorer
2010-10-23 17:48:43 ----D---- C:\Windows\system32\migration
2010-10-18 09:53:45 ----D---- C:\Windows\system32\LogFiles
2010-10-16 12:56:02 ----D---- C:\Program Files\Google
2010-09-22 15:36:28 ----D---- C:\ProgramData\McAfee
2010-09-22 15:35:23 ----D---- C:\Program Files\McAfee
2010-09-22 15:35:14 ----D---- C:\Program Files\Common Files\McAfee
2010-09-22 10:08:56 ----DC---- C:\Windows\system32\DRVSTORE
2010-09-15 19:21:49 ----D---- C:\Program Files\Windows Mail
2010-09-15 04:50:37 ----A---- C:\Windows\system32\deployJava1.dll
2010-09-04 20:35:22 ----D---- C:\ProgramData\Dell
2010-09-04 01:47:59 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-28 20:33:33 ----D---- C:\RALINK
2010-08-26 22:39:26 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-29 44944]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-11-10 126856]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-25 61960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-07-02 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-07-02 8704]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-07-02 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-07-02 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-01-13 2354176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-01-13 2232672]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-01-14 138240]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-07-02 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-12 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2009-01-14 327192]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-10 267944]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-06-03 201968]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-07-02 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-07-25 16680]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 26th, 2010, 2:02 pm

Hello j72,

I see that you ran TDSSKiller. Why did you run this program? Were you instructed to by another forum, or did you do it on your own?

Please do not run any programs, or make any changes to your system unless I instruct you to.

I would like to see the logs please;


Search for files/folders

Please do a search.

  • Click on Start > Search > For Files and Folders.

    C:\TDSSKiller.2.4.6.0_17.11.2010_05.17.27_log.txt
    C:\TDSSKiller.2.4.6.0_17.11.2010_04.56.47_log.txt


Please open each file by double clicking them one at a time. Copy and paste them into your reply.

Please post:

The answers to my questions and
the two TDSSKiller logs.

Thank you,

John
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby j72 » November 26th, 2010, 6:07 pm

Hi John,

I am not sure, I think I used it while searching for answers before I asked you about the problem after I found this forum, as requested....

2010/11/17 05:17:27.0744 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/17 05:17:27.0744 ================================================================================
2010/11/17 05:17:27.0744 SystemInfo:
2010/11/17 05:17:27.0744
2010/11/17 05:17:27.0744 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/17 05:17:27.0744 Product type: Workstation
2010/11/17 05:17:27.0744 ComputerName: JAZ-PC
2010/11/17 05:17:27.0745 UserName: Jaz
2010/11/17 05:17:27.0745 Windows directory: C:\Windows
2010/11/17 05:17:27.0745 System windows directory: C:\Windows
2010/11/17 05:17:27.0745 Processor architecture: Intel x86
2010/11/17 05:17:27.0745 Number of processors: 2
2010/11/17 05:17:27.0745 Page size: 0x1000
2010/11/17 05:17:27.0745 Boot type: Normal boot
2010/11/17 05:17:27.0745 ================================================================================
2010/11/17 05:17:27.0978 Initialize success
2010/11/17 05:17:33.0956 ================================================================================
2010/11/17 05:17:33.0956 Scan started
2010/11/17 05:17:33.0956 Mode: Manual;
2010/11/17 05:17:33.0956 ================================================================================
2010/11/17 05:17:35.0203 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/17 05:17:35.0278 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/17 05:17:35.0348 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/17 05:17:35.0388 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/17 05:17:35.0434 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/17 05:17:35.0519 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/17 05:17:35.0573 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/17 05:17:35.0649 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/17 05:17:35.0696 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/17 05:17:35.0724 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/17 05:17:35.0776 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/17 05:17:35.0818 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/17 05:17:35.0850 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/17 05:17:35.0947 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/17 05:17:35.0997 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/17 05:17:36.0050 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/17 05:17:36.0100 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/17 05:17:36.0146 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/17 05:17:36.0175 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/17 05:17:36.0209 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/17 05:17:36.0248 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/17 05:17:36.0290 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/17 05:17:36.0308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/17 05:17:36.0340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/17 05:17:36.0410 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/17 05:17:36.0440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/17 05:17:36.0478 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/17 05:17:36.0497 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/17 05:17:36.0546 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/17 05:17:36.0580 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/17 05:17:36.0638 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/17 05:17:36.0675 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/17 05:17:36.0730 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/17 05:17:36.0782 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/17 05:17:36.0809 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
2010/11/17 05:17:36.0835 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/17 05:17:36.0861 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/17 05:17:36.0930 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/17 05:17:37.0001 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/17 05:17:37.0108 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/17 05:17:37.0169 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/17 05:17:37.0226 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/17 05:17:37.0289 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/17 05:17:37.0359 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/17 05:17:37.0436 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/17 05:17:37.0485 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/11/17 05:17:37.0546 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/17 05:17:37.0578 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/17 05:17:37.0602 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/17 05:17:37.0641 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/17 05:17:37.0667 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/17 05:17:37.0698 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/17 05:17:37.0746 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/17 05:17:37.0802 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/17 05:17:37.0845 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/17 05:17:37.0958 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/17 05:17:37.0994 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/17 05:17:38.0020 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/17 05:17:38.0075 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/17 05:17:38.0129 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/17 05:17:38.0192 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/17 05:17:38.0234 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/11/17 05:17:38.0282 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/17 05:17:38.0335 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/17 05:17:38.0369 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/17 05:17:38.0441 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
2010/11/17 05:17:38.0486 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/17 05:17:38.0603 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/17 05:17:38.0658 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/17 05:17:38.0763 IntcAzAudAddService (daad0b351a544d3a76770f4bbd75260f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/17 05:17:38.0809 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/17 05:17:38.0832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/17 05:17:38.0866 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/17 05:17:38.0929 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/17 05:17:38.0961 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/17 05:17:38.0995 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/17 05:17:39.0027 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/17 05:17:39.0081 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/17 05:17:39.0111 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/17 05:17:39.0141 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/17 05:17:39.0162 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/17 05:17:39.0220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/17 05:17:39.0267 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/17 05:17:39.0334 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/17 05:17:39.0386 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/17 05:17:39.0415 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/17 05:17:39.0469 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/17 05:17:39.0503 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/17 05:17:39.0544 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/17 05:17:39.0569 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/17 05:17:39.0608 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/17 05:17:39.0637 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/17 05:17:39.0676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/17 05:17:39.0701 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/17 05:17:39.0718 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/17 05:17:39.0737 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/17 05:17:39.0788 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/17 05:17:39.0813 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/17 05:17:39.0854 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/17 05:17:39.0897 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/17 05:17:39.0938 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/17 05:17:39.0966 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/17 05:17:39.0987 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/17 05:17:40.0009 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/11/17 05:17:40.0044 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/17 05:17:40.0103 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/17 05:17:40.0132 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/17 05:17:40.0178 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/17 05:17:40.0223 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/17 05:17:40.0247 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/17 05:17:40.0308 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/17 05:17:40.0345 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/17 05:17:40.0380 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/17 05:17:40.0395 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/17 05:17:40.0469 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/17 05:17:40.0503 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/17 05:17:40.0535 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/17 05:17:40.0555 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/17 05:17:40.0589 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/17 05:17:40.0618 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/17 05:17:40.0642 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/17 05:17:40.0678 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/17 05:17:40.0743 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
2010/11/17 05:17:40.0794 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/17 05:17:40.0828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/17 05:17:40.0852 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/17 05:17:40.0912 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/17 05:17:40.0967 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/17 05:17:40.0999 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/17 05:17:41.0039 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/17 05:17:41.0070 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/17 05:17:41.0104 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/17 05:17:41.0205 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/17 05:17:41.0266 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/17 05:17:41.0311 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/17 05:17:41.0350 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/17 05:17:41.0419 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/17 05:17:41.0458 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/17 05:17:41.0501 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/17 05:17:41.0576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/17 05:17:41.0685 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/17 05:17:41.0716 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/17 05:17:41.0782 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/17 05:17:41.0807 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/17 05:17:41.0878 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/17 05:17:41.0937 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/17 05:17:41.0976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/17 05:17:42.0069 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/17 05:17:42.0187 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/17 05:17:42.0214 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/17 05:17:42.0262 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/17 05:17:42.0287 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/17 05:17:42.0346 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/17 05:17:42.0384 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/17 05:17:42.0434 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/17 05:17:42.0458 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/17 05:17:42.0498 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/17 05:17:42.0616 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2010/11/17 05:17:42.0663 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/17 05:17:42.0697 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/17 05:17:42.0736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/17 05:17:42.0815 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/17 05:17:42.0848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/17 05:17:42.0883 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/17 05:17:42.0907 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/17 05:17:42.0968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/17 05:17:42.0998 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/17 05:17:43.0024 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/17 05:17:43.0051 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/17 05:17:43.0096 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/17 05:17:43.0128 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/17 05:17:43.0198 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/17 05:17:43.0260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/17 05:17:43.0312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/17 05:17:43.0413 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/17 05:17:43.0492 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/17 05:17:43.0532 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/17 05:17:43.0592 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/17 05:17:43.0641 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/17 05:17:43.0673 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/17 05:17:43.0705 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/17 05:17:43.0736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/17 05:17:43.0816 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/17 05:17:43.0870 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/17 05:17:43.0908 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/17 05:17:43.0939 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/17 05:17:43.0973 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/17 05:17:44.0025 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/17 05:17:44.0088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/17 05:17:44.0161 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/17 05:17:44.0191 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/17 05:17:44.0227 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/17 05:17:44.0273 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/17 05:17:44.0362 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/17 05:17:44.0429 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/17 05:17:44.0473 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/17 05:17:44.0532 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/17 05:17:44.0574 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/17 05:17:44.0628 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/17 05:17:44.0735 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/17 05:17:44.0760 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/17 05:17:44.0804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/17 05:17:44.0862 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/17 05:17:44.0927 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/17 05:17:44.0963 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/17 05:17:44.0983 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/11/17 05:17:45.0026 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/17 05:17:45.0076 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/17 05:17:45.0116 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/17 05:17:45.0132 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/17 05:17:45.0159 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/17 05:17:45.0188 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/17 05:17:45.0223 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/17 05:17:45.0267 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/17 05:17:45.0316 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/17 05:17:45.0360 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/17 05:17:45.0402 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/17 05:17:45.0478 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/17 05:17:45.0527 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 05:17:45.0549 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 05:17:45.0591 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/17 05:17:45.0631 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/17 05:17:45.0729 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/17 05:17:45.0822 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/17 05:17:45.0886 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/17 05:17:45.0950 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/17 05:17:45.0978 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/17 05:17:46.0057 ================================================================================
2010/11/17 05:17:46.0057 Scan finished
2010/11/17 05:17:46.0057 ================================================================================
2010/11/17 05:17:53.0176 Deinitialize success

2010/11/17 04:56:47.0556 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/17 04:56:47.0556 ================================================================================
2010/11/17 04:56:47.0556 SystemInfo:
2010/11/17 04:56:47.0556
2010/11/17 04:56:47.0556 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/17 04:56:47.0556 Product type: Workstation
2010/11/17 04:56:47.0556 ComputerName: JAZ-PC
2010/11/17 04:56:47.0556 UserName: Jaz
2010/11/17 04:56:47.0556 Windows directory: C:\Windows
2010/11/17 04:56:47.0556 System windows directory: C:\Windows
2010/11/17 04:56:47.0556 Processor architecture: Intel x86
2010/11/17 04:56:47.0556 Number of processors: 2
2010/11/17 04:56:47.0556 Page size: 0x1000
2010/11/17 04:56:47.0556 Boot type: Normal boot
2010/11/17 04:56:47.0556 ================================================================================
2010/11/17 04:56:47.0846 Initialize success
2010/11/17 04:56:50.0792 ================================================================================
2010/11/17 04:56:50.0792 Scan started
2010/11/17 04:56:50.0792 Mode: Manual;
2010/11/17 04:56:50.0792 ================================================================================
2010/11/17 04:56:52.0463 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/17 04:56:52.0521 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/17 04:56:52.0550 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/17 04:56:52.0606 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/17 04:56:52.0644 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/17 04:56:52.0746 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/17 04:56:52.0800 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/17 04:56:52.0884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/17 04:56:52.0931 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/17 04:56:53.0001 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/17 04:56:53.0044 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/17 04:56:53.0087 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/17 04:56:53.0136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/17 04:56:53.0216 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/17 04:56:53.0257 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/17 04:56:53.0293 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/17 04:56:53.0343 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/17 04:56:53.0422 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/17 04:56:53.0444 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/17 04:56:53.0586 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/17 04:56:53.0634 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/17 04:56:53.0717 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/17 04:56:53.0739 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/17 04:56:53.0783 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/17 04:56:53.0854 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/17 04:56:53.0884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/17 04:56:53.0922 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/17 04:56:53.0983 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/17 04:56:54.0023 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/17 04:56:54.0188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/17 04:56:54.0248 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/17 04:56:54.0302 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/17 04:56:54.0373 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/17 04:56:54.0476 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/17 04:56:54.0511 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
2010/11/17 04:56:54.0530 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/17 04:56:54.0555 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/17 04:56:54.0615 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/17 04:56:54.0761 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/17 04:56:54.0852 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/17 04:56:54.0903 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/17 04:56:55.0003 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/17 04:56:55.0033 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/17 04:56:55.0102 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/17 04:56:55.0164 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/17 04:56:55.0228 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/11/17 04:56:55.0290 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/17 04:56:55.0430 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/17 04:56:55.0462 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/17 04:56:55.0493 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/17 04:56:55.0511 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/17 04:56:55.0542 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/17 04:56:55.0589 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/17 04:56:55.0704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/17 04:56:55.0747 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/17 04:56:55.0898 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/17 04:56:55.0946 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/17 04:56:55.0981 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/17 04:56:56.0061 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/17 04:56:56.0114 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/17 04:56:56.0168 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/17 04:56:56.0211 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/11/17 04:56:56.0261 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/17 04:56:56.0312 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/17 04:56:56.0337 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/17 04:56:56.0418 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
2010/11/17 04:56:56.0529 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/17 04:56:56.0655 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/17 04:56:56.0718 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/17 04:56:56.0974 IntcAzAudAddService (daad0b351a544d3a76770f4bbd75260f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/17 04:56:57.0069 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/17 04:56:57.0092 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/17 04:56:57.0201 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/17 04:56:57.0264 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/17 04:56:57.0313 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/17 04:56:57.0355 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/17 04:56:57.0396 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/17 04:56:57.0449 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/17 04:56:57.0487 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/17 04:56:57.0526 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/17 04:56:57.0555 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/17 04:56:57.0613 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/17 04:56:57.0702 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/17 04:56:57.0778 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/17 04:56:57.0830 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/17 04:56:57.0867 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/17 04:56:57.0921 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/17 04:56:57.0979 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/17 04:56:58.0112 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/17 04:56:58.0163 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/17 04:56:58.0259 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/17 04:56:58.0281 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/17 04:56:58.0319 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/17 04:56:58.0336 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/17 04:56:58.0353 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/17 04:56:58.0369 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/17 04:56:58.0415 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/17 04:56:58.0440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/17 04:56:58.0540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/17 04:56:58.0595 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/17 04:56:58.0673 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/17 04:56:58.0726 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/17 04:56:58.0801 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/17 04:56:58.0860 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/11/17 04:56:58.0913 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/17 04:56:59.0013 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/17 04:56:59.0100 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/17 04:56:59.0146 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/17 04:56:59.0191 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/17 04:56:59.0207 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/17 04:56:59.0252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/17 04:56:59.0271 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/17 04:56:59.0298 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/17 04:56:59.0314 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/17 04:56:59.0379 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/17 04:56:59.0414 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/17 04:56:59.0454 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/17 04:56:59.0506 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/17 04:56:59.0541 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/17 04:56:59.0570 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/17 04:56:59.0627 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/17 04:56:59.0755 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/17 04:57:00.0161 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
2010/11/17 04:57:00.0262 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/17 04:57:00.0344 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/17 04:57:00.0375 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/17 04:57:00.0454 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/17 04:57:00.0511 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/17 04:57:00.0551 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/17 04:57:00.0599 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/17 04:57:00.0646 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/17 04:57:00.0680 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/17 04:57:00.0740 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/17 04:57:00.0801 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/17 04:57:00.0846 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/17 04:57:00.0877 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/17 04:57:00.0945 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/17 04:57:00.0977 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/17 04:57:01.0011 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/17 04:57:01.0067 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/17 04:57:01.0162 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/17 04:57:01.0201 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/17 04:57:01.0283 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/17 04:57:01.0310 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/17 04:57:01.0404 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/17 04:57:01.0463 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/17 04:57:01.0511 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/17 04:57:01.0611 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/17 04:57:01.0688 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/17 04:57:01.0715 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/17 04:57:01.0748 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/17 04:57:01.0772 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/17 04:57:01.0814 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/17 04:57:01.0836 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/17 04:57:01.0885 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/17 04:57:01.0901 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/17 04:57:01.0941 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/17 04:57:02.0051 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2010/11/17 04:57:02.0090 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/17 04:57:02.0115 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/17 04:57:02.0162 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/17 04:57:02.0258 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/17 04:57:02.0291 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/17 04:57:02.0335 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/17 04:57:02.0392 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/17 04:57:02.0453 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/17 04:57:02.0508 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/17 04:57:02.0534 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/17 04:57:02.0569 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/17 04:57:02.0623 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/17 04:57:02.0663 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/17 04:57:02.0708 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/17 04:57:02.0804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/17 04:57:02.0855 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/17 04:57:02.0966 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/17 04:57:03.0044 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/17 04:57:03.0084 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/17 04:57:03.0144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/17 04:57:03.0226 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/17 04:57:03.0283 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/17 04:57:03.0315 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/17 04:57:03.0346 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/17 04:57:03.0424 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/17 04:57:03.0463 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/17 04:57:03.0510 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/17 04:57:03.0533 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/17 04:57:03.0575 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/17 04:57:03.0635 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/17 04:57:03.0715 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/17 04:57:03.0780 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/17 04:57:03.0808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/17 04:57:03.0862 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/17 04:57:03.0900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/17 04:57:03.0955 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/17 04:57:04.0006 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/17 04:57:04.0049 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/17 04:57:04.0092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/17 04:57:04.0134 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/17 04:57:04.0155 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/17 04:57:04.0278 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/17 04:57:04.0345 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/17 04:57:04.0389 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/17 04:57:04.0447 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/17 04:57:04.0511 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/17 04:57:04.0598 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/17 04:57:04.0644 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/11/17 04:57:04.0677 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/17 04:57:04.0736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/17 04:57:04.0817 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/17 04:57:04.0868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/17 04:57:04.0903 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/17 04:57:04.0923 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/17 04:57:04.0974 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/17 04:57:05.0019 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/17 04:57:05.0085 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/17 04:57:05.0145 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/17 04:57:05.0187 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/17 04:57:05.0421 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/17 04:57:05.0462 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 04:57:05.0484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 04:57:05.0542 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/17 04:57:05.0617 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/17 04:57:05.0731 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/17 04:57:05.0832 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/17 04:57:05.0888 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/17 04:57:05.0927 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/17 04:57:05.0954 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/17 04:57:06.0084 ================================================================================
2010/11/17 04:57:06.0084 Scan finished
2010/11/17 04:57:06.0084 ================================================================================
2010/11/17 04:57:35.0583 ================================================================================
2010/11/17 04:57:35.0583 Scan started
2010/11/17 04:57:35.0584 Mode: Manual;
2010/11/17 04:57:35.0584 ================================================================================
2010/11/17 04:57:36.0250 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/17 04:57:36.0301 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/17 04:57:36.0368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/17 04:57:36.0427 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/17 04:57:36.0482 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/17 04:57:36.0710 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/17 04:57:36.0745 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/17 04:57:36.0854 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/17 04:57:36.0910 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/17 04:57:36.0955 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/17 04:57:37.0048 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/17 04:57:37.0099 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/17 04:57:37.0156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/17 04:57:37.0220 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/17 04:57:37.0277 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/17 04:57:37.0322 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/17 04:57:37.0364 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/17 04:57:37.0468 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/17 04:57:37.0505 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/17 04:57:37.0573 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/17 04:57:37.0637 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/17 04:57:37.0738 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/17 04:57:37.0756 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/17 04:57:37.0796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/17 04:57:37.0841 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/17 04:57:37.0879 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/17 04:57:37.0926 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/17 04:57:37.0945 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/17 04:57:37.0977 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/17 04:57:37.0995 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/17 04:57:38.0052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/17 04:57:38.0089 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/17 04:57:38.0169 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/17 04:57:38.0213 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/17 04:57:38.0231 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
2010/11/17 04:57:38.0250 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/17 04:57:38.0300 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/17 04:57:38.0361 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/17 04:57:38.0407 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/17 04:57:38.0497 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/17 04:57:38.0576 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/17 04:57:38.0673 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/17 04:57:38.0778 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/17 04:57:38.0872 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/17 04:57:38.0925 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/17 04:57:38.0982 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/11/17 04:57:39.0060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/17 04:57:39.0092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/17 04:57:39.0116 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/17 04:57:39.0143 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/17 04:57:39.0190 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/17 04:57:39.0221 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/17 04:57:39.0252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/17 04:57:39.0299 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/17 04:57:39.0334 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/17 04:57:39.0414 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/17 04:57:39.0466 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/17 04:57:39.0518 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/17 04:57:39.0564 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/17 04:57:39.0609 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/17 04:57:39.0664 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/17 04:57:39.0698 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/11/17 04:57:39.0763 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/17 04:57:39.0808 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/17 04:57:39.0850 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/17 04:57:39.0938 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
2010/11/17 04:57:39.0976 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/17 04:57:40.0110 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/17 04:57:40.0164 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/17 04:57:40.0277 IntcAzAudAddService (daad0b351a544d3a76770f4bbd75260f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/17 04:57:40.0348 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/17 04:57:40.0396 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/17 04:57:40.0447 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/17 04:57:40.0576 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/17 04:57:40.0617 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/17 04:57:40.0650 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/17 04:57:40.0691 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/17 04:57:40.0778 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/17 04:57:40.0808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/17 04:57:40.0830 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/17 04:57:40.0842 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/17 04:57:40.0900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/17 04:57:40.0989 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/17 04:57:41.0048 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/17 04:57:41.0108 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/17 04:57:41.0154 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/17 04:57:41.0191 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/17 04:57:41.0233 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/17 04:57:41.0293 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/17 04:57:41.0342 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/17 04:57:41.0389 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/17 04:57:41.0415 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/17 04:57:41.0473 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/17 04:57:41.0491 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/17 04:57:41.0513 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/17 04:57:41.0559 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/17 04:57:41.0627 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/17 04:57:41.0677 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/17 04:57:41.0726 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/17 04:57:41.0753 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/17 04:57:41.0802 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/17 04:57:41.0852 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/17 04:57:41.0905 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/17 04:57:41.0931 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/11/17 04:57:41.0975 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/17 04:57:42.0042 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/17 04:57:42.0071 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/17 04:57:42.0108 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/17 04:57:42.0128 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/17 04:57:42.0169 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/17 04:57:42.0205 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/17 04:57:42.0226 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/17 04:57:42.0261 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/17 04:57:42.0275 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/17 04:57:42.0333 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/17 04:57:42.0376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/17 04:57:42.0433 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/17 04:57:42.0452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/17 04:57:42.0495 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/17 04:57:42.0516 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/17 04:57:42.0564 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/17 04:57:42.0667 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/17 04:57:42.0756 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
2010/11/17 04:57:42.0808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/17 04:57:42.0858 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/17 04:57:42.0881 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/17 04:57:42.0951 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/17 04:57:42.0990 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/17 04:57:43.0022 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/17 04:57:43.0053 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/17 04:57:43.0100 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/17 04:57:43.0151 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/17 04:57:43.0211 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/17 04:57:43.0263 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/17 04:57:43.0333 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/17 04:57:43.0381 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/17 04:57:43.0450 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/17 04:57:43.0472 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/17 04:57:43.0548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/17 04:57:43.0613 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/17 04:57:43.0724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/17 04:57:43.0755 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/17 04:57:43.0821 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/17 04:57:43.0846 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/17 04:57:43.0950 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/17 04:57:43.0992 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/17 04:57:44.0065 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/17 04:57:44.0149 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/17 04:57:44.0217 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/17 04:57:44.0261 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/17 04:57:44.0351 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/17 04:57:44.0368 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/17 04:57:44.0426 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/17 04:57:44.0490 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/17 04:57:44.0540 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/17 04:57:44.0556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/17 04:57:44.0595 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/17 04:57:44.0677 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2010/11/17 04:57:44.0744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/17 04:57:44.0769 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/17 04:57:44.0825 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/17 04:57:44.0879 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/17 04:57:44.0937 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/17 04:57:44.0980 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/17 04:57:45.0004 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/17 04:57:45.0057 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/17 04:57:45.0104 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/17 04:57:45.0155 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/17 04:57:45.0181 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/17 04:57:45.0235 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/17 04:57:45.0259 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/17 04:57:45.0303 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/17 04:57:45.0374 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/17 04:57:45.0443 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/17 04:57:45.0527 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/17 04:57:45.0598 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/17 04:57:45.0646 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/17 04:57:45.0697 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/17 04:57:45.0764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/17 04:57:45.0828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/17 04:57:45.0877 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/17 04:57:45.0925 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/17 04:57:46.0029 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/17 04:57:46.0104 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/17 04:57:46.0164 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/17 04:57:46.0212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/17 04:57:46.0254 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/17 04:57:46.0314 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/17 04:57:46.0369 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/17 04:57:46.0442 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/17 04:57:46.0488 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/17 04:57:46.0539 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/17 04:57:46.0595 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/17 04:57:46.0659 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/17 04:57:46.0710 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/17 04:57:46.0753 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/17 04:57:46.0805 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/17 04:57:46.0855 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/17 04:57:46.0892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/17 04:57:46.0999 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/17 04:57:47.0057 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/17 04:57:47.0118 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/17 04:57:47.0167 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/17 04:57:47.0248 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/17 04:57:47.0293 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/17 04:57:47.0339 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/11/17 04:57:47.0373 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/17 04:57:47.0432 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/17 04:57:47.0488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/17 04:57:47.0539 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/17 04:57:47.0590 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/17 04:57:47.0636 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/17 04:57:47.0678 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/17 04:57:47.0723 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/17 04:57:47.0797 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/17 04:57:47.0848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/17 04:57:47.0899 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/17 04:57:47.0959 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/17 04:57:48.0016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 04:57:48.0028 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 04:57:48.0079 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/17 04:57:48.0136 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/17 04:57:48.0217 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/17 04:57:48.0320 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/17 04:57:48.0400 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/17 04:57:48.0473 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/17 04:57:48.0542 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/17 04:57:48.0630 ================================================================================
2010/11/17 04:57:48.0630 Scan finished
2010/11/17 04:57:48.0630 ================================================================================
2010/11/17 04:57:58.0332 Deinitialize success
j72
Active Member
 
Posts: 13
Joined: November 17th, 2010, 12:06 am

Re: Can't get rid of www.landingsavetubevideo.com trojan in

Unread postby tequesta » November 27th, 2010, 2:46 pm

Hello j72,

Thank you for the logs. Please update me on how your computer is working.

next:
Upload File/Files for testing


Please go to jotti.org or Virustotal


Copy/paste this file and path into the white box at the top:
C:\Windows\system32\RSLSP.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Now:

ATF Cleaner
Please download ATF Cleaner ... by Atribune. Alternate download site: here.
It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, detecting the browsers you have.
  1. right-click and run as administrator ATF-Cleaner.exe to run the program.
  2. Under Select files to Delete check: Select All
    I Recommend UNCHECKING COOKIES if you rely on the system to remember your passwords.
  3. Click the Empty Selected button.
      If you use Firefox browser
    • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      If you use Opera browser
    • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
  4. Reply OK to the total bytes removed...box, then click Exit on the Main menu to close the program.

Now:

ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the scan.

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!


Please post:

The answer to my questions,
The uploaded file response, and
the Eset online scan.

Thanks,

John
tequesta
Regular Member
 
Posts: 893
Joined: October 25th, 2008, 12:29 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware