BOO/TDss.M?

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

BOO/TDss.M?

Post by charles_bullard on Thu 28 Apr 2011, 2:00 pm

First topic message reminder :

First I want to say a quick Thank you for all that you guys do on here.

Earlier I was attempting to install world of warcraft. I kept getting blocks asking me to continue thought it was the installation. I allowed one of them to go through but I got to looking at the other when it came up and declined it after that I got the blue screen of death telling me that my computer had to be shut down due to a problem and to save my computer it was doing the blue screen. I really don't know much bout computers other than getting online and such this computer has given me problems before I took it to a repair place and he charged me $80 dollars and seems that it didn't fix everything. I have no idea what is going on and would like to completely wipe my computer but I tried using the disc that came with the computer but it wouldn't allow me to do anything. It being vista of course windows didn't have anything to do and help me with. I have decided if I can just clean up the computer I will be happy. I want it to get faster and not infected don't even know where I look to get all the info. I currently have Avira AntiVir Personal the free version. It pops up from time to time telling me I have a problem and asks me to remove or ignore. I press REMOVE.





I have been scanning today and this is what seems to be the virus.


Last edited by charles_bullard on Thu 28 Apr 2011, 3:47 pm; edited 2 times in total (Reason for editing : Changed title to Virus NAME!)

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down


Re: BOO/TDss.M?

Post by charles_bullard on Fri 29 Apr 2011, 9:24 pm

I have attempted to do the Error-Checking and when I click on it to do the fix. It won't do anything and freezes up won't let me close it or anything

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Fri 29 Apr 2011, 9:41 pm

Do you have a Windows Vista setup disk?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Fri 29 Apr 2011, 11:20 pm

I got the Error Checking to run finally and it took forever. I do have the disc I tried running it but it kept telling me that it couldnt find the compatable drives. I don't understand that cause I have both driver disc and vista disc and have tried using them both. But on to the next step from your previous post.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Sat 30 Apr 2011, 1:57 am

C:\Program Files\VideoScavenger_1eEI\Installr\1.bin\1eEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Users\charlie\AppData\Local\Temp\5748.tmp Win32/Olmarik.AMN trojan
C:\Users\charlie\AppData\Local\Temp\ecrwnsxmao.exe Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Users\charlie\AppData\Local\Temp\jar_cache676578667115791146.tmp Java/Exploit.CVE-2010-0842.I trojan
C:\Users\charlie\AppData\Local\Temp\worxcenmas.exe Win32/Cimag.DU trojan
C:\Windows\Temp\ecr3D88.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Windows\Temp\ecr3DD7.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\SPLPNlh.dll Win32/Cimag.DU trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\uvosuramujoyexa.dll a variant of Win32/Kryptik.NCK trojan

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 5:06 am

Hi Charles, just came back from my www-less weekend. Some (presumably good) news: new versions exist of aswMBR and GMER. Letīs hope either of them shows details of your infection. First some preparatory work, before we run scans.

====================

  • Please download TFC (Temp File Cleaner) by OldTimer from here and save it to your desktop.
  • Close all programs and save your work.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that need to be deleted this can take seconds or up to minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

In the following step we are going to disable any CD-emulation drivers you might be running (e.g. Daemon tools, Roxio). These drivers can be a source of problems (blue screens, false positives) for our anti-malware tools. We will not re-enable them until after we clean up your machine.

Download DeFogger by jpshortstuff from here and save it to your Desktop.

  • Doubleclick DeFogger.exe to run the tool (rightclick > Run as Administrator for Windows Vista)
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

If you receive an error message while running DeFogger, please post the defogger_disable log that will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
====================

OK, try disabling the security software you are running (antivirus, firewall). Please check out this to find out how to temporarily disable any security software.

====================

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, donīt take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Donīt panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 5:38 pm

GMER 1.0.15.15572 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-02 01:37:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.12.0
Running: yb65thpu.exe; Driver: C:\Users\charlie\AppData\Local\Temp\kxdiafob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 5:39 pm

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 5:45 pm

And sorry should have said all this first...


Welcome back from your www-less weekend. I hope it was a great one.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 6:00 pm

I had a great weekend and coming back to work hearing that the most vicious of malware in this world has been eliminated has made my day.

Anyway, it wasnīt easy, but our tools have verified that you are infected with TDSS. It took some effort, because we are dealing with a new variant that has eluded previous versions of our scanners.

We are going to rerun aswMBR, this time to remove the infection.

  • Double click aswMBR.exe to run the tool
  • Once the scan finishes click Fix to remove the infection
  • Copy and paste the contents of the log generated back here.


====================

Also, please rerun the GMER scan and post its log back here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 6:14 pm

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:03:02
-----------------------------
02:03:02.332 OS Version: Windows 6.0.6002 Service Pack 2
02:03:02.332 Number of processors: 4 586 0xF0B
02:03:02.332 ComputerName: CHARLIE-PC UserName: charlie
02:03:04.142 Initialize success
02:03:14.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:03:14.094 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:03:14.094 Disk 0 MBR read successfully
02:03:14.094 Disk 0 MBR scan
02:03:14.094 Disk 0 TDL4@MBR code has been found
02:03:14.110 Disk 0 MBR hidden
02:03:14.110 Disk 0 MBR [TDL4] **ROOTKIT**
02:03:14.110 Disk 0 trace - called modules:
02:03:14.110 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
02:03:14.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
02:03:14.110 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
02:03:14.126 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
02:03:14.126 Scan finished successfully
02:03:15.155 Disk 0 fixing MBR
02:03:25.170 Disk 0 MBR restored successfully
02:03:25.170 Infection fixed successfully - please reboot ASAP
02:03:31.925 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:03:31.941 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:09:19
-----------------------------
02:09:19.576 OS Version: Windows 6.0.6002 Service Pack 2
02:09:19.576 Number of processors: 4 586 0xF0B
02:09:19.576 ComputerName: CHARLIE-PC UserName: charlie
02:09:20.777 Initialize success
02:09:21.838 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:09:21.838 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:09:21.838 Disk 0 MBR read successfully
02:09:21.838 Disk 0 MBR scan
02:09:21.838 Disk 0 TDL4@MBR code has been found
02:09:21.838 Disk 0 MBR hidden
02:09:21.854 Disk 0 MBR [TDL4] **ROOTKIT**
02:09:21.854 Disk 0 trace - called modules:
02:09:21.854 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f05730]<<
02:09:21.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86185ac8]
02:09:21.854 3 CLASSPNP.SYS[8a5aa8b3] -> nt!IofCallDriver -> [0x8727c8a0]
02:09:21.854 \Driver\iaStor[0x86ee7240] -> IRP_MJ_CREATE -> 0x86f05730
02:09:21.869 Scan finished successfully
02:09:27.095 Disk 0 fixing MBR
02:09:37.110 Disk 0 MBR restored successfully
02:09:37.110 Infection fixed successfully - please reboot ASAP
02:09:44.770 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:09:44.786 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 6:24 pm

ugh, aswMBR has failed to remove it. Have you rebooted immediately after fixing?

The safe way to clean your MBR is with the Vista boot disk. But if that disk does not recognize your harddisks as you have said earlier, we have a problem.

If you could verify that. Startup with Vista setup disk > Repair your computer > System Recovery Options > Command Prompt and run the bootrec /FixMbr command.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 6:57 pm

The disk doesn't give me repair computer options. It just says install or check compatability online. Which I can't even do online.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 7:14 pm

Argll

OK - I have browsed Kaspersky Forum and it appears there is a new version of TDSSKiller that is not yet officially available. I have uploaded it here.

Download that file from MegaUpload, unzip and run.

After that run aswMBR to verify if we got rid of this nasty buggar

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 7:22 pm

I am going to go ahead and post the log here.
This is from the TDSSKiller2.5.0.0



2011/05/02 03:21:04.0907 5876 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:05.0672 5876 SystemInfo:
2011/05/02 03:21:05.0672 5876
2011/05/02 03:21:05.0672 5876 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/02 03:21:05.0672 5876 Product type: Workstation
2011/05/02 03:21:05.0672 5876 ComputerName: CHARLIE-PC
2011/05/02 03:21:05.0672 5876 UserName: charlie
2011/05/02 03:21:05.0672 5876 Windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 System windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 Processor architecture: Intel x86
2011/05/02 03:21:05.0672 5876 Number of processors: 4
2011/05/02 03:21:05.0672 5876 Page size: 0x1000
2011/05/02 03:21:05.0672 5876 Boot type: Normal boot
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:06.0031 5876 Initialize success
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:14.0002 4260 Scan started
2011/05/02 03:21:14.0002 4260 Mode: Manual;
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:15.0406 4260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/02 03:21:15.0500 4260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/02 03:21:15.0609 4260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/02 03:21:15.0687 4260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/02 03:21:15.0749 4260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/02 03:21:15.0890 4260 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/02 03:21:15.0999 4260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/02 03:21:16.0108 4260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/02 03:21:16.0202 4260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/02 03:21:16.0373 4260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/02 03:21:16.0467 4260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/02 03:21:16.0576 4260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/02 03:21:16.0639 4260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/02 03:21:16.0779 4260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/02 03:21:16.0873 4260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/02 03:21:17.0153 4260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 03:21:17.0231 4260 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/02 03:21:17.0419 4260 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:17.0528 4260 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/02 03:21:17.0637 4260 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/02 03:21:17.0699 4260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/02 03:21:17.0793 4260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/02 03:21:17.0902 4260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 03:21:17.0980 4260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/02 03:21:18.0074 4260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/02 03:21:18.0370 4260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/02 03:21:18.0729 4260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/02 03:21:18.0823 4260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/02 03:21:18.0885 4260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/02 03:21:18.0963 4260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/02 03:21:19.0072 4260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 03:21:19.0213 4260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 03:21:19.0447 4260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/02 03:21:19.0509 4260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/02 03:21:19.0634 4260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/02 03:21:19.0712 4260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/02 03:21:19.0821 4260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/02 03:21:19.0915 4260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/02 03:21:20.0008 4260 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 03:21:20.0180 4260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/02 03:21:20.0305 4260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 03:21:20.0461 4260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 03:21:20.0570 4260 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/02 03:21:20.0679 4260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/02 03:21:20.0851 4260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/02 03:21:20.0960 4260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/02 03:21:21.0069 4260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/02 03:21:21.0178 4260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/02 03:21:21.0272 4260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 03:21:21.0428 4260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 03:21:22.0286 4260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 03:21:22.0395 4260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 03:21:22.0489 4260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 03:21:22.0582 4260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 03:21:22.0660 4260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 03:21:23.0003 4260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/02 03:21:23.0097 4260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 03:21:23.0175 4260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/02 03:21:23.0284 4260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/02 03:21:23.0425 4260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 03:21:23.0503 4260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/02 03:21:23.0596 4260 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/02 03:21:23.0690 4260 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/05/02 03:21:23.0783 4260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 03:21:23.0846 4260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/02 03:21:23.0955 4260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 03:21:24.0064 4260 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/05/02 03:21:24.0142 4260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/02 03:21:24.0236 4260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/02 03:21:24.0329 4260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/02 03:21:24.0454 4260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 03:21:24.0517 4260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 03:21:24.0657 4260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/02 03:21:24.0735 4260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/02 03:21:24.0829 4260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 03:21:24.0907 4260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/02 03:21:24.0985 4260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 03:21:25.0063 4260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/02 03:21:25.0156 4260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/02 03:21:25.0219 4260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 03:21:25.0546 4260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 03:21:25.0718 4260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 03:21:25.0811 4260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 03:21:25.0874 4260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/02 03:21:25.0905 4260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/02 03:21:25.0952 4260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/02 03:21:25.0983 4260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/02 03:21:26.0014 4260 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/02 03:21:26.0045 4260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/02 03:21:26.0077 4260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/02 03:21:26.0108 4260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/02 03:21:26.0139 4260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 03:21:26.0155 4260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 03:21:26.0170 4260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 03:21:26.0233 4260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 03:21:26.0264 4260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/02 03:21:26.0311 4260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 03:21:26.0342 4260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/02 03:21:26.0389 4260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 03:21:26.0404 4260 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 03:21:26.0435 4260 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 03:21:26.0451 4260 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 03:21:26.0498 4260 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/02 03:21:26.0513 4260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/02 03:21:26.0560 4260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 03:21:26.0576 4260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/02 03:21:26.0607 4260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 03:21:26.0623 4260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 03:21:26.0654 4260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 03:21:26.0701 4260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 03:21:26.0716 4260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 03:21:26.0747 4260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 03:21:26.0763 4260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/02 03:21:26.0794 4260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 03:21:26.0841 4260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/02 03:21:26.0857 4260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 03:21:26.0888 4260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 03:21:26.0935 4260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 03:21:26.0950 4260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 03:21:26.0981 4260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 03:21:27.0013 4260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 03:21:27.0059 4260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/02 03:21:27.0075 4260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 03:21:27.0122 4260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 03:21:27.0184 4260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 03:21:27.0231 4260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/02 03:21:27.0247 4260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/02 03:21:27.0278 4260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 03:21:27.0325 4260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 03:21:27.0340 4260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/02 03:21:27.0403 4260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 03:21:27.0434 4260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/02 03:21:27.0465 4260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 03:21:27.0496 4260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/02 03:21:27.0527 4260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/02 03:21:27.0559 4260 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/02 03:21:27.0574 4260 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/02 03:21:27.0621 4260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/02 03:21:27.0715 4260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 03:21:27.0730 4260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/02 03:21:27.0777 4260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 03:21:27.0808 4260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/02 03:21:27.0855 4260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/02 03:21:27.0886 4260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/02 03:21:27.0933 4260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 03:21:28.0027 4260 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:28.0058 4260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 03:21:28.0073 4260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 03:21:28.0120 4260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 03:21:28.0136 4260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 03:21:28.0167 4260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 03:21:28.0214 4260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 03:21:28.0245 4260 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 03:21:28.0261 4260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 03:21:28.0292 4260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 03:21:28.0323 4260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 03:21:28.0354 4260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/02 03:21:28.0401 4260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 03:21:28.0448 4260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/02 03:21:28.0463 4260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/02 03:21:28.0495 4260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/02 03:21:28.0526 4260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/02 03:21:28.0541 4260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/02 03:21:28.0557 4260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/02 03:21:28.0588 4260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/02 03:21:28.0635 4260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/02 03:21:28.0666 4260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/02 03:21:28.0697 4260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/02 03:21:28.0760 4260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 03:21:28.0791 4260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/02 03:21:28.0853 4260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 03:21:28.0885 4260 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 03:21:28.0931 4260 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 03:21:28.0994 4260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/02 03:21:29.0056 4260 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/05/02 03:21:29.0134 4260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 03:21:29.0197 4260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/02 03:21:29.0321 4260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/02 03:21:29.0368 4260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/02 03:21:29.0446 4260 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 03:21:29.0493 4260 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 03:21:29.0509 4260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 03:21:29.0540 4260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 03:21:29.0571 4260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 03:21:29.0633 4260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 03:21:29.0680 4260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 03:21:29.0774 4260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 03:21:29.0852 4260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/02 03:21:29.0930 4260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 03:21:29.0977 4260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/02 03:21:30.0023 4260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 03:21:30.0055 4260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/02 03:21:30.0086 4260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/02 03:21:30.0117 4260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/02 03:21:30.0133 4260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/02 03:21:30.0164 4260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 03:21:30.0195 4260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 03:21:30.0211 4260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/02 03:21:30.0257 4260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 03:21:30.0289 4260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 03:21:30.0320 4260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/02 03:21:30.0351 4260 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/02 03:21:30.0382 4260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/02 03:21:30.0382 4260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 03:21:30.0429 4260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 03:21:30.0445 4260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/02 03:21:30.0476 4260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/02 03:21:30.0507 4260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/02 03:21:30.0569 4260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/02 03:21:30.0585 4260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/02 03:21:30.0632 4260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 03:21:30.0694 4260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/02 03:21:30.0741 4260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/02 03:21:30.0772 4260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/02 03:21:30.0803 4260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0819 4260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0850 4260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/02 03:21:30.0881 4260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 03:21:30.0959 4260 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/02 03:21:31.0037 4260 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/02 03:21:31.0069 4260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/02 03:21:31.0115 4260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 03:21:31.0147 4260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 03:21:31.0162 4260 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/02 03:21:31.0225 4260 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0225 4260 Scan finished
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0240 4820 Detected object count: 1
2011/05/02 03:21:35.0967 4820 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/02 03:21:35.0967 4820 \HardDisk0 - ok
2011/05/02 03:21:35.0967 4820 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 7:36 pm

I have tried rebooting my computer after running the TDDSkiller and now every time it comes up to a blue screen and wont boot. I think I really screwed up. After running the scan I clicked cure I think and thats where I messed up. Anything I can do now or will I just have to suck it up and take it to the shop.. I am racking my brains here. Please tell me I didn't really mess this thing up.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 8:26 pm

You didnīt mess things up - weīre dealing with a very new and tough infection and not being able to access your HD with a Vista setup disk means we have limited possibilities of killing this infection. If anyone failed here, it is me telling you to run new utilities.

Anyway: if you cannot boot up from this computer - do you have access to another computer? If so, weīre going to burn a boot CD that is hopefully going to allow us to enter your computer and see if we can fix it.

  • Download OTLPEStd.exe by OldTimer from here (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you donīt know how to boot from CD, check out this page
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply


Leave your computer in REATOGO-X-PE. Donīt switch it off.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 8:28 pm

I have access to my wifes computer



She has windows XP though so don't know if it will help.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 8:32 pm

Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 8:35 pm

charles_bullard wrote:I have access to my wifes computer

She has windows XP though so don't know if it will help.
That is perfect. Any computer able to burn a CD will do.

charles_bullard wrote:Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use
I think it is possible to create an USB rescue stick to run OTLPE, but a boot CD is much easier.

An blank CD-R 700 disk is fine.
See if you can burn that CD and restart the problem computer from that disk.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 9:16 pm

It keeps telling me that no windows installation is found in that OTLPE. I even tried to get it to browse inside the disc and says that target didn't produce anything windows 2000 or newer.


I can't get to the screen that shows on the website you listed to boot with cd. I don't understand I pressed F12 and I can't find where it talks bout the key or anything when I boot it gives me 4 options I am so lost. Going to keep trying to find the BIOS screen at boot up

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 9:23 pm

You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wifeīs computer with the boot disk, just to check if the boot disk was created correctly?

What kind of brand/model is the problem computer?


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 9:30 pm

Gabethebabe wrote:You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wifeīs computer with the boot disk, just to check if the boot disk was created correctly?
Yes I did. I will try to restart my wifes computer with the disk in and make sure it was created correctly.



Gabethebabe wrote:
What kind of brand/model is the problem computer?


My computer is a Dell XPS 420 with Windows Vista. The disks says Windows XP professional.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 9:37 pm

I have restarted wifes computer with the disk inside. However it does nothing but straight to my regular stuff.

Have I really messed things up that bad.. LOL

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on Mon 02 May 2011, 9:42 pm

Wait a minute - have you tried to start up your Dell XPS 420 from a Windows XP setup disk?

Because then I understand that it fails - Windows XP setup disks generally cannot find SATA disk drives.

If your wifeīs computer boots Windows normally, it is because it is not told to startup from CD.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on Mon 02 May 2011, 9:51 pm

No I have been using the right disk. My wife's computer didn't come with a disk. Dell has that problem from what I heard bout XP. I also used the disk you had me make, on my wifes computer and told it to start up with the disc it worked. The only problem is that I can't get the file to work on my COMPUTER. The Vista one. The disk was made right just can't get the file to work with the computer thats all. I don't know what is going on.

charles_bullard

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2011-04-28
Operating System : VISTA 32 BIT HOME

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Sponsored content Today at 11:07 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum