TechSpot

Urgent problem - otl scan & fix issue

By Beauregard
May 8, 2011
  1. Hi Everyone!

    Yesterday, my PC was infected with the latest version of Rootkit.Win32.TDSS.tdl4. I got rid of it with the latest version of TDSSKiller.

    Then I did an OTL scan and fix and my computer got stuck.

    See the reports right here:



    TDSKILLER REPORT



    2011/05/08 01:06:35.0353 6084 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/08 01:06:37.0358 6084 ================================================================================
    2011/05/08 01:06:37.0358 6084 SystemInfo:
    2011/05/08 01:06:37.0358 6084
    2011/05/08 01:06:37.0359 6084 OS Version: 6.0.6002 ServicePack: 2.0
    2011/05/08 01:06:37.0359 6084 Product type: Workstation
    2011/05/08 01:06:37.0359 6084 ComputerName: EMMANUEL-PC
    2011/05/08 01:06:37.0376 6084 UserName: Emmanuel
    2011/05/08 01:06:37.0376 6084 Windows directory: C:\Windows
    2011/05/08 01:06:37.0376 6084 System windows directory: C:\Windows
    2011/05/08 01:06:37.0376 6084 Processor architecture: Intel x86
    2011/05/08 01:06:37.0376 6084 Number of processors: 2
    2011/05/08 01:06:37.0376 6084 Page size: 0x1000
    2011/05/08 01:06:37.0376 6084 Boot type: Normal boot
    2011/05/08 01:06:37.0376 6084 ================================================================================
    2011/05/08 01:06:38.0650 6084 Initialize success
    2011/05/08 01:06:47.0277 5936 ================================================================================
    2011/05/08 01:06:47.0277 5936 Scan started
    2011/05/08 01:06:47.0277 5936 Mode: Manual;
    2011/05/08 01:06:47.0277 5936 ================================================================================
    2011/05/08 01:06:48.0165 5936 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
    2011/05/08 01:06:48.0264 5936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/05/08 01:06:48.0515 5936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/05/08 01:06:48.0701 5936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/05/08 01:06:48.0794 5936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/05/08 01:06:48.0879 5936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/05/08 01:06:49.0161 5936 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/05/08 01:06:49.0258 5936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/05/08 01:06:49.0366 5936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/05/08 01:06:49.0584 5936 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
    2011/05/08 01:06:49.0671 5936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/05/08 01:06:49.0764 5936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/05/08 01:06:49.0841 5936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/05/08 01:06:49.0970 5936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/05/08 01:06:50.0062 5936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/05/08 01:06:50.0148 5936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/05/08 01:06:50.0614 5936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/05/08 01:06:50.0769 5936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/05/08 01:06:51.0139 5936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/08 01:06:51.0207 5936 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    2011/05/08 01:06:51.0572 5936 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys
    2011/05/08 01:06:52.0272 5936 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/05/08 01:06:52.0863 5936 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
    2011/05/08 01:06:53.0278 5936 AVCSTRM (a25f0f39ac579fe899a7c8d67ecb157c) C:\Windows\system32\DRIVERS\avcstrm.sys
    2011/05/08 01:06:53.0677 5936 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys
    2011/05/08 01:06:53.0910 5936 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys
    2011/05/08 01:06:54.0194 5936 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
    2011/05/08 01:06:54.0387 5936 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
    2011/05/08 01:06:54.0905 5936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/05/08 01:06:55.0253 5936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/05/08 01:06:55.0340 5936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/08 01:06:55.0548 5936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/05/08 01:06:56.0202 5936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/05/08 01:06:56.0654 5936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/05/08 01:06:56.0968 5936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/05/08 01:06:57.0169 5936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/05/08 01:06:57.0256 5936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/05/08 01:06:57.0480 5936 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/05/08 01:06:57.0799 5936 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/08 01:06:58.0295 5936 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/05/08 01:06:58.0912 5936 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/05/08 01:06:59.0263 5936 BTHprint (d72baf07a11de1dd32855bb897518d53) C:\Windows\system32\DRIVERS\bthprint.sys
    2011/05/08 01:06:59.0352 5936 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/05/08 01:06:59.0565 5936 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
    2011/05/08 01:06:59.0635 5936 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
    2011/05/08 01:06:59.0721 5936 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
    2011/05/08 01:06:59.0833 5936 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/05/08 01:06:59.0986 5936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/08 01:07:00.0083 5936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/08 01:07:00.0163 5936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/05/08 01:07:00.0369 5936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/05/08 01:07:00.0517 5936 CMB8100 (6b0f39e11eec9fa75a2f3e74344470e0) C:\Windows\system32\Drivers\CertClient.dat
    2011/05/08 01:07:00.0640 5936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/08 01:07:00.0778 5936 CMBProtector (01bd490e00f607c0c82b2b7f7da64e25) C:\Windows\system32\Drivers\CMBProtector.dat
    2011/05/08 01:07:00.0861 5936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/05/08 01:07:00.0951 5936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/08 01:07:01.0031 5936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/05/08 01:07:01.0164 5936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/05/08 01:07:01.0305 5936 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2011/05/08 01:07:01.0494 5936 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/08 01:07:01.0621 5936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/05/08 01:07:01.0839 5936 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys
    2011/05/08 01:07:01.0935 5936 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys
    2011/05/08 01:07:02.0016 5936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    2011/05/08 01:07:02.0154 5936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/05/08 01:07:02.0287 5936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/05/08 01:07:02.0378 5936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/05/08 01:07:02.0471 5936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/08 01:07:02.0597 5936 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/08 01:07:02.0753 5936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/05/08 01:07:02.0854 5936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/05/08 01:07:03.0060 5936 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/05/08 01:07:03.0209 5936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/05/08 01:07:03.0333 5936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/05/08 01:07:03.0481 5936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/05/08 01:07:03.0587 5936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/05/08 01:07:03.0739 5936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/08 01:07:03.0825 5936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/08 01:07:03.0901 5936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/05/08 01:07:04.0076 5936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/08 01:07:04.0195 5936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/08 01:07:04.0296 5936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/08 01:07:04.0353 5936 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/08 01:07:04.0430 5936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/05/08 01:07:04.0560 5936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/08 01:07:04.0700 5936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/08 01:07:04.0835 5936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/08 01:07:04.0963 5936 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/08 01:07:05.0089 5936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/05/08 01:07:05.0215 5936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/08 01:07:05.0304 5936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/05/08 01:07:05.0438 5936 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys
    2011/05/08 01:07:05.0581 5936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/05/08 01:07:05.0717 5936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/05/08 01:07:05.0843 5936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/05/08 01:07:05.0957 5936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/05/08 01:07:06.0111 5936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/05/08 01:07:06.0182 5936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/08 01:07:06.0294 5936 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/05/08 01:07:06.0377 5936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/05/08 01:07:06.0609 5936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/05/08 01:07:06.0814 5936 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/08 01:07:07.0042 5936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/05/08 01:07:07.0188 5936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/08 01:07:07.0260 5936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/08 01:07:07.0424 5936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/05/08 01:07:07.0506 5936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/05/08 01:07:07.0702 5936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/05/08 01:07:07.0795 5936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/05/08 01:07:07.0936 5936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/08 01:07:08.0007 5936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/05/08 01:07:08.0081 5936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/05/08 01:07:08.0222 5936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/08 01:07:08.0297 5936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/08 01:07:08.0461 5936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/08 01:07:08.0853 5936 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/05/08 01:07:08.0980 5936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/08 01:07:09.0085 5936 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/05/08 01:07:09.0209 5936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/05/08 01:07:09.0307 5936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/05/08 01:07:09.0402 5936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/05/08 01:07:09.0529 5936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/05/08 01:07:09.0650 5936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/05/08 01:07:09.0731 5936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/05/08 01:07:09.0839 5936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/05/08 01:07:10.0028 5936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/05/08 01:07:10.0132 5936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/08 01:07:10.0194 5936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/08 01:07:10.0275 5936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/08 01:07:10.0418 5936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/08 01:07:10.0515 5936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/05/08 01:07:10.0620 5936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/08 01:07:10.0714 5936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/05/08 01:07:10.0834 5936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/08 01:07:10.0970 5936 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/08 01:07:11.0072 5936 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/08 01:07:11.0123 5936 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/08 01:07:11.0190 5936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/05/08 01:07:11.0265 5936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/05/08 01:07:11.0409 5936 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
    2011/05/08 01:07:11.0504 5936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/05/08 01:07:11.0583 5936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/08 01:07:11.0693 5936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/08 01:07:11.0774 5936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/08 01:07:11.0849 5936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/08 01:07:11.0962 5936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/08 01:07:12.0062 5936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/08 01:07:12.0157 5936 MSTAPE (92b0e43b54ebff026451df3dd142129d) C:\Windows\system32\DRIVERS\mstape.sys
    2011/05/08 01:07:12.0262 5936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/08 01:07:12.0377 5936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/05/08 01:07:12.0516 5936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/08 01:07:12.0633 5936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/05/08 01:07:12.0782 5936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/08 01:07:12.0871 5936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/08 01:07:12.0981 5936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/08 01:07:13.0058 5936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/08 01:07:13.0152 5936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/08 01:07:13.0267 5936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/08 01:07:13.0535 5936 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2011/05/08 01:07:13.0749 5936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/05/08 01:07:13.0969 5936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/05/08 01:07:14.0118 5936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/08 01:07:14.0264 5936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/08 01:07:14.0406 5936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/05/08 01:07:14.0564 5936 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/05/08 01:07:14.0658 5936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/05/08 01:07:14.0733 5936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/05/08 01:07:14.0819 5936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/05/08 01:07:14.0913 5936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/05/08 01:07:15.0151 5936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/08 01:07:15.0430 5936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/05/08 01:07:15.0855 5936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/05/08 01:07:16.0299 5936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/05/08 01:07:17.0008 5936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/05/08 01:07:17.0448 5936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/05/08 01:07:17.0738 5936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/05/08 01:07:18.0626 5936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/05/08 01:07:19.0037 5936 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys
    2011/05/08 01:07:19.0382 5936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/08 01:07:19.0929 5936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/05/08 01:07:20.0335 5936 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
    2011/05/08 01:07:20.0567 5936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/08 01:07:20.0666 5936 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/08 01:07:20.0782 5936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/05/08 01:07:20.0935 5936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/05/08 01:07:21.0055 5936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/08 01:07:21.0142 5936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/08 01:07:21.0240 5936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/08 01:07:21.0356 5936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/08 01:07:21.0465 5936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/08 01:07:21.0624 5936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/08 01:07:21.0726 5936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/08 01:07:21.0837 5936 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2011/05/08 01:07:21.0917 5936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/08 01:07:22.0083 5936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/08 01:07:22.0248 5936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
    2011/05/08 01:07:22.0398 5936 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/05/08 01:07:22.0479 5936 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/05/08 01:07:22.0659 5936 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/05/08 01:07:22.0750 5936 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
    2011/05/08 01:07:22.0851 5936 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2011/05/08 01:07:22.0968 5936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/08 01:07:23.0106 5936 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys
    2011/05/08 01:07:23.0275 5936 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/08 01:07:23.0468 5936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/05/08 01:07:23.0632 5936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/08 01:07:23.0754 5936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/05/08 01:07:23.0836 5936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/05/08 01:07:23.0932 5936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/05/08 01:07:24.0156 5936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
    2011/05/08 01:07:24.0313 5936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/08 01:07:24.0416 5936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/08 01:07:24.0504 5936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/08 01:07:24.0596 5936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/05/08 01:07:24.0712 5936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/05/08 01:07:24.0898 5936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/05/08 01:07:25.0000 5936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/05/08 01:07:25.0193 5936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/08 01:07:25.0469 5936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/05/08 01:07:25.0623 5936 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
    2011/05/08 01:07:25.0859 5936 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
    2011/05/08 01:07:25.0988 5936 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/08 01:07:26.0121 5936 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/08 01:07:26.0209 5936 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/08 01:07:26.0356 5936 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
    2011/05/08 01:07:26.0469 5936 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys
    2011/05/08 01:07:26.0611 5936 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys
    2011/05/08 01:07:26.0738 5936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/08 01:07:26.0975 5936 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys
    2011/05/08 01:07:27.0144 5936 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys
    2011/05/08 01:07:27.0339 5936 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys
    2011/05/08 01:07:27.0466 5936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/05/08 01:07:27.0577 5936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/05/08 01:07:27.0704 5936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/05/08 01:07:27.0917 5936 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
    2011/05/08 01:07:28.0108 5936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/05/08 01:07:28.0293 5936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/08 01:07:28.0420 5936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/08 01:07:28.0589 5936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/08 01:07:28.0688 5936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/08 01:07:28.0834 5936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/08 01:07:28.0943 5936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/08 01:07:29.0156 5936 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
    2011/05/08 01:07:29.0332 5936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/08 01:07:29.0433 5936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/05/08 01:07:29.0548 5936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/08 01:07:29.0633 5936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/05/08 01:07:29.0750 5936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/08 01:07:30.0063 5936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/08 01:07:30.0177 5936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/05/08 01:07:30.0301 5936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/05/08 01:07:30.0424 5936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/05/08 01:07:30.0558 5936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/08 01:07:30.0785 5936 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/08 01:07:30.0879 5936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/05/08 01:07:31.0016 5936 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2011/05/08 01:07:31.0158 5936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/08 01:07:31.0272 5936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/05/08 01:07:31.0422 5936 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    2011/05/08 01:07:31.0512 5936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/08 01:07:31.0658 5936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/08 01:07:31.0759 5936 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2011/05/08 01:07:31.0863 5936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/05/08 01:07:31.0966 5936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/08 01:07:32.0177 5936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/05/08 01:07:32.0293 5936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/08 01:07:32.0387 5936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/08 01:07:32.0489 5936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/08 01:07:32.0783 5936 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
    2011/05/08 01:07:32.0948 5936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/08 01:07:33.0034 5936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/05/08 01:07:33.0152 5936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/05/08 01:07:33.0243 5936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/05/08 01:07:33.0386 5936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/05/08 01:07:33.0478 5936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/05/08 01:07:33.0583 5936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/08 01:07:33.0720 5936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/05/08 01:07:33.0822 5936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/05/08 01:07:34.0133 5936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/05/08 01:07:34.0236 5936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/08 01:07:34.0288 5936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/08 01:07:34.0512 5936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/05/08 01:07:34.0626 5936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/08 01:07:34.0978 5936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/05/08 01:07:35.0284 5936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/05/08 01:07:36.0203 5936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/05/08 01:07:36.0508 5936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/05/08 01:07:36.0651 5936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/08 01:07:36.0802 5936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/08 01:07:36.0928 5936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/05/08 01:07:37.0055 5936 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
    2011/05/08 01:07:37.0441 5936 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/08 01:07:37.0453 5936 ================================================================================
    2011/05/08 01:07:37.0453 5936 Scan finished
    2011/05/08 01:07:37.0453 5936 ================================================================================
    2011/05/08 01:07:37.0483 3880 Detected object count: 1
    2011/05/08 01:07:58.0372 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/08 01:07:58.0373 3880 \HardDisk0 - ok
    2011/05/08 01:07:58.0423 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/05/08 01:08:15.0679 5876 Deinitialize success



    ////////////////////////



    MALWAREBYTES REPORT

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6528

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    5/8/2011 2:13:54 AM
    mbam-log-2011-05-08 (02-13-54).txt

    Scan type: Quick scan
    Objects scanned: 174161
    Time elapsed: 21 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ////////////////////////


    SECURITY CHECK REPORT


    Results of screen317's Security Check version 0.99.10
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    BitDefender Antivirus 2010
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java™ 6 Update 22
    Java™ SE Runtime Environment 6
    Java™ 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSASCui.exe
    BitDefender BitDefender 2010 bdagent.exe
    BitDefender BitDefender 2010 seccenter.exe
    Windows Defender MSASCui.exe
    ``````````End of Log````````````


    //////////////////////////////////////////////////


    Since there was no sign of infection, I was recommended to download OTL and to do the following custom scan:


    As the lines in blue concern my Proxy, I took them away.


    I ran OTL and I got an alert box that read "Cannot create file C:\Windows\System32\drivers\etc\Hosts." I clicked "OK" and OTL has the message at the bottom that says "Resetting HOSTS file. DO NOT INTERRUPT..." and it has had that message for about 7 hours now. It's definitely stuck.

    I have access to the Task Manager but the Desktop is no longer visible in the background. I do not to force a re-start at this stage and I am waiting for instructions. I could close OTL and it seems to be running as usual but I do not have access to the text in the "Custom Scan" area.

    This is urgent as it is 8:00 am in China and I have meetings coming up this morning.

    What should I do?


    Thanks for your help. This is urgent.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I can't do anything for your morning meetings! Unfortunately it looks like to ran some random programs, based on an malware infection you though you had. Please note that you are posting on a free computer help forum staffed ony by volunteers. We do not work on demand. It's after 11PM where I live and I will be shutting down for the night.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    When you finish with these scans, go ahead and run the following, which is the bootkit program that should have been run indtead of the TDSSKiller:

    Bootkit Remover:

    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
    2. Double-click on the remover.exe file to run the program.
      NOTE: The tool should be run from a command line with Administrator privileges.
    3. Scanning should be completed quickly
    4. Paste the output in your next reply.
    ==============================================
    And follow that with Combofix:
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==========================
    1. How were you notified of the TDS malware?
    2. How do you know no infection shows?
    3. Who advised you to run OTL?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...