Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Android Clickfraud Op Impersonates iPhones to Bump Ad Premiums

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Searches and web addresses are hijacked and redirected

Started by dembart , Aug 30 2010 02:57 PM

This topic is locked

62 replies to this topic

#1 dembart

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 30 August 2010 - 02:57 PM

Hi. I've picked up a very nasty trojan that redirects many of my Google searches to ad pages. Sometimes when I type a web address into the address field, I get a message at the bottom left of the screen saying that Firefox is waiting for google-analytics.com. It waits forever, and nothing happens. I've been running STOPzilla daily for three weeks, and it always finds Trojan.Vilsel.JGM or Clicker.CD or GASF. I remove them, but they come right back. How can I get rid of all this? I'm unable to use Firefox at all. Internet Explorer is also affected, but less so. Thanks very much for your help.

I have run OTL and attached OTL.txt and Extras.txt

Attached Files

OTL.Txt 120.33KB 8 downloads
Extras.Txt 77.72KB 7 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 06 September 2010 - 05:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

m0le is a proud member of UNITE

#3 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 10 September 2010 - 07:37 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

m0le is a proud member of UNITE

#4 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 10 September 2010 - 08:35 PM

Reopened at user's request

-----------------------------------------

Please check for rootkit activity with these two programs

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

And

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

m0le is a proud member of UNITE

#5 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 10 September 2010 - 11:25 PM

Thanks very much.

I have downloaded and run MBRCheck and TDSSKiller, and here are the logs that they produced. I have also attached both log files to this post.

MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10017
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 154):
0x02213000 \SystemRoot\system32\ntoskrnl.exe
0x0272A000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00776000 \SystemRoot\SySWOW64\DRIVERS\szkg64.sys
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00A0E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00A74000 \SystemRoot\system32\drivers\pciide.sys
0x00A7B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A8B000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A9E000 \SystemRoot\system32\drivers\atapi.sys
0x00AA6000 \SystemRoot\system32\drivers\ataport.SYS
0x00ACA000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B11000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B25000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0B000 \SystemRoot\system32\drivers\ndis.sys
0x00BAC000 \SystemRoot\system32\drivers\msrpc.sys
0x007A2000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E00000 \SystemRoot\System32\drivers\tcpip.sys
0x00F76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01189000 \SystemRoot\system32\drivers\volsnap.sys
0x011CD000 \SystemRoot\System32\Drivers\spldr.sys
0x011D5000 \SystemRoot\System32\Drivers\mup.sys
0x00FA2000 \SystemRoot\System32\drivers\ecache.sys
0x011E7000 \SystemRoot\system32\drivers\disk.sys
0x00FCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0220D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02801000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x028E4000 \SystemRoot\System32\drivers\watchdog.sys
0x028F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02900000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02946000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C01000 \SystemRoot\system32\DRIVERS\AVerBDA716x_x64.sys
0x02D43000 \SystemRoot\system32\DRIVERS\ks.sys
0x02D77000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x02D7B000 \SystemRoot\system32\drivers\ksthunk.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0329D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x032AF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x032BF000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x032E7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03315000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0337A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03396000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x033A3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x033B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02D81000 \SystemRoot\system32\DRIVERS\storport.sys
0x033EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02AF5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B49000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02B67000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B7F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02B92000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B9E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02957000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02BB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07588000 \SystemRoot\system32\drivers\portcls.sys
0x075C3000 \SystemRoot\system32\drivers\drmk.sys
0x02BCD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x075E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x075F0000 \SystemRoot\System32\Drivers\Null.SYS
0x07400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x029AA000 \SystemRoot\System32\drivers\vga.sys
0x029B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x029DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x029E6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x029EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02751000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0299F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02762000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0277F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0720E000 \SystemRoot\system32\drivers\afd.sys
0x07279000 \SystemRoot\System32\DRIVERS\netbt.sys
0x072BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x072DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x072EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07305000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07352000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0735E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0737B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07397000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07399000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x073A2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x073B4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x073BF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x073CA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x073D8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x073E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x073EC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0780B000 \SystemRoot\System32\Drivers\bthport.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x078B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x078C5000 \SystemRoot\System32\Drivers\VMC412.sys
0x078FE000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x0792F000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x0793C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0795B000 \SystemRoot\system32\drivers\btwavdt.sys
0x079D3000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x08009000 \SystemRoot\system32\drivers\btwaudio.sys
0x0808D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x08099000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x080A8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x080BB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x080D3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x08108000 \SystemRoot\system32\drivers\luafv.sys
0x0812A000 \SystemRoot\system32\drivers\spsys.sys
0x081C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0279A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x081D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x081E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09604000 \SystemRoot\system32\drivers\HTTP.sys
0x096A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x096D0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x096EE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09708000 \SystemRoot\system32\drivers\mrxdav.sys
0x0972F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09758000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x097A1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x097C0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09808000 \SystemRoot\System32\DRIVERS\srv.sys
0x0989D000 \SystemRoot\system32\drivers\peauth.sys
0x09953000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0995E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0996E000 \SystemRoot\system32\drivers\tdtcp.sys
0x0997B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09989000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x099C5000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x099D5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x099F1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x77CC0000 \Windows\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
592 csrss.exe
660 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
356 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
12 C:\Windows\System32\Ati2evxx.exe
672 C:\Windows\System32\svchost.exe
512 C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
1128 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\SLsvc.exe
1280 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\Ati2evxx.exe
1412 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\wlanext.exe
1752 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\taskeng.exe
1960 C:\Windows\System32\dwm.exe
1400 C:\Windows\explorer.exe
2176 C:\Windows\System32\taskeng.exe
2360 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2372 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2392 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2424 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
2512 C:\Program Files (x86)\Executive Software\DiskeeperWorkstation\DKService.exe
2524 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2580 C:\Program Files\Microsoft Security Essentials\msseces.exe
2624 C:\Windows\ehome\ehtray.exe
2652 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2672 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2708 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
2716 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
2728 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
2768 C:\Program Files (x86)\jmesoft\hotkey.exe
2788 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2796 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2820 C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
2828 C:\Users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
2868 C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
2876 C:\Users\Lee\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2896 C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe
2924 C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
2968 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2988 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3000 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3044 C:\Program Files (x86)\Google\Google Talk\googletalk.exe
1508 C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
2520 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3204 C:\Windows\ehome\ehmsas.exe
3404 C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
3488 C:\Windows\System32\svchost.exe
3536 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
3620 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3652 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
3684 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3700 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3724 C:\Windows\System32\svchost.exe
3764 C:\Windows\System32\svchost.exe
3788 C:\Windows\System32\SearchIndexer.exe
3920 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3716

TDSSKiller

2010/09/10 21:14:57.0846 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/10 21:14:57.0846 ================================================================================
2010/09/10 21:14:57.0846 SystemInfo:
2010/09/10 21:14:57.0846
2010/09/10 21:14:57.0846 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/10 21:14:57.0846 Product type: Workstation
2010/09/10 21:14:57.0846 ComputerName: DESKTOP
2010/09/10 21:14:57.0846 UserName: Lee
2010/09/10 21:14:57.0846 Windows directory: C:\Windows
2010/09/10 21:14:57.0846 System windows directory: C:\Windows
2010/09/10 21:14:57.0846 Running under WOW64
2010/09/10 21:14:57.0846 Processor architecture: Intel x64
2010/09/10 21:14:57.0846 Number of processors: 2
2010/09/10 21:14:57.0846 Page size: 0x1000
2010/09/10 21:14:57.0846 Boot type: Normal boot
2010/09/10 21:14:57.0846 ================================================================================
2010/09/10 21:14:57.0847 Utility is running under WOW64
2010/09/10 21:14:58.0028 Initialize success
2010/09/10 21:15:09.0119 ================================================================================
2010/09/10 21:15:09.0119 Scan started
2010/09/10 21:15:09.0119 Mode: Manual;
2010/09/10 21:15:09.0119 ================================================================================
2010/09/10 21:15:09.0536 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/09/10 21:15:09.0592 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/09/10 21:15:09.0640 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/09/10 21:15:09.0672 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/09/10 21:15:09.0709 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/09/10 21:15:09.0797 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/09/10 21:15:09.0837 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/09/10 21:15:09.0865 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/09/10 21:15:09.0908 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/09/10 21:15:09.0937 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/09/10 21:15:09.0972 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/09/10 21:15:10.0029 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/09/10 21:15:10.0061 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/09/10 21:15:10.0122 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/10 21:15:10.0168 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/09/10 21:15:10.0334 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/10 21:15:10.0514 AVerBDA6x_x64 (f4924aa0451783a69b0cd10c43f6059b) C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
2010/09/10 21:15:10.0616 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/09/10 21:15:10.0645 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/10 21:15:10.0702 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/10 21:15:10.0737 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/09/10 21:15:10.0772 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/09/10 21:15:10.0808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/09/10 21:15:10.0842 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/10 21:15:10.0865 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/09/10 21:15:10.0911 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/10 21:15:10.0946 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/09/10 21:15:10.0997 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/10 21:15:11.0044 BTHPORT (2ff122eeb3a712feda238fb331f738b9) C:\Windows\system32\Drivers\BTHport.sys
2010/09/10 21:15:11.0097 BTHUSB (2b668e7c1616c0e931714272934c678b) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/10 21:15:11.0146 btwaudio (162e149abd1d36a4a8b05a06f3f48e79) C:\Windows\system32\drivers\btwaudio.sys
2010/09/10 21:15:11.0174 btwavdt (8964a01861b2539160dc8fe72b400e39) C:\Windows\system32\drivers\btwavdt.sys
2010/09/10 21:15:11.0248 btwl2cap (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/09/10 21:15:11.0275 btwrchid (387fc34f3488aca2a16394cd7421e7a0) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/10 21:15:11.0305 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/10 21:15:11.0328 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/10 21:15:11.0367 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/09/10 21:15:11.0418 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/09/10 21:15:11.0483 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/09/10 21:15:11.0517 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/09/10 21:15:11.0538 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/10 21:15:11.0601 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/09/10 21:15:11.0646 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/09/10 21:15:11.0696 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/10 21:15:11.0749 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/10 21:15:11.0788 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/09/10 21:15:11.0836 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/09/10 21:15:11.0887 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/09/10 21:15:11.0924 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/09/10 21:15:11.0998 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/09/10 21:15:12.0028 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/09/10 21:15:12.0062 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/10 21:15:12.0110 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/09/10 21:15:12.0142 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/09/10 21:15:12.0187 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/10 21:15:12.0221 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/09/10 21:15:12.0280 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/10 21:15:12.0309 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/10 21:15:12.0366 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/10 21:15:12.0441 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/09/10 21:15:12.0486 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/10 21:15:12.0539 HidBth (39f7d79b3401be029d8451f761d30331) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/10 21:15:12.0568 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/09/10 21:15:12.0613 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/10 21:15:12.0669 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/09/10 21:15:12.0721 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/09/10 21:15:12.0763 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/09/10 21:15:12.0800 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/10 21:15:12.0883 ialm (d8ae64dc0924e9e4b532b4e700af35fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/09/10 21:15:12.0941 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/09/10 21:15:12.0979 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/09/10 21:15:13.0087 IntcAzAudAddService (f9c251a94f76231d9ee946401060eee1) C:\Windows\system32\drivers\RTKVHD64.sys
2010/09/10 21:15:13.0165 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/09/10 21:15:13.0195 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/10 21:15:13.0276 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/10 21:15:13.0348 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/10 21:15:13.0377 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/10 21:15:13.0410 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/09/10 21:15:13.0466 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/09/10 21:15:13.0511 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/10 21:15:13.0553 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/09/10 21:15:13.0576 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/09/10 21:15:13.0646 JMCR (232daf11b2d1363bc8cabf1a0e33601b) C:\Windows\system32\DRIVERS\jmcr.sys
2010/09/10 21:15:13.0710 k57nd60a (54d14e71dcc55d22cf9a7f4d52a654b6) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/09/10 21:15:13.0749 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/10 21:15:13.0789 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/10 21:15:13.0852 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/10 21:15:13.0894 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/09/10 21:15:13.0966 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/10 21:15:14.0018 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/10 21:15:14.0041 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/10 21:15:14.0071 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/10 21:15:14.0089 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/09/10 21:15:14.0146 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/09/10 21:15:14.0205 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/09/10 21:15:14.0273 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/09/10 21:15:14.0319 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/10 21:15:14.0341 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/10 21:15:14.0378 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/10 21:15:14.0405 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/09/10 21:15:14.0457 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/09/10 21:15:14.0496 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/09/10 21:15:14.0517 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/09/10 21:15:14.0552 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/10 21:15:14.0597 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/10 21:15:14.0632 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/10 21:15:14.0672 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/10 21:15:14.0708 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/10 21:15:14.0753 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/10 21:15:14.0792 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/09/10 21:15:14.0828 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/09/10 21:15:14.0873 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/09/10 21:15:14.0920 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/09/10 21:15:14.0977 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/10 21:15:15.0026 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/10 21:15:15.0049 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/09/10 21:15:15.0086 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/09/10 21:15:15.0127 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/10 21:15:15.0178 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/09/10 21:15:15.0199 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/09/10 21:15:15.0271 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/10 21:15:15.0339 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/09/10 21:15:15.0381 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/10 21:15:15.0406 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/10 21:15:15.0433 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/10 21:15:15.0456 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/09/10 21:15:15.0483 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/10 21:15:15.0531 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/10 21:15:15.0691 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/09/10 21:15:15.0805 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/09/10 21:15:15.0842 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/09/10 21:15:15.0868 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/10 21:15:15.0929 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/09/10 21:15:15.0968 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/09/10 21:15:15.0997 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/09/10 21:15:16.0028 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/09/10 21:15:16.0060 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/09/10 21:15:16.0169 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/10 21:15:16.0241 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2010/09/10 21:15:16.0270 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/09/10 21:15:16.0295 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/09/10 21:15:16.0330 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/09/10 21:15:16.0359 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/09/10 21:15:16.0392 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/09/10 21:15:16.0516 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/10 21:15:16.0611 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/09/10 21:15:16.0681 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/10 21:15:16.0733 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/09/10 21:15:16.0789 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/09/10 21:15:16.0828 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/10 21:15:16.0846 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/10 21:15:16.0889 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/10 21:15:16.0934 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/10 21:15:16.0965 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/10 21:15:17.0011 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/10 21:15:17.0044 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/10 21:15:17.0093 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/09/10 21:15:17.0121 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/10 21:15:17.0149 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/09/10 21:15:17.0237 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/10 21:15:17.0279 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/10 21:15:17.0321 RTL8023x64 (f389399fd2204c94c4da16a00aab68f2) C:\Windows\system32\DRIVERS\Rtnic64.sys
2010/09/10 21:15:17.0361 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/09/10 21:15:17.0440 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/10 21:15:17.0474 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/10 21:15:17.0510 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/10 21:15:17.0535 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/09/10 21:15:17.0567 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/09/10 21:15:17.0617 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/09/10 21:15:17.0632 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/10 21:15:17.0657 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/10 21:15:17.0681 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/09/10 21:15:17.0721 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/09/10 21:15:17.0748 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/09/10 21:15:17.0819 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/09/10 21:15:17.0871 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/09/10 21:15:17.0946 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/09/10 21:15:17.0981 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/10 21:15:18.0004 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/10 21:15:18.0052 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/10 21:15:18.0089 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/09/10 21:15:18.0126 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/09/10 21:15:18.0155 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/09/10 21:15:18.0267 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/09/10 21:15:18.0331 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/10 21:15:18.0381 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/10 21:15:18.0407 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/09/10 21:15:18.0439 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/09/10 21:15:18.0482 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/10 21:15:18.0524 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/10 21:15:18.0603 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/10 21:15:18.0644 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/10 21:15:18.0679 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/10 21:15:18.0718 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/09/10 21:15:18.0766 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/10 21:15:18.0831 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/10 21:15:18.0871 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/09/10 21:15:18.0908 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/09/10 21:15:18.0941 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/09/10 21:15:18.0973 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/10 21:15:19.0077 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
2010/09/10 21:15:19.0139 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/10 21:15:19.0169 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/09/10 21:15:19.0211 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/10 21:15:19.0256 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/10 21:15:19.0289 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/09/10 21:15:19.0335 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/10 21:15:19.0356 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/10 21:15:19.0400 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/10 21:15:19.0441 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/10 21:15:19.0510 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/10 21:15:19.0540 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/09/10 21:15:19.0566 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/09/10 21:15:19.0623 VMC412 (11b9e87522552f1ea39ee1b836eef50b) C:\Windows\system32\Drivers\VMC412.sys
2010/09/10 21:15:19.0654 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/09/10 21:15:19.0704 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/09/10 21:15:19.0767 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/09/10 21:15:19.0801 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/09/10 21:15:19.0874 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/09/10 21:15:19.0924 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/10 21:15:19.0940 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/10 21:15:19.0989 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/09/10 21:15:20.0067 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/10 21:15:20.0293 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/10 21:15:20.0351 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/10 21:15:20.0415 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/10 21:15:20.0477 ================================================================================
2010/09/10 21:15:20.0478 Scan finished
2010/09/10 21:15:20.0478 ================================================================================
2010/09/10 21:16:58.0867 Deinitialize success

Attached Files

MBRCheck_09.10.10_21.10.25.txt 12.39KB 4 downloads
TDSSKiller.2.4.2.1_10.09.2010_21.14.57_log.txt 54.6KB 3 downloads

#6 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 11 September 2010 - 08:04 AM

The MBRCheck cuts off just before the end. Please make sure the whole log is copied.

m0le is a proud member of UNITE

#7 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 11 September 2010 - 08:16 AM

The last line of the full MBRCheck log that I have is

3716 [blank]

Is that not the end? Should there be more? Should I run MBRCheck again?

#8 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 11 September 2010 - 08:22 AM

Yes please.

m0le is a proud member of UNITE

#9 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 11 September 2010 - 08:36 AM

Here is the new MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10017
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 154):
0x02213000 \SystemRoot\system32\ntoskrnl.exe
0x0272A000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00776000 \SystemRoot\SySWOW64\DRIVERS\szkg64.sys
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00A0E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00A74000 \SystemRoot\system32\drivers\pciide.sys
0x00A7B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A8B000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A9E000 \SystemRoot\system32\drivers\atapi.sys
0x00AA6000 \SystemRoot\system32\drivers\ataport.SYS
0x00ACA000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B11000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B25000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0B000 \SystemRoot\system32\drivers\ndis.sys
0x00BAC000 \SystemRoot\system32\drivers\msrpc.sys
0x007A2000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E00000 \SystemRoot\System32\drivers\tcpip.sys
0x00F76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01189000 \SystemRoot\system32\drivers\volsnap.sys
0x011CD000 \SystemRoot\System32\Drivers\spldr.sys
0x011D5000 \SystemRoot\System32\Drivers\mup.sys
0x00FA2000 \SystemRoot\System32\drivers\ecache.sys
0x011E7000 \SystemRoot\system32\drivers\disk.sys
0x00FCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0220D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02801000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x028E4000 \SystemRoot\System32\drivers\watchdog.sys
0x028F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02900000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02946000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C01000 \SystemRoot\system32\DRIVERS\AVerBDA716x_x64.sys
0x02D43000 \SystemRoot\system32\DRIVERS\ks.sys
0x02D77000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x02D7B000 \SystemRoot\system32\drivers\ksthunk.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0329D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x032AF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x032BF000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x032E7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03315000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0337A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03396000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x033A3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x033B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02D81000 \SystemRoot\system32\DRIVERS\storport.sys
0x033EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02AF5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B49000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02B67000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B7F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02B92000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B9E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02957000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02BB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07588000 \SystemRoot\system32\drivers\portcls.sys
0x075C3000 \SystemRoot\system32\drivers\drmk.sys
0x02BCD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x075E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x075F0000 \SystemRoot\System32\Drivers\Null.SYS
0x07400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x029AA000 \SystemRoot\System32\drivers\vga.sys
0x029B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x029DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x029E6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x029EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02751000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0299F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02762000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0277F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0720E000 \SystemRoot\system32\drivers\afd.sys
0x07279000 \SystemRoot\System32\DRIVERS\netbt.sys
0x072BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x072DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x072EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07305000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07352000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0735E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0737B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07397000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07399000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x073A2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x073B4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x073BF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x073CA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x073D8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x073E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x073EC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0780B000 \SystemRoot\System32\Drivers\bthport.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x078B9000 \SystemRoot\System32\drivers\Dxapi.sys

#10 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 11 September 2010 - 08:45 AM

We seem to have pasting problems. Let's try attaching the file.

Click Addreply as you would to reply to a post.

Click the Browse... button underneath the text box to the right and navigate to the file. Click it once and then click Open.

The file and its path should appear in the box next to Browse... and then you click UPLOAD.

m0le is a proud member of UNITE

#11 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 11 September 2010 - 09:12 AM

The new MBRCheck log is attached.

Attached Files

MBRCheck_09.11.10_06.33.25.txt 6.34KB 3 downloads

#12 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 11 September 2010 - 09:18 AM

This must be a copy/paste problem.

Are you copying andf pasting the entire log? Take a look at the bottom of the log before you copy and paste. It should look like this:

QUOTE

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

The MBR code will probably be different. Can you read what it says and type it in your next reply?

m0le is a proud member of UNITE

#13 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 11 September 2010 - 09:23 AM

I am copying and pasting the entire MBRCheck log. This is the last line:

0x078B9000 \SystemRoot\System32\drivers\Dxapi.sys

#14 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:08:46 PM

Posted 11 September 2010 - 09:33 AM

I've not seen that before.

Please run the following program

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
Please post the resulting log in your next reply.

Now run the Combofix program

Please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Comfix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

m0le is a proud member of UNITE

#15 dembart

Topic Starter

Members
36 posts
OFFLINE

Local time:01:46 PM

Posted 11 September 2010 - 09:33 AM

I have run MBRCheck again, and here is the log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10017
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 156):
0x02213000 \SystemRoot\system32\ntoskrnl.exe
0x0272A000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00776000 \SystemRoot\SySWOW64\DRIVERS\szkg64.sys
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00A0E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00A74000 \SystemRoot\system32\drivers\pciide.sys
0x00A7B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A8B000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A9E000 \SystemRoot\system32\drivers\atapi.sys
0x00AA6000 \SystemRoot\system32\drivers\ataport.SYS
0x00ACA000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B11000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B25000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0B000 \SystemRoot\system32\drivers\ndis.sys
0x00BAC000 \SystemRoot\system32\drivers\msrpc.sys
0x007A2000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E00000 \SystemRoot\System32\drivers\tcpip.sys
0x00F76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01189000 \SystemRoot\system32\drivers\volsnap.sys
0x011CD000 \SystemRoot\System32\Drivers\spldr.sys
0x011D5000 \SystemRoot\System32\Drivers\mup.sys
0x00FA2000 \SystemRoot\System32\drivers\ecache.sys
0x011E7000 \SystemRoot\system32\drivers\disk.sys
0x00FCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0220D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02801000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x028E4000 \SystemRoot\System32\drivers\watchdog.sys
0x028F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02900000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02946000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C01000 \SystemRoot\system32\DRIVERS\AVerBDA716x_x64.sys
0x02D43000 \SystemRoot\system32\DRIVERS\ks.sys
0x02D77000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x02D7B000 \SystemRoot\system32\drivers\ksthunk.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0329D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x032AF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x032BF000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x032E7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03315000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0337A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03396000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x033A3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x033B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02D81000 \SystemRoot\system32\DRIVERS\storport.sys
0x033EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02AF5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B49000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02B67000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B7F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02B92000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B9E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02957000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02BB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07588000 \SystemRoot\system32\drivers\portcls.sys
0x075C3000 \SystemRoot\system32\drivers\drmk.sys
0x02BCD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x075E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x075F0000 \SystemRoot\System32\Drivers\Null.SYS
0x07400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x029AA000 \SystemRoot\System32\drivers\vga.sys
0x029B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x029DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x029E6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x029EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02751000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0299F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02762000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0277F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0720E000 \SystemRoot\system32\drivers\afd.sys
0x07279000 \SystemRoot\System32\DRIVERS\netbt.sys
0x072BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x072DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x072EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07305000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07352000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0735E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0737B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07397000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07399000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x073A2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x073B4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x073BF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x073CA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x073D8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x073E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x073EC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0780B000 \SystemRoot\System32\Drivers\bthport.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x078B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x078C5000 \SystemRoot\System32\Drivers\VMC412.sys
0x078FE000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x0792F000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x0793C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0795B000 \SystemRoot\system32\drivers\btwavdt.sys
0x079D3000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x08009000 \SystemRoot\system32\drivers\btwaudio.sys
0x0808D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x08099000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x080A8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x080BB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x080D3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x08108000 \SystemRoot\system32\drivers\luafv.sys
0x0812A000 \SystemRoot\system32\drivers\spsys.sys
0x081C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0279A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x081D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x081E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09604000 \SystemRoot\system32\drivers\HTTP.sys
0x096A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x096D0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x096EE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09708000 \SystemRoot\system32\drivers\mrxdav.sys
0x0972F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09758000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x097A1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x097C0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09808000 \SystemRoot\System32\DRIVERS\srv.sys
0x0989D000 \SystemRoot\system32\drivers\peauth.sys
0x09953000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0995E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0996E000 \SystemRoot\system32\drivers\tdtcp.sys
0x0997B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09989000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x099C5000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x099D5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x099F1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x009B0000 \SystemRoot\system32\DRIVERS\udfs.sys
0x099FE000 \SystemRoot\system32\drivers\MSPQM.sys
0x77CC0000 \Windows\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
592 csrss.exe
660 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
356 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
12 C:\Windows\System32\Ati2evxx.exe
672 C:\Windows\System32\svchost.exe
512 C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
1128 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\SLsvc.exe
1280 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\Ati2evxx.exe
1412 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\wlanext.exe
1752 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\taskeng.exe
1960 C:\Windows\System32\dwm.exe
1400 C:\Windows\explorer.exe
2176 C:\Windows\System32\taskeng.exe
2360 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2372 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2392 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2424 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
2512 C:\Program Files (x86)\Executive Software\DiskeeperWorkstation\DKService.exe
2524 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2580 C:\Program Files\Microsoft Security Essentials\msseces.exe
2624 C:\Windows\ehome\ehtray.exe
2652 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2672 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2708 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
2716 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
2728 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
2768 C:\Program Files (x86)\jmesoft\hotkey.exe
2788 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2796 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2820 C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
2828 C:\Users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
2868 C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
2876 C:\Users\Lee\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2896 C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe
2924 C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
2968 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2988 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3000 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3044 C:\Program Files (x86)\Google\Google Talk\googletalk.exe
1508 C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
2520 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3204 C:\Windows\ehome\ehmsas.exe
3404 C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
3488 C:\Windows\System32\svchost.exe
3536 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
3620 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3652 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
3684 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3700 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3724 C:\Windows\System32\svchost.exe
3764 C:\Windows\System32\svchost.exe
3788 C:\Windows\System32\SearchIndexer.exe
3920 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3716 C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
4112 WmiPrvSE.exe
4188 C:\Windows\System32\wbem\unsecapp.exe
4788 C:\Program Files\iPod\bin\iPodService.exe
4800 C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
4824 C:\Program Files\Windows Media Player\wmpnscfg.exe
4964 C:\Program Files\Windows Media Player\wmpnetwk.exe
5056 C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
4036 C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
1160 C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
4316 C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
3956 C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
2736 C:\Windows\System32\svchost.exe
4260 C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
4132 C:\Windows\splwow64.exe
5320 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
5572 C:\Windows\ehome\ehshell.exe
4200 C:\Windows\ehome\ehsched.exe
2692 C:\Windows\ehome\ehrecvr.exe
6140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5748 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6096 C:\Users\Lee\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD6400AAKS-08A7B2, Rev: 03.03B03