Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Redirection, Trojans & Hacked Email


  • This topic is locked This topic is locked
36 replies to this topic

#1 Sov

Sov

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 27 September 2010 - 06:15 AM

My desktop computer died a few months ago, and a close friend let me borrow their laptop for a few months which I've been using. They said it had a couple of problems with viruses but that there are ways to get around them and ignore them. The current problems that I'm having are:

-I first used to get redirected when I clicked a link in google and it would take me to really random sites and not be helpful at all. e.g. It most commonly took me to ebay.com & facebook.com. It then started redirecting me from websites that I typed into the address bar (which had been how I had been shown to avoid this problem before), and has been continually taking me to a particular web page mocked up and appearing as the control panel interface and performing a virus scan and telling me I need to scan my computer.

-Sometimes pages take for ever to load (and sometimes never do just have the spinning wheel) even with a fully connected internet. About 2 out of every 5 webpages I visit will not load and instead show "Problem loading page" which is far to common for just a site being generally down. Both firefox and IE have had the same problems.

-Malwarebytes has detected 2 trojans, but even after a supposed removal and computer reboot they still are being picked up by it in the next scan. AVG Free edition hasn't picked up anything major, only small cookie problems.

-Finally, my E-mail has hacked into an used to send spam mail to some of my contacts.

note: It only seems to happen when I connect through my own router internet connection. When I use others the problems reduce significantly.

I really don't feel comfortable with using this computer and I'm worried for my online security. I really need some help to get it fixed! smile.gif Thank you. Here is the DDS.txt




DDS (Ver_10-03-17.01) - NTFSx86
Run by greg at 10:55:37.17 on 27/09/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2045.1160 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\greg\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\vbteukc1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-27 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-28 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-28 277624]

=============== Created Last 30 ================

2010-09-23 15:48:21 0 d--h--w- c:\programdata\CanonIJScan
2010-09-23 14:33:18 87552 ----a-r- c:\windows\system\url.dll
2010-09-23 14:33:18 0 d-----w- c:\windows\wb
2010-09-22 17:31:52 0 d-----w- c:\users\greg\appdata\roaming\OpenOffice.org
2010-09-22 17:22:49 0 d-----w- c:\program files\JRE
2010-09-22 17:22:00 0 d-----w- c:\program files\OpenOffice.org 3
2010-09-17 09:29:36 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-17 09:29:34 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 09:29:33 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-17 09:29:29 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 09:34:49 0 d-----w- c:\programdata\PMB Files
2010-09-10 19:49:55 0 d-----w- c:\program files\Pando Networks
2010-08-31 13:14:09 0 d-----w- c:\program files\common files\CANON
2010-08-31 13:11:25 0 d--h--w- c:\programdata\CanonBJ
2010-08-31 13:10:18 303104 ----a-w- c:\windows\system32\CNC270L.dll
2010-08-31 13:10:18 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-08-31 13:10:18 1310720 ----a-w- c:\windows\system32\CNC270C.dll
2010-08-31 13:10:18 12544 ----a-w- c:\windows\system32\CNC173BD.TBL
2010-08-31 13:10:18 110592 ----a-w- c:\windows\system32\CNC270I.dll
2010-08-31 13:10:18 106496 ----a-w- c:\windows\system32\CNC270U.dll
2010-08-31 13:09:16 272384 ----a-w- c:\windows\system32\CNMLM9X.DLL
2010-08-31 13:09:11 90112 ----a-w- c:\windows\system32\CNC270O.dll
2010-08-31 13:09:06 178176 ----a-w- c:\windows\system32\CNMIU9X.DLL
2010-08-31 13:07:39 0 d-----w- c:\program files\Canon

==================== Find3M ====================

2010-08-31 13:10:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-31 13:10:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-31 13:10:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-25 19:05:36 25164 ----a-w- c:\windows\fonts\elizacat.ttf
2010-08-25 19:02:26 31848 ----a-w- c:\windows\fonts\BN FontBoy.ttf
2010-08-25 18:54:59 120500 ----a-w- c:\windows\fonts\Pirmokas.ttf
2010-08-25 18:52:44 36540 ----a-w- c:\windows\fonts\PapposBlues..._font.ttf
2010-08-25 18:42:37 72148 ----a-w- c:\windows\fonts\LUNABAR.TTF
2010-08-25 18:37:16 77048 ----a-w- c:\windows\fonts\angelina.TTF
2010-07-16 10:11:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-11 22:13:43 4096 ----a-w- c:\windows\d3dx.dat
2010-04-01 21:50:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:56:44.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 PM

Posted 01 October 2010 - 04:09 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 04 October 2010 - 02:22 PM

Hi, thanks for your reply. I'm still having the exact same problems as first described.


Thanks again.

Heres the new DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by greg at 19:32:10.80 on 04/10/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2045.922 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\greg\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\vbteukc1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-27 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-28 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-28 277624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-01 15:45:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-23 15:48:21 0 d--h--w- c:\programdata\CanonIJScan
2010-09-23 14:33:18 87552 ----a-r- c:\windows\system\url.dll
2010-09-23 14:33:18 0 d-----w- c:\windows\wb
2010-09-22 17:31:52 0 d-----w- c:\users\greg\appdata\roaming\OpenOffice.org
2010-09-22 17:22:49 0 d-----w- c:\program files\JRE
2010-09-22 17:22:00 0 d-----w- c:\program files\OpenOffice.org 3
2010-09-17 09:29:36 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-17 09:29:34 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 09:29:33 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-17 09:29:29 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 09:34:49 0 d-----w- c:\programdata\PMB Files
2010-09-10 19:49:55 0 d-----w- c:\program files\Pando Networks

==================== Find3M ====================

2010-10-03 18:34:26 29780 ----a-w- c:\windows\fonts\collegiateHeavyOutline Medium.ttf
2010-09-27 19:57:01 77112 ----a-w- c:\windows\fonts\INFILTRI.TTF
2010-09-27 19:55:29 78076 ----a-w- c:\windows\fonts\TFUTFU_.TTF
2010-08-31 13:10:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-31 13:10:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-31 13:10:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-25 19:05:36 25164 ----a-w- c:\windows\fonts\elizacat.ttf
2010-08-25 19:02:26 31848 ----a-w- c:\windows\fonts\BN FontBoy.ttf
2010-08-25 18:54:59 120500 ----a-w- c:\windows\fonts\Pirmokas.ttf
2010-08-25 18:52:44 36540 ----a-w- c:\windows\fonts\PapposBlues..._font.ttf
2010-08-25 18:42:37 72148 ----a-w- c:\windows\fonts\LUNABAR.TTF
2010-08-25 18:37:16 77048 ----a-w- c:\windows\fonts\angelina.TTF
2010-07-16 10:11:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-11 22:13:43 4096 ----a-w- c:\windows\d3dx.dat
2010-04-01 21:50:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:32:26.76 ===============


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 08 October 2010 - 06:17 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


================================


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 08 October 2010 - 08:46 AM

Hi, thank you so much for your help, I really appreciate it. Heres the combofix log:



ComboFix 10-10-07.02 - greg 08/10/2010 14:30:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2045.1259 [GMT 1:00]
Running from: c:\users\greg\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 13:36 . 2010-10-08 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 18:45 . 2010-10-05 18:45 4100960 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-10-05 18:45 . 2010-10-05 18:45 2065760 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-10-05 18:45 . 2010-10-05 18:45 4394336 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-10-01 15:45 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 08:02 . 2010-09-28 08:02 -------- d-----w- c:\program files\Microsoft.NET
2010-09-23 15:48 . 2010-09-23 15:48 -------- d--h--w- c:\programdata\CanonIJScan
2010-09-23 15:47 . 2010-09-23 15:48 -------- d-----w- c:\users\greg\AppData\Roaming\Canon
2010-09-23 14:33 . 2010-09-23 14:33 -------- d-----w- c:\windows\wb
2010-09-23 14:33 . 1996-08-16 11:44 87552 ----a-r- c:\windows\system\url.dll
2010-09-23 08:02 . 2010-09-23 08:02 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 08:02 . 2010-09-23 08:02 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 08:02 . 2010-09-23 08:02 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 08:02 . 2010-09-23 08:02 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 08:00 . 2010-09-23 08:00 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-22 17:31 . 2010-09-23 21:54 1 ----a-w- c:\users\greg\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-22 17:31 . 2010-09-22 17:31 -------- d-----w- c:\users\greg\AppData\Roaming\OpenOffice.org
2010-09-22 17:22 . 2010-09-22 17:22 -------- d-----w- c:\program files\JRE
2010-09-22 17:22 . 2010-09-22 17:22 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\24279\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\24279\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\24279\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\24279\AcrobatUpdater.exe
2010-09-17 09:29 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-17 09:29 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 09:29 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-17 09:29 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 09:34 . 2010-10-08 10:44 -------- d-----w- c:\users\greg\AppData\Local\PMB Files
2010-09-11 09:34 . 2010-09-11 13:45 -------- d-----w- c:\programdata\PMB Files
2010-09-10 19:49 . 2010-09-10 19:49 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 14:48 . 2010-01-31 22:39 0 ----a-w- c:\users\greg\AppData\Local\prvlcl.dat
2010-10-07 10:04 . 2010-01-28 12:31 1356 ----a-w- c:\users\greg\AppData\Local\d3d9caps.dat
2010-10-07 09:26 . 2010-03-28 11:59 -------- d-----w- c:\programdata\FLEXnet
2010-10-06 22:38 . 2010-01-28 12:31 62744 ----a-w- c:\users\greg\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-26 09:53 . 2010-02-21 20:12 -------- d-----w- c:\programdata\NOS
2010-09-19 22:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-31 13:14 . 2010-08-31 13:07 -------- d-----w- c:\program files\Canon
2010-08-31 13:14 . 2010-08-31 13:14 -------- d-----w- c:\program files\Common Files\CANON
2010-08-31 13:11 . 2010-08-31 13:11 -------- d--h--w- c:\programdata\CanonBJ
2010-08-31 13:10 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-08-31 13:10 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstrng.dat
2010-08-31 13:10 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-08-31 13:08 . 2010-08-31 13:08 -------- d--h--w- c:\program files\CanonBJ
2010-08-13 14:18 . 2010-06-23 18:35 -------- d-----w- c:\users\greg\AppData\Roaming\Apple Computer
2010-08-13 14:18 . 2010-06-18 17:01 -------- d-----w- c:\programdata\Apple
2010-07-16 10:11 . 2010-03-27 13:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 10:11 . 2010-07-16 10:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 10:10 . 2010-03-27 13:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 22:13 . 2010-07-11 22:13 4096 ----a-w- c:\windows\d3dx.dat
2010-07-11 16:22 . 2010-03-31 12:23 195072 ----a-w- c:\users\greg\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\OpenAL64.dll
2010-07-11 16:22 . 2010-03-31 12:23 413696 ----a-w- c:\users\greg\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\OpenAL32.dll
2010-07-11 16:22 . 2010-03-31 12:23 273920 ----a-w- c:\users\greg\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\lwjgl64.dll
2010-07-11 16:22 . 2010-03-31 12:23 193024 ----a-w- c:\users\greg\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\lwjgl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-11 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

c:\users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-01-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-01-31 149208]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-02-16 277624]

.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{7CBDAB5C-20CC-4D74-907E-37678567CEC1}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\vbteukc1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Completion time: 2010-10-08 14:37:54
ComboFix-quarantined-files.txt 2010-10-08 13:37

Pre-Run: 110,658,781,184 bytes free
Post-Run: 113,202,307,072 bytes free

- - End Of File - - E7356E9239DD2E97D6A157A20D887A12


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 08 October 2010 - 09:02 AM

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  1. Extract the zip file to its own folder.
  2. Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  3. Click Start scan to start scanning.
  4. If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  5. Click on Report to generate a log.
  6. Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 08 October 2010 - 11:24 AM

Hi,

2010/10/08 17:21:41.0640 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/08 17:21:41.0640 ================================================================================
2010/10/08 17:21:41.0640 SystemInfo:
2010/10/08 17:21:41.0640
2010/10/08 17:21:41.0640 OS Version: 6.0.6001 ServicePack: 1.0
2010/10/08 17:21:41.0640 Product type: Workstation
2010/10/08 17:21:41.0640 ComputerName: PHOTOGROUP-PC
2010/10/08 17:21:41.0640 UserName: greg
2010/10/08 17:21:41.0640 Windows directory: C:\Windows
2010/10/08 17:21:41.0640 System windows directory: C:\Windows
2010/10/08 17:21:41.0640 Processor architecture: Intel x86
2010/10/08 17:21:41.0640 Number of processors: 2
2010/10/08 17:21:41.0640 Page size: 0x1000
2010/10/08 17:21:41.0640 Boot type: Normal boot
2010/10/08 17:21:41.0640 ================================================================================
2010/10/08 17:21:41.0979 Initialize success
2010/10/08 17:22:20.0978 ================================================================================
2010/10/08 17:22:20.0979 Scan started
2010/10/08 17:22:20.0979 Mode: Manual;
2010/10/08 17:22:20.0979 ================================================================================
2010/10/08 17:22:21.0514 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/10/08 17:22:21.0611 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/08 17:22:21.0686 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/08 17:22:21.0764 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/08 17:22:21.0814 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/08 17:22:21.0906 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/10/08 17:22:21.0971 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/08 17:22:22.0048 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/08 17:22:22.0098 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/08 17:22:22.0131 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/08 17:22:22.0193 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/08 17:22:22.0228 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/08 17:22:22.0267 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/10/08 17:22:22.0356 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/08 17:22:22.0405 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/08 17:22:22.0466 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/08 17:22:22.0512 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/10/08 17:22:22.0656 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/08 17:22:22.0843 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/08 17:22:22.0884 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/08 17:22:22.0925 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/08 17:22:23.0011 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
2010/10/08 17:22:23.0074 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/08 17:22:23.0179 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/08 17:22:23.0237 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/08 17:22:23.0282 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/08 17:22:23.0330 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/08 17:22:23.0353 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/08 17:22:23.0399 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/08 17:22:23.0425 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/08 17:22:23.0451 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/08 17:22:23.0477 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/08 17:22:23.0506 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/08 17:22:23.0650 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/08 17:22:23.0678 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/08 17:22:23.0716 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/08 17:22:23.0767 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/10/08 17:22:23.0840 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/08 17:22:23.0873 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/08 17:22:23.0912 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/08 17:22:23.0943 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/08 17:22:24.0009 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/08 17:22:24.0075 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/10/08 17:22:24.0136 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/10/08 17:22:24.0220 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/08 17:22:24.0274 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/08 17:22:24.0362 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/08 17:22:24.0417 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/10/08 17:22:24.0497 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/08 17:22:24.0563 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/08 17:22:24.0627 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/10/08 17:22:24.0667 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/10/08 17:22:24.0704 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/08 17:22:24.0770 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/08 17:22:24.0795 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/08 17:22:24.0830 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/08 17:22:24.0872 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/10/08 17:22:24.0933 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/08 17:22:25.0045 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/08 17:22:25.0105 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/08 17:22:25.0173 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/08 17:22:25.0212 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/08 17:22:25.0240 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/08 17:22:25.0280 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/08 17:22:25.0346 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/08 17:22:25.0383 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/08 17:22:25.0439 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/10/08 17:22:25.0527 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/08 17:22:25.0565 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/08 17:22:25.0607 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/08 17:22:25.0656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/08 17:22:25.0710 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/08 17:22:25.0747 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/08 17:22:25.0795 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/08 17:22:25.0852 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/08 17:22:25.0879 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/08 17:22:25.0924 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/08 17:22:25.0978 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/08 17:22:26.0024 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/08 17:22:26.0058 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/08 17:22:26.0115 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
2010/10/08 17:22:26.0173 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/08 17:22:26.0226 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/10/08 17:22:26.0254 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/08 17:22:26.0297 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/08 17:22:26.0359 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/08 17:22:26.0419 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/08 17:22:26.0470 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/08 17:22:26.0512 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/08 17:22:26.0562 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/08 17:22:26.0597 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/08 17:22:26.0636 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/08 17:22:26.0699 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/08 17:22:26.0747 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/08 17:22:26.0789 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/08 17:22:26.0822 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/08 17:22:26.0854 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/08 17:22:26.0883 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/08 17:22:26.0923 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/08 17:22:26.0965 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/08 17:22:27.0015 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/08 17:22:27.0066 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/10/08 17:22:27.0110 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/08 17:22:27.0139 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/08 17:22:27.0169 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/08 17:22:27.0213 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/08 17:22:27.0256 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/08 17:22:27.0328 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/08 17:22:27.0392 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/08 17:22:27.0452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/08 17:22:27.0491 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/08 17:22:27.0532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/08 17:22:27.0580 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/10/08 17:22:27.0621 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/08 17:22:27.0652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/08 17:22:27.0689 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/10/08 17:22:27.0766 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/08 17:22:27.0813 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/10/08 17:22:27.0863 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/08 17:22:27.0896 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/08 17:22:27.0959 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/08 17:22:28.0012 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/08 17:22:28.0048 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/08 17:22:28.0086 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/08 17:22:28.0181 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/08 17:22:28.0217 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/10/08 17:22:28.0258 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/08 17:22:28.0323 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/10/08 17:22:28.0401 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/08 17:22:28.0426 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/08 17:22:28.0456 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/08 17:22:28.0503 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/08 17:22:28.0546 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/08 17:22:28.0647 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/10/08 17:22:28.0680 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/10/08 17:22:28.0745 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/08 17:22:28.0790 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/08 17:22:28.0818 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/10/08 17:22:28.0855 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/08 17:22:28.0889 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/10/08 17:22:28.0918 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/10/08 17:22:28.0950 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/08 17:22:29.0025 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/08 17:22:29.0147 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/08 17:22:29.0185 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/08 17:22:29.0237 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/08 17:22:29.0311 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/08 17:22:29.0395 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/08 17:22:29.0467 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/08 17:22:29.0514 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/08 17:22:29.0548 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/08 17:22:29.0592 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/08 17:22:29.0625 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/08 17:22:29.0661 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/08 17:22:29.0706 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/08 17:22:29.0743 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/08 17:22:29.0794 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/08 17:22:29.0823 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/08 17:22:29.0857 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/10/08 17:22:29.0927 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/08 17:22:29.0991 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/08 17:22:30.0042 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/08 17:22:30.0112 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/08 17:22:30.0142 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/08 17:22:30.0208 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/08 17:22:30.0232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/08 17:22:30.0259 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/08 17:22:30.0322 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/08 17:22:30.0345 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/08 17:22:30.0383 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/08 17:22:30.0408 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/08 17:22:30.0461 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/08 17:22:30.0492 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/08 17:22:30.0530 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/08 17:22:30.0580 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/10/08 17:22:30.0626 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/08 17:22:30.0683 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/10/08 17:22:30.0730 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/08 17:22:30.0793 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/08 17:22:30.0845 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/08 17:22:30.0897 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/08 17:22:30.0941 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/08 17:22:30.0998 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/08 17:22:31.0099 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/10/08 17:22:31.0197 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/08 17:22:31.0233 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/08 17:22:31.0274 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/08 17:22:31.0301 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/08 17:22:31.0343 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/08 17:22:31.0372 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/08 17:22:31.0448 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/08 17:22:31.0496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/08 17:22:31.0551 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/08 17:22:31.0606 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/08 17:22:31.0650 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/08 17:22:31.0703 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/08 17:22:31.0758 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/08 17:22:31.0792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/08 17:22:31.0842 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/08 17:22:31.0884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/08 17:22:32.0008 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/08 17:22:32.0086 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2010/10/08 17:22:32.0138 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/08 17:22:32.0185 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/08 17:22:32.0231 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/08 17:22:32.0271 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/08 17:22:32.0314 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/08 17:22:32.0356 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/08 17:22:32.0401 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/08 17:22:32.0452 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/08 17:22:32.0476 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/08 17:22:32.0541 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/08 17:22:32.0608 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/08 17:22:32.0656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/08 17:22:32.0696 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/08 17:22:32.0721 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/08 17:22:32.0757 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/08 17:22:32.0797 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/08 17:22:32.0836 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/10/08 17:22:32.0905 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/10/08 17:22:32.0937 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/08 17:22:33.0005 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/08 17:22:33.0037 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 17:22:33.0062 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 17:22:33.0126 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/08 17:22:33.0182 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/08 17:22:33.0317 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/08 17:22:33.0408 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/08 17:22:33.0457 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/08 17:22:33.0524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/08 17:22:33.0582 ================================================================================
2010/10/08 17:22:33.0582 Scan finished
2010/10/08 17:22:33.0582 ================================================================================
2010/10/08 17:24:11.0330 ================================================================================
2010/10/08 17:24:11.0330 Scan started
2010/10/08 17:24:11.0331 Mode: Manual;
2010/10/08 17:24:11.0331 ================================================================================
2010/10/08 17:24:11.0670 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/10/08 17:24:11.0734 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/08 17:24:11.0787 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/08 17:24:11.0833 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/08 17:24:11.0871 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/08 17:24:11.0929 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/10/08 17:24:11.0962 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/08 17:24:11.0994 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/08 17:24:12.0033 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/08 17:24:12.0055 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/08 17:24:12.0095 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/08 17:24:12.0117 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/08 17:24:12.0158 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/10/08 17:24:12.0203 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/08 17:24:12.0241 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/08 17:24:12.0279 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/08 17:24:12.0314 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/10/08 17:24:12.0445 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/08 17:24:12.0545 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/08 17:24:12.0597 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/08 17:24:12.0628 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/08 17:24:12.0669 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
2010/10/08 17:24:12.0720 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/08 17:24:12.0764 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/08 17:24:12.0810 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/08 17:24:12.0845 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/08 17:24:12.0866 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/08 17:24:12.0891 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/08 17:24:12.0940 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/08 17:24:12.0963 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/08 17:24:12.0991 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/08 17:24:13.0017 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/08 17:24:13.0042 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/08 17:24:13.0137 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/08 17:24:13.0174 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/08 17:24:13.0211 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/08 17:24:13.0263 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/10/08 17:24:13.0314 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/08 17:24:13.0346 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/08 17:24:13.0374 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/08 17:24:13.0402 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/08 17:24:13.0438 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/08 17:24:13.0482 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/10/08 17:24:13.0531 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/10/08 17:24:13.0593 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/08 17:24:13.0648 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/08 17:24:13.0680 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/08 17:24:13.0724 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/10/08 17:24:13.0792 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/08 17:24:13.0848 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/08 17:24:13.0900 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/10/08 17:24:13.0940 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/10/08 17:24:13.0962 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/08 17:24:13.0999 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/08 17:24:14.0025 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/08 17:24:14.0056 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/08 17:24:14.0134 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/10/08 17:24:14.0173 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/08 17:24:14.0207 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/08 17:24:14.0245 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/08 17:24:14.0302 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/08 17:24:14.0330 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/08 17:24:14.0358 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/08 17:24:14.0387 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/08 17:24:14.0442 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/08 17:24:14.0479 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/08 17:24:14.0546 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/10/08 17:24:14.0589 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/08 17:24:14.0639 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/08 17:24:14.0680 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/08 17:24:14.0724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/08 17:24:14.0767 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/08 17:24:14.0805 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/08 17:24:14.0841 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/08 17:24:14.0903 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/08 17:24:14.0934 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/08 17:24:14.0966 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/08 17:24:15.0013 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/08 17:24:15.0059 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/08 17:24:15.0115 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/08 17:24:15.0161 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
2010/10/08 17:24:15.0208 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/08 17:24:15.0249 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/10/08 17:24:15.0272 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/08 17:24:15.0299 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/08 17:24:15.0361 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/08 17:24:15.0410 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/08 17:24:15.0461 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/08 17:24:15.0491 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/08 17:24:15.0530 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/08 17:24:15.0566 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/08 17:24:15.0605 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/08 17:24:15.0645 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/08 17:24:15.0682 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/08 17:24:15.0713 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/08 17:24:15.0746 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/08 17:24:15.0778 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/08 17:24:15.0818 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/08 17:24:15.0851 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/08 17:24:15.0889 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/08 17:24:15.0939 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/08 17:24:15.0979 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/10/08 17:24:16.0023 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/08 17:24:16.0047 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/08 17:24:16.0073 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/08 17:24:16.0100 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/08 17:24:16.0147 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/08 17:24:16.0185 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/08 17:24:16.0216 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/08 17:24:16.0265 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/08 17:24:16.0292 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/08 17:24:16.0334 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/08 17:24:16.0382 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/10/08 17:24:16.0412 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/08 17:24:16.0443 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/08 17:24:16.0480 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/10/08 17:24:16.0535 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/08 17:24:16.0567 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/10/08 17:24:16.0598 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/08 17:24:16.0631 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/08 17:24:16.0661 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/08 17:24:16.0691 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/08 17:24:16.0716 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/08 17:24:16.0743 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/08 17:24:16.0794 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/08 17:24:16.0821 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/10/08 17:24:16.0856 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/08 17:24:16.0916 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/10/08 17:24:16.0951 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/08 17:24:16.0972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/08 17:24:16.0998 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/08 17:24:17.0041 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/08 17:24:17.0085 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/08 17:24:17.0219 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/10/08 17:24:17.0252 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/10/08 17:24:17.0295 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/08 17:24:17.0340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/08 17:24:17.0368 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/10/08 17:24:17.0405 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/08 17:24:17.0435 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/10/08 17:24:17.0467 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/10/08 17:24:17.0499 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/08 17:24:17.0553 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/08 17:24:17.0652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/08 17:24:17.0679 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/08 17:24:17.0732 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/08 17:24:17.0784 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/08 17:24:17.0856 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/08 17:24:17.0905 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/08 17:24:17.0941 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/08 17:24:17.0975 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/08 17:24:18.0009 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/08 17:24:18.0036 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/08 17:24:18.0066 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/08 17:24:18.0100 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/08 17:24:18.0149 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/08 17:24:18.0189 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/08 17:24:18.0211 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/08 17:24:18.0244 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/10/08 17:24:18.0299 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/08 17:24:18.0341 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/08 17:24:18.0392 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/08 17:24:18.0462 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/08 17:24:18.0489 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/08 17:24:18.0535 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/08 17:24:18.0559 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/08 17:24:18.0588 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/08 17:24:18.0649 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/08 17:24:18.0671 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/08 17:24:18.0700 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/08 17:24:18.0723 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/08 17:24:18.0766 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/08 17:24:18.0798 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/08 17:24:18.0835 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/08 17:24:18.0963 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/10/08 17:24:19.0010 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/08 17:24:19.0066 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/10/08 17:24:19.0099 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/08 17:24:19.0165 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/08 17:24:19.0207 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/08 17:24:19.0258 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/08 17:24:19.0302 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/08 17:24:19.0348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/08 17:24:19.0448 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/10/08 17:24:19.0504 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/08 17:24:19.0539 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/08 17:24:19.0569 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/08 17:24:19.0592 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/08 17:24:19.0626 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/08 17:24:19.0655 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/08 17:24:19.0717 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/08 17:24:19.0746 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/08 17:24:19.0777 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/08 17:24:19.0818 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/08 17:24:19.0851 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/08 17:24:19.0903 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/08 17:24:19.0947 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/08 17:24:19.0992 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/08 17:24:20.0031 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/08 17:24:20.0073 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/08 17:24:20.0141 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/08 17:24:20.0197 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2010/10/08 17:24:20.0249 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/08 17:24:20.0285 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/08 17:24:20.0320 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/08 17:24:20.0360 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/08 17:24:20.0392 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/08 17:24:20.0434 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/08 17:24:20.0468 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/08 17:24:20.0519 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/08 17:24:20.0543 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/08 17:24:20.0596 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/08 17:24:20.0653 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/08 17:24:20.0690 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/08 17:24:20.0718 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/08 17:24:20.0740 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/08 17:24:20.0779 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/08 17:24:20.0808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/08 17:24:20.0847 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/10/08 17:24:20.0905 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/10/08 17:24:20.0932 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/08 17:24:20.0983 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/08 17:24:21.0015 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 17:24:21.0029 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 17:24:21.0081 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/08 17:24:21.0138 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/08 17:24:21.0272 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/08 17:24:21.0357 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/08 17:24:21.0407 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/08 17:24:21.0462 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/08 17:24:21.0520 ================================================================================
2010/10/08 17:24:21.0520 Scan finished
2010/10/08 17:24:21.0520 ================================================================================

Edited by Sov, 08 October 2010 - 11:25 AM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 08 October 2010 - 11:33 AM

Hi,

Please tell me how's the computer running after doing the instructions below.


1. Flush DNS
  • Click Start > All Programs > Accessories > Command Prompt.
  • Right click on the command prompt and choose Run as Administrator.
  • Copy-Paste or type exactly the bolded text below and then press the enter key.
    ipconfig /flushdns
  • Close the command prompt.



2. Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.



3. Please download MBRCheck to your desktop.
  1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
  2. It will open a black window, please do not fix anything (if it gives you an option).
  3. Exit that window and it will produce a log (MBRCheck_date_time).
  4. Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 08 October 2010 - 12:37 PM

Hi, its considerably quicker when opening pages and more pages are loading but it hasn't stopped completely. I couldn't do MBRCHECK, I completed all steps as instructed but it didn't load a log, is there a way I can find the log or should it load automatically once closed?

Thanks.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 08 October 2010 - 01:05 PM

Hi,

Do you still experience redirection?

The log is saved in the same location as MBRCHECK, did a black window pop-up when you run it?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 08 October 2010 - 01:46 PM

Hi, sorry, found the file needed! So far it hasn't yet redirected me, but pages occasionally "time out". It does seem a lot better than it was but pages still aren't loading or just continually show the circular loading timer in the browser and never load.

Thanks again for your help.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1535
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 147):
0x81E43000 \SystemRoot\system32\ntkrnlpa.exe
0x81E10000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80673000 \SystemRoot\system32\PSHED.dll
0x80684000 \SystemRoot\system32\BOOTVID.dll
0x8068C000 \SystemRoot\system32\CLFS.SYS
0x806CD000 \SystemRoot\system32\CI.dll
0x87802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8787E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8788B000 \SystemRoot\system32\drivers\acpi.sys
0x878D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x878DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x878E2000 \SystemRoot\system32\drivers\pci.sys
0x87909000 \SystemRoot\System32\drivers\partmgr.sys
0x87918000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8791B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87925000 \SystemRoot\system32\drivers\volmgr.sys
0x87934000 \SystemRoot\System32\drivers\volmgrx.sys
0x8797E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8798E000 \SystemRoot\system32\drivers\atapi.sys
0x87996000 \SystemRoot\system32\drivers\ataport.SYS
0x879B4000 \SystemRoot\system32\drivers\msahci.sys
0x879BE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x879CC000 \SystemRoot\system32\drivers\fltmgr.sys
0x807AD000 \SystemRoot\system32\drivers\fileinfo.sys
0x807BD000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87A0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A7C000 \SystemRoot\system32\drivers\ndis.sys
0x87B87000 \SystemRoot\system32\drivers\msrpc.sys
0x87BB2000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C09000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F19000 \SystemRoot\system32\drivers\volsnap.sys
0x87F52000 \SystemRoot\System32\Drivers\spldr.sys
0x87F5A000 \SystemRoot\System32\Drivers\mup.sys
0x87F69000 \SystemRoot\System32\drivers\ecache.sys
0x87F90000 \SystemRoot\system32\drivers\disk.sys
0x87FA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BC08000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C0CE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C16D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C17A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C18C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C197000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C1D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C20B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C334000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8C369000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C379000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C387000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C3A1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C1E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C3F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87D0D000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8C200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87D66000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C1F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87D7E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D87000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87D96000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C405000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C446000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C451000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C468000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C473000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C496000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C4A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C4B9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C4CE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C4DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C4E0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C50A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8C518000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C522000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C52F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C563000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C574000 \SystemRoot\system32\drivers\HdAudio.sys
0x8C5B3000 \SystemRoot\system32\drivers\portcls.sys
0x87DC4000 \SystemRoot\system32\drivers\drmk.sys
0x8C5E0000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8C5EB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87FF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87DE9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x87DF2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x87C00000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87BEC000 \SystemRoot\System32\Drivers\Null.SYS
0x87BF3000 \SystemRoot\System32\Drivers\Beep.SYS
0x807C6000 \SystemRoot\System32\drivers\vga.sys
0x807D2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x807F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x80600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C605000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C613000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C61C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C632000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C646000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8C680000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C6B2000 \SystemRoot\system32\drivers\afd.sys
0x8C6FA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C710000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C71E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C731000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C76D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C777000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C78E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8C794000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8C7C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C7DF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D00D000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x8D050000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x8D073000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D080000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D08B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x92E80000 \SystemRoot\System32\win32k.sys
0x8D095000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D09F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x930A0000 \SystemRoot\System32\TSDDD.dll
0x930C0000 \SystemRoot\System32\cdd.dll
0x8D0AE000 \SystemRoot\system32\drivers\luafv.sys
0x8D0C9000 \SystemRoot\system32\drivers\spsys.sys
0x8D178000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D188000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D1B2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D1BC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81408000 \SystemRoot\system32\drivers\HTTP.sys
0x81475000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81492000 \SystemRoot\system32\DRIVERS\bowser.sys
0x814AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x814C0000 \SystemRoot\system32\drivers\mrxdav.sys
0x814E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x814FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81538000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81550000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81577000 \SystemRoot\System32\DRIVERS\srv.sys
0x96A0E000 \SystemRoot\system32\drivers\peauth.sys
0x96AEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96AF6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96B02000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x96B0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x770D0000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
524 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\Ati2evxx.exe
1000 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\audiodg.exe
1152 C:\Windows\System32\SLsvc.exe
1188 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\WLTRYSVC.EXE
1432 C:\Windows\System32\BCMWLTRY.EXE
1512 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1772 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1880 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1936 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\Ati2evxx.exe
576 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\svchost.exe
1960 C:\Windows\System32\SearchIndexer.exe
2268 C:\Program Files\AVG\AVG9\avgemc.exe
2312 C:\Program Files\AVG\AVG9\avgnsx.exe
2428 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2584 C:\Program Files\AVG\AVG9\avgchsvx.exe
2592 C:\Program Files\AVG\AVG9\avgrsx.exe
2648 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2912 C:\Windows\System32\taskeng.exe
3320 C:\Windows\System32\taskeng.exe
3344 C:\Windows\System32\dwm.exe
3432 C:\Windows\explorer.exe
3720 C:\Windows\System32\WLTRAY.EXE
3732 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3748 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3756 C:\Program Files\AVG\AVG9\avgtray.exe
3772 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3908 C:\Program Files\iTunes\iTunesHelper.exe
3916 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3932 C:\Program Files\Windows Sidebar\sidebar.exe
3952 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4048 C:\Windows\ehome\ehtray.exe
1988 C:\Windows\ehome\ehmsas.exe
2628 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2928 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3848 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3664 C:\Program Files\iPod\bin\iPodService.exe
4216 C:\Program Files\Mozilla Firefox\firefox.exe
4860 C:\Program Files\Mozilla Firefox\plugin-container.exe
4756 C:\Windows\System32\wuauclt.exe
3028 C:\Windows\System32\taskeng.exe
4432 C:\Users\greg\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Edited by Sov, 08 October 2010 - 02:07 PM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 09 October 2010 - 01:56 AM

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    explorer.exe
    wininit.exe
    atikmdag.sys
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 09 October 2010 - 05:25 AM

Heres the SystemLook log:


SystemLook 04.09.10 by jpshortstuff
Log created at 11:22 on 09/10/2010 by greg
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2927104 bytes [12:41 31/03/2010] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\ERDNT\cache\explorer.exe --a---- 2927104 bytes [13:37 08/10/2010] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [09:33 19/04/2010] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [12:41 31/03/2010] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [12:41 31/03/2010] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [02:24 21/01/2008] [02:24 21/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [12:41 31/03/2010] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [12:41 31/03/2010] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E

Searching for "wininit.exe"
C:\Windows\ERDNT\cache\wininit.exe --a---- 96768 bytes [13:37 08/10/2010] [02:23 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED
C:\Windows\System32\wininit.exe --a---- 96768 bytes [02:23 21/01/2008] [02:23 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [02:23 21/01/2008] [02:23 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

Searching for "atikmdag.sys"
C:\Windows\System32\drivers\atikmdag.sys --a---- 3520512 bytes [12:39 28/01/2010] [00:53 26/02/2008] 38973519D2A61E33E49A09C6B05621CD
C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_31a3846f\atikmdag.sys --a---- 2028032 bytes [10:25 02/11/2006] [07:36 02/11/2006] E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DriverStore\FileRepository\cl_60442.inf_cd87af17\B_60234\atikmdag.sys --a---- 3520512 bytes [12:39 28/01/2010] [00:53 26/02/2008] 38973519D2A61E33E49A09C6B05621CD

-= EOF =-

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:42 PM

Posted 09 October 2010 - 05:52 AM

Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\Windows\explorer.exe
    C:\Windows\System32\wininit.exe
    C:\Windows\System32\drivers\atikmdag.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Sov

Sov
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 09 October 2010 - 08:08 AM

Hi, I scanned them all and it said nothing was detected and it didn't give me the option to rescan. It says "Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database."
I clicked the "Copy to Clipboard" button but nothing happened. I also have no clue how to load the clipboad or where to find it.

Sorry, and thanks for your help!

Edited by Sov, 09 October 2010 - 08:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users