Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect/firefox redirect problems


  • This topic is locked This topic is locked
33 replies to this topic

#1 vaporiser

vaporiser

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 09 October 2010 - 11:37 PM

I have been having redirect problems for over a month now, sometimes it it a redirect as soon as I click a link, sometimes it is after 5 or 10 seconds after arriving on a new page while I am trying to read it.
I am currently running Windows 7 pro.

I was having problems with the redirects and tried a reformat with no help to the problem.
I suspect a possible rootkit, but I cannot find it or fix it.

Thanks for any help.

AVG does not show anything
TDSSkiller does not show anything
Windows defender does not show anything
superantispyware doesn't show anything

MBAM does not show anything but it will not update giving a MBAM_ERROR_UPDATEING (12007,0,winhttpsendrequest) error.


GMER and DDS files attached



DDS (Ver_10-10-10.03) - NTFSx86
Run by oem at 0:04:11.63 on Sun 10/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.3326.2188 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\XSrvSetup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\oem\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\oem\appdata\roaming\mozilla\firefox\profiles\marzlxwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-11 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-11 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-11 308136]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-9-13 68136]
R2 JMB36X;JMB36X;c:\windows\system32\XSrvSetup.exe [2010-9-13 65536]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-9-13 27648]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-26 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-26 146568]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-13 278560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-12 431432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-9-13 43520]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-9-13 19968]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-9-13 43520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-12 1343400]

=============== Created Last 30 ================

2010-10-10 03:57:56 5934416 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-10 03:57:54 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d34a19e5-9456-4593-8b55-ee27d25b8ac5}\mpengine.dll
2010-10-06 21:29:55 -------- d-----w- c:\windows\PCHEALTH
2010-10-06 21:29:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-28 21:27:10 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 20:25:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 20:25:02 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 12:30:55 -------- d-----w- c:\users\oem\appdata\local\AVG Security Toolbar
2010-09-25 18:22:52 -------- d-----w- c:\users\oem\appdata\local\Microsoft Help
2010-09-24 22:25:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-19 17:46:35 -------- d-----w- c:\users\oem\appdata\local\Adobe
2010-09-17 17:03:33 -------- d-----w- c:\windows\system32\Adobe
2010-09-15 20:27:39 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 21:29:46 -------- d-----w- c:\program files\Continuum
2010-09-14 12:03:34 -------- d-----w- c:\users\oem\appdata\roaming\SUPERAntiSpyware.com
2010-09-14 12:03:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-09-14 12:03:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-13 21:35:12 -------- d--h--w- C:\$AVG
2010-09-13 21:17:32 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-09-13 21:17:12 -------- d-----w- c:\program files\Renesas Electronics
2010-09-13 21:14:45 43520 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2010-09-13 21:14:45 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2010-09-13 21:14:45 19968 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2010-09-13 21:11:33 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-13 21:11:33 278560 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-09-13 10:17:25 -------- d-----w- c:\users\oem\appdata\local\eSupport.com
2010-09-13 09:46:28 17488 ----a-w- c:\windows\gdrv.sys
2010-09-13 09:37:28 151552 ------r- c:\windows\system32\xRaidAPI.dll
2010-09-13 09:37:27 65536 ------r- c:\windows\system32\XSrvSetup.exe
2010-09-13 09:37:27 1970176 ------r- c:\windows\system32\xRaidSetup.exe
2010-09-13 09:37:27 -------- d-----w- C:\RaidTool
2010-09-13 09:37:20 99440 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-09-13 09:37:18 -------- d-----w- c:\windows\RaidTool
2010-09-13 09:36:51 -------- d-----w- c:\program files\Marvell
2010-09-13 09:36:07 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-13 09:32:54 -------- d-----w- c:\program files\Gigabyte
2010-09-13 09:32:42 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-09-13 09:32:41 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-09-13 09:32:41 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-09-13 09:32:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-09-13 09:32:41 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-09-13 09:32:41 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-09-13 09:32:41 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-09-13 09:32:41 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-09-13 09:23:29 -------- d-----w- c:\users\oem\appdata\local\ATI
2010-09-13 09:21:25 -------- d-----w- c:\program files\ATI
2010-09-13 09:20:57 -------- d-----w- c:\program files\ATI Technologies
2010-09-13 09:20:25 -------- d-----w- C:\ATI
2010-09-13 09:12:54 -------- d-----w- C:\TEMP
2010-09-13 09:04:56 -------- d-----w- c:\users\oem\appdata\local\X10 Commander
2010-09-13 09:04:56 -------- d-----w- c:\progra~2\Active Home Professional
2010-09-13 09:04:31 -------- d-----w- c:\progra~2\X10 Settings
2010-09-13 09:04:31 -------- d-----w- C:\My Images
2010-09-13 09:04:10 127184 ----a-w- c:\windows\Unwise.exe
2010-09-13 09:04:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-13 09:04:00 -------- d-----w- c:\program files\common files\X10
2010-09-13 09:04:00 -------- d-----w- c:\program files\ActiveHome Pro
2010-09-13 06:28:42 104064 ----a-w- c:\windows\system32\drivers\viamraid.sys
2010-09-13 06:28:14 -------- d-----w- c:\program files\VIA
2010-09-13 02:30:49 -------- d-----w- c:\progra~2\AVG Security Toolbar
2010-09-12 22:08:54 -------- d-----w- c:\program files\Infinity Software
2010-09-12 22:08:40 299520 ----a-w- c:\windows\uninst.exe
2010-09-12 21:09:14 -------- d-----w- c:\users\oem\appdata\roaming\Malwarebytes
2010-09-12 21:09:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 21:09:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 21:09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 21:09:06 -------- d-----w- c:\progra~2\Malwarebytes
2010-09-12 20:45:26 -------- d-----w- c:\program files\Bodog Poker
2010-09-12 20:42:10 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-09-12 20:42:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-12 20:41:55 417792 ----a-w- c:\windows\system32\msdri.dll
2010-09-12 20:36:34 -------- d-----w- c:\windows\ehome
2010-09-12 20:36:32 -------- d-----w- c:\program files\Windows Portable Devices
2010-09-12 20:36:32 -------- d-----w- c:\program files\DVD Maker
2010-09-12 20:34:59 8192 ----a-w- c:\windows\system32\spwmp.dll
2010-09-12 20:25:21 -------- d-----w- c:\users\oem\appdata\local\AOL
2010-09-12 20:25:21 -------- d-----w- c:\users\oem\appdata\local\AIM
2010-09-12 20:25:18 -------- d-----w- c:\progra~2\AIM
2010-09-12 20:25:15 -------- d-----w- c:\program files\common files\Software Update Utility
2010-09-12 20:25:15 -------- d-----w- c:\program files\AIM
2010-09-12 20:25:14 -------- d-----w- c:\program files\common files\AOL
2010-09-12 20:23:38 -------- d-----w- c:\users\oem\appdata\local\Yahoo
2010-09-12 20:13:22 -------- d-----w- c:\program files\Yahoo!
2010-09-12 19:42:43 -------- d-----w- c:\users\oem\appdata\local\Thunderbird
2010-09-12 19:29:28 -------- d-----w- c:\windows\system32\Wat
2010-09-12 19:28:37 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-12 19:28:10 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-12 19:28:10 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-12 19:28:10 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-12 19:28:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-12 19:28:10 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-12 19:24:16 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-12 19:22:36 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-09-12 19:21:07 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-09-12 19:21:07 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-09-12 19:21:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-09-12 01:33:42 -------- d-----w- c:\windows\Panther
2010-09-12 01:33:28 -------- d-sh--w- C:\Boot
2010-09-12 00:36:33 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-11 22:34:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-11 22:34:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-11 22:34:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-11 22:34:22 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-11 22:32:45 -------- d-----w- c:\program files\AVG
2010-09-11 22:32:35 -------- d-----w- c:\progra~2\avg9
2010-09-11 22:32:13 -------- d-sh--w- c:\windows\Installer
2010-09-11 22:27:22 -------- d-----w- c:\users\oem\appdata\local\Mozilla
2010-09-11 22:15:42 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-11 21:45:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-11 21:45:16 132608 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-08-18 05:58:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-04 05:55:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 05:54:52 519680 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-04 05:52:06 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 05:51:38 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 05:51:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 05:50:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-04 05:49:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 05:49:50 15845888 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 05:49:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 05:49:36 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 05:49:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 05:46:34 3899392 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-04 05:28:28 4021760 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-04 05:26:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 05:25:52 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 05:24:36 4341248 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 05:23:44 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 05:21:40 3324416 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-04 05:16:08 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 05:15:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 05:15:50 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-04 05:15:04 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-04 05:14:50 27648 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-04 05:14:28 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 0:04:33.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:10 AM

Posted 17 October 2010 - 07:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 17 October 2010 - 04:32 PM

Thank you for your help Casey_boy.

I have noticed since my original post that I seem to have a lot of svc.host running in the task manager. I currently show 10 of these running.

I have ran Defogger and disabled CD Emulation.

Here is the current DDS and the GMER log is attached.


DDS (Ver_10-10-10.03) - NTFSx86
Run by oem at 16:55:11.17 on Sun 10/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.3326.2244 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\XSrvSetup.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\oem\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\oem\appdata\roaming\mozilla\firefox\profiles\marzlxwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-11 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-11 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-11 308136]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-9-13 68136]
R2 JMB36X;JMB36X;c:\windows\system32\XSrvSetup.exe [2010-9-13 65536]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-9-13 27648]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-26 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-26 146568]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-13 278560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-12 431432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-9-13 43520]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-9-13 19968]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-9-13 43520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-12 1343400]

=============== Created Last 30 ================

2010-10-12 16:08:58 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f714534f-bcb8-472e-91ff-cdcd18f893f3}\mpengine.dll
2010-10-10 03:57:56 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-06 21:29:55 -------- d-----w- c:\windows\PCHEALTH
2010-10-06 21:29:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-28 21:27:10 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 20:25:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 20:25:02 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 12:30:55 -------- d-----w- c:\users\oem\appdata\local\AVG Security Toolbar
2010-09-25 18:22:52 -------- d-----w- c:\users\oem\appdata\local\Microsoft Help
2010-09-24 22:25:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-19 17:46:35 -------- d-----w- c:\users\oem\appdata\local\Adobe

==================== Find3M ====================

2010-10-17 20:46:06 17488 ----a-w- c:\windows\gdrv.sys
2010-09-12 00:36:33 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-11 22:34:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-18 05:58:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-04 05:55:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 05:54:52 519680 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-04 05:52:06 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 05:51:38 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 05:51:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 05:50:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-04 05:49:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 05:49:50 15845888 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 05:49:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 05:49:36 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 05:49:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 05:46:34 3899392 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-04 05:28:28 4021760 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-04 05:26:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 05:25:52 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 05:24:36 4341248 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 05:23:44 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 05:21:40 3324416 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-04 05:16:08 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 05:15:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 05:15:50 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-04 05:15:04 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-04 05:14:50 27648 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-04 05:14:28 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 16:55:32.93 ===============

Attached Files

  • Attached File  ark.log   3.19KB   3 downloads


#4 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 October 2010 - 07:04 AM

Casey,
Just wanting to make sure that the thread is not closed due to no activity.

Thanks,

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 21 October 2010 - 06:11 PM

Hello, vaporiser.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

Scan With RKUnHooker

  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 22 October 2010 - 07:24 AM

Hello Etavares,

Here is the Rootkit unhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x9120E000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E14000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E14000 PnpManager 4259840 bytes
0x82E14000 RAW 4259840 bytes
0x82E14000 WMIxWDM 4259840 bytes
0x97C70000 Win32k 2404352 bytes
0x97C70000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C02D000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BC2C000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9182E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BE11000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8389A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9808D000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D535000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83945000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90C27000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8BD99000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FAA6000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x981AB000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x92192000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9815C000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x919B2000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83ABC000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83A0D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91962000 C:\Windows\system32\DRIVERS\Rt86win7.sys 286720 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x920C5000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83858000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FB99000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8D433000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8C1B0000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BEC8000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98030000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FA3A000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x90D26000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x918E5000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83224000 ACPI_HAL 225280 bytes
0x83224000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x90CB7000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x83BC2000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92074000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BF3B000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FA74000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C176000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9214A000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C000000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x90D6E000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8BD5B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83A66000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x92124000 C:\Windows\system32\drivers\RtHDMIV.sys 155648 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x83B37000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8BF7E000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BF06000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83B7C000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D400000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9193D000 C:\Windows\system32\DRIVERS\nusb3xhc.sys 143360 bytes (Renesas Electronics Corporation, USB 3.0 Host Controller Driver)
0x92000000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8FB71000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9812E000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90CEB000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x839D5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x98000000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8BFDD000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9191E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FB07000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97F00000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x83B1C000 C:\Windows\system32\DRIVERS\jraid.sys 110592 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0x8D4D1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9806B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FB34000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x83B9F000 C:\Windows\system32\DRIVERS\viamraid.sys 106496 bytes (VIA Technologies inc,.ltd, VIA AHCI RAID DRIVER FOR WIN XP/SRV2003)
0x8D4EC000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8D5BA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92179000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90C8B000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90DBC000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x90DA4000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8FA00000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92022000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9203A000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92051000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x83819000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D47D000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x83B5D000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8BD86000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8D516000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FB4E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90C00000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8D5D3000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x90D0C000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8BF6D000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D4C0000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x839C4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92113000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83A9B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8383F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8D506000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BF2B000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8FB61000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83AAC000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x920B6000 C:\Windows\system32\DRIVERS\nusb3hub.sys 61440 bytes (Renesas Electronics Corporation, USB 3.0 Hub Driver)
0x90D5F000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90CA3000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FB26000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8380B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83B0E000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BC00000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x920A8000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x839B6000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90DEE000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8D49F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90DE1000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90DD4000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9814F000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x83A00000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FBEE000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8D529000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Realtek , Realtek NDIS Protocol Driver)
0x8BC17000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D4AC000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x91200000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x83834000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x8D494000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x83800000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90C12000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FA2F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83A90000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x921E2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x92109000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x8FBE4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FBDA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92068000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x98124000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90D9A000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x919A8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8D473000 C:\Windows\System32\Drivers\x10ufx2.sys 40960 bytes (X10 Wireless Technology, Inc., X10 USB Control Interface)
0x83BB9000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA986F000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x83B73000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8D4B7000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8BC0E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA9878000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97ED0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C1A7000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90D1D000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83A55000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BFA3000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (Advanced Micro Devices Inc., AMD PCIE Filter Driver for ATI PCIE chipset)
0x83850000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C1F7000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAD000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83A5E000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BC23000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BDF6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x83BF6000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C1EF000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8BE07000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BE00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x98086000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x83B07000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FB00000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x90CB1000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8FB93000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x981FC000 C:\Windows\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)
0x92072000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91960000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x07560000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 102400 bytes
0x07F30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 102400 bytes
0x00800000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 110592 bytes
0x05110000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 110592 bytes
0x00310000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 118784 bytes
0x00BA0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 118784 bytes
0x087B0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 1232896 bytes
0x08ED0000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 1306624 bytes
0x04220000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 167936 bytes
0x08290000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 1716224 bytes
0x079B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 192512 bytes
0x07E00000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 208896 bytes
0x08440000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 217088 bytes
0x07F80000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 282624 bytes
0x003B0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 28672 bytes
0x005F0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x88243D40 ] PID: 3016, 28672 bytes
0x007F0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x00820000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03B90000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03D50000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03D20000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03D70000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03D60000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03EC0000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03ED0000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x03F30000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x04250000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x04380000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x04390000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x045C0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x04DF0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x05330000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x054B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x054A0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x054E0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x05620000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x05730000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x05750000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x058B0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x058A0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06F80000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06210000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x066B0000 Hidden Image-->atixclib.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x066F0000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06820000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06E90000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06EB0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x06F50000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07100000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07510000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07500000 Hidden Image-->Branding.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07A90000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07D80000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07DC0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x07F70000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 28672 bytes
0x076F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 364544 bytes
0x03A30000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 36864 bytes
0x00B50000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x03CF0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x04FD0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x05000000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x05170000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x051C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x066E0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x07220000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x07D70000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 36864 bytes
0x08480000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 372736 bytes
0x046F0000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 389120 bytes
0x07690000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 389120 bytes
0x088E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 405504 bytes
0x07090000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 413696 bytes
0x08070000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 421888 bytes
0x00350000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 45056 bytes
0x00370000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x88243D40 ] PID: 3016, 45056 bytes
0x00E00000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 45056 bytes
0x00710000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x007E0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x00860000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x03BB0000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x04DB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x04FE0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 45056 bytes
0x04040000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x884245C0 ] PID: 3560, 487424 bytes
0x03B80000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x03CE0000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x03D30000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x03EB0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x04DD0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x04DC0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x04DE0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x05360000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x055F0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x06F60000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x074F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 53248 bytes
0x06EC0000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x884245C0 ] PID: 3560, 585728 bytes
0x07760000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 585728 bytes
0xA982FF2E Unknown thread object [ ETHREAD 0x87E144F8 ] , 600 bytes
0x03B70000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x884245C0 ] PID: 3560, 61440 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 61440 bytes
0x054C0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 61440 bytes
0x05760000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 61440 bytes
0x05880000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 61440 bytes
0x09010000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 643072 bytes
0x079E0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 667648 bytes
0x00BC0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x884245C0 ] PID: 3560, 69632 bytes
0x00BE0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 69632 bytes
0x05140000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 69632 bytes
0x05380000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 69632 bytes
0x06940000 Hidden Image-->APM.Server.dll [ EPROCESS 0x884245C0 ] PID: 3560, 69632 bytes
0x085D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 700416 bytes
0x07230000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 749568 bytes
0x09420000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 757760 bytes
0x00390000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x88243D40 ] PID: 3016, 77824 bytes
0x00830000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x04E00000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x04E20000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x05210000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x05600000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x07DE0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 77824 bytes
0x03BC0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x884245C0 ] PID: 3560, 86016 bytes
0x04FA0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 86016 bytes
0x051A0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x884245C0 ] PID: 3560, 86016 bytes
0x07DA0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 86016 bytes
0x078D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x884245C0 ] PID: 3560, 888832 bytes

This is the results from MBRcheck :

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-770TA-UD3
Logical Drives Mask: 0x00001ffd

Kernel Drivers (total 197):
0x82E14000 \SystemRoot\system32\ntkrnlpa.exe
0x83224000 \SystemRoot\system32\halmacpi.dll
0x80BAD000 \SystemRoot\system32\kdcom.dll
0x83834000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8383F000 \SystemRoot\system32\PSHED.dll
0x83850000 \SystemRoot\system32\BOOTVID.dll
0x83858000 \SystemRoot\system32\CLFS.SYS
0x8389A000 \SystemRoot\system32\CI.dll
0x83945000 \SystemRoot\system32\drivers\Wdf01000.sys
0x839B6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83A0D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83A55000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83A5E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83A66000 \SystemRoot\system32\DRIVERS\pci.sys
0x83A90000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83A9B000 \SystemRoot\System32\drivers\partmgr.sys
0x83AAC000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83ABC000 \SystemRoot\System32\drivers\volmgrx.sys
0x83B07000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83B0E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83B1C000 \SystemRoot\system32\DRIVERS\jraid.sys
0x83B37000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x83B5D000 \SystemRoot\System32\drivers\mountmgr.sys
0x83B73000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83B7C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83B9F000 \SystemRoot\system32\DRIVERS\viamraid.sys
0x83BB9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83BC2000 \SystemRoot\system32\drivers\fltmgr.sys
0x839C4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BC2C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD5B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BD86000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BD99000 \SystemRoot\System32\Drivers\cng.sys
0x8BC00000 \SystemRoot\System32\drivers\pcw.sys
0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BE11000 \SystemRoot\system32\drivers\ndis.sys
0x8BEC8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BF06000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C02D000 \SystemRoot\System32\drivers\tcpip.sys
0x8C176000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C1A7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C1B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C1EF000 \SystemRoot\System32\Drivers\spldr.sys
0x8C000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BF2B000 \SystemRoot\System32\Drivers\mup.sys
0x8C1F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BF3B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BF6D000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BF7E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BFA3000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8BFDD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BE00000 \SystemRoot\System32\Drivers\Null.SYS
0x8BE07000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BC17000 \SystemRoot\System32\drivers\vga.sys
0x839D5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x83A00000 \SystemRoot\System32\drivers\watchdog.sys
0x8BC23000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDF6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x83BF6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x83800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8380B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x83819000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FA2F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FA3A000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8FA74000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FAA6000 \SystemRoot\system32\drivers\afd.sys
0x8FB00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FB07000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FB34000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FB4E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB61000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FB71000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8FB93000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FB99000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBDA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FBE4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FBEE000 \SystemRoot\System32\drivers\discache.sys
0x90C27000 \SystemRoot\system32\drivers\csc.sys
0x90C8B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90CA3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90CB1000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x90CB7000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90CEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90D0C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x90D1D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90D26000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9120E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9182E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x918E5000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9191E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9193D000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x91960000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91962000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x919A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x919B2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90D5F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90D6E000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91200000 \SystemRoot\system32\DRIVERS\fdc.sys
0x90D9A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90DA4000 \SystemRoot\system32\DRIVERS\parport.sys
0x90DBC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90DD4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90DE1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90DEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90C00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90C12000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92022000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9203A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92051000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92068000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92072000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92074000 \SystemRoot\system32\DRIVERS\ks.sys
0x920A8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x920B6000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x920C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92109000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x92113000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92124000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x9214A000 \SystemRoot\system32\drivers\portcls.sys
0x92179000 \SystemRoot\system32\drivers\drmk.sys
0x92192000 \SystemRoot\system32\drivers\HdAudio.sys
0x97C70000 \SystemRoot\System32\win32k.sys
0x921E2000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D433000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8D473000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x8D47D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D494000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8D49F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D4AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D4B7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8D4C0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97ED0000 \SystemRoot\System32\TSDDD.dll
0x97F00000 \SystemRoot\System32\cdd.dll
0x8D4D1000 \SystemRoot\system32\drivers\luafv.sys
0x8D4EC000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D506000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D516000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D529000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x8D535000 \SystemRoot\system32\drivers\HTTP.sys
0x8D5BA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D5D3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98030000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9806B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98086000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9808D000 \SystemRoot\system32\drivers\peauth.sys
0x98124000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9812E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9814F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9815C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x981AB000 \SystemRoot\System32\DRIVERS\srv.sys
0x981FC000 \??\C:\Windows\gdrv.sys
0x98000000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA986F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA9878000 \SystemRoot\System32\Drivers\Normandy.SYS
0x77130000 \Windows\System32\ntdll.dll
0x47ED0000 \Windows\System32\smss.exe
0x77370000 \Windows\System32\apisetschema.dll
0x00B30000 \Windows\System32\autochk.exe
0x76F30000 \Windows\System32\iertutil.dll
0x77350000 \Windows\System32\nsi.dll
0x76D90000 \Windows\System32\setupapi.dll
0x76C90000 \Windows\System32\wininet.dll
0x77340000 \Windows\System32\normaliz.dll
0x77290000 \Windows\System32\rpcrt4.dll
0x76C50000 \Windows\System32\ws2_32.dll
0x77280000 \Windows\System32\psapi.dll
0x76BD0000 \Windows\System32\comdlg32.dll
0x76BA0000 \Windows\System32\imagehlp.dll
0x77270000 \Windows\System32\lpk.dll
0x76B40000 \Windows\System32\shlwapi.dll
0x76AA0000 \Windows\System32\usp10.dll
0x75E50000 \Windows\System32\shell32.dll
0x75DF0000 \Windows\System32\difxapi.dll
0x75CB0000 \Windows\System32\urlmon.dll
0x75C10000 \Windows\System32\advapi32.dll
0x75B80000 \Windows\System32\clbcatq.dll
0x75AB0000 \Windows\System32\user32.dll
0x759D0000 \Windows\System32\kernel32.dll
0x75900000 \Windows\System32\msctf.dll
0x75850000 \Windows\System32\msvcrt.dll
0x75800000 \Windows\System32\gdi32.dll
0x75770000 \Windows\System32\oleaut32.dll
0x75750000 \Windows\System32\imm32.dll
0x75700000 \Windows\System32\Wldap32.dll
0x756E0000 \Windows\System32\sechost.dll
0x75580000 \Windows\System32\ole32.dll
0x75530000 \Windows\System32\KernelBase.dll
0x754A0000 \Windows\System32\comctl32.dll
0x75480000 \Windows\System32\devobj.dll
0x75450000 \Windows\System32\wintrust.dll
0x75420000 \Windows\System32\cfgmgr32.dll
0x75300000 \Windows\System32\crypt32.dll
0x752F0000 \Windows\System32\msasn1.dll

Processes (total 55):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
372 csrss.exe
444 C:\Windows\System32\wininit.exe
452 csrss.exe
464 C:\Program Files\AVG\AVG9\avgchsvx.exe
472 C:\Program Files\AVG\AVG9\avgrsx.exe
544 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
620 C:\Program Files\AVG\AVG9\avgcsrvx.exe
668 C:\Windows\System32\winlogon.exe
908 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\atiesrxx.exe
1164 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\atieclxx.exe
1656 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\svchost.exe
1840 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1888 C:\Program Files\Gigabyte\EasySaver\essvr.exe
1908 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\XSrvSetup.exe
288 C:\Windows\System32\taskhost.exe
1560 C:\Windows\System32\dwm.exe
1564 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2124 C:\Windows\explorer.exe
2300 C:\Program Files\AVG\AVG9\avgemc.exe
2312 C:\Program Files\AVG\AVG9\avgnsx.exe
2572 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2944 C:\Program Files\AVG\AVG9\avgtray.exe
3016 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3032 C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
3076 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3228 C:\Program Files\Windows Sidebar\sidebar.exe
3252 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3412 C:\Program Files\AIM\aim.exe
3560 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3676 C:\Windows\System32\SearchIndexer.exe
3828 WmiPrvSE.exe
3948 C:\Program Files\Mozilla Firefox\firefox.exe
3956 C:\Program Files\Windows Media Player\wmpnetwk.exe
2200 C:\Windows\System32\svchost.exe
4356 WUDFHost.exe
4644 RKUnhookerLE.EXE
5416 C:\Windows\System32\SearchProtocolHost.exe
316 C:\Windows\System32\SearchFilterHost.exe
5124 C:\Users\oem\Downloads\MBRCheck(2).exe
4112 C:\Windows\System32\conhost.exe
4760 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive3 at offset 0x00000000`08100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00000000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03
PhysicalDrive3 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C
PhysicalDrive4 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C
PhysicalDrive0 Model Number: WDCWD400BB-75DEA0, Rev: 05.03E05
PhysicalDrive1 Model Number: WDCWD400BB-75DEA0, Rev: 05.03E05

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive3 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
931 GB \\.\PhysicalDrive4 Unknown MBR code
SHA1: 008189556EE5B36B0177F4FFFB5816A162618B49
37 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
27 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


As we are going through the steps, let me know what you see that looks wrong. Hopefully I can learn a little about this infection, and what I missed seeing that was causeing the problem.

Thanks for the help.

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 22 October 2010 - 06:03 PM

Hello, vaporiser.

The logs don't show much, but RKU suggests a potential rootkit. Given what you're having, my guess is you either have the newest variant of TDSS or a Bamital infection. Let's start with TDSSKiller. I know you've ran it a while ago. Please delete your copy of it and download a fresh, updated copy.

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 23 October 2010 - 07:13 AM

Etavares,

TDSSkiller said it didn't find anything.

Here is the log from TDSSkiller:

2010/10/23 08:08:43.0514 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 08:08:43.0514 ================================================================================
2010/10/23 08:08:43.0514 SystemInfo:
2010/10/23 08:08:43.0514
2010/10/23 08:08:43.0514 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/23 08:08:43.0514 Product type: Workstation
2010/10/23 08:08:43.0514 ComputerName: OEM-PC
2010/10/23 08:08:43.0514 UserName: oem
2010/10/23 08:08:43.0514 Windows directory: C:\Windows
2010/10/23 08:08:43.0514 System windows directory: C:\Windows
2010/10/23 08:08:43.0515 Processor architecture: Intel x86
2010/10/23 08:08:43.0515 Number of processors: 4
2010/10/23 08:08:43.0515 Page size: 0x1000
2010/10/23 08:08:43.0515 Boot type: Normal boot
2010/10/23 08:08:43.0515 ================================================================================
2010/10/23 08:08:43.0844 Initialize success
2010/10/23 08:08:52.0311 ================================================================================
2010/10/23 08:08:52.0311 Scan started
2010/10/23 08:08:52.0311 Mode: Manual;
2010/10/23 08:08:52.0311 ================================================================================
2010/10/23 08:08:53.0092 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/23 08:08:53.0143 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/23 08:08:53.0175 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/23 08:08:53.0224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/23 08:08:53.0292 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/23 08:08:53.0329 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/23 08:08:53.0379 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/23 08:08:53.0409 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/23 08:08:53.0449 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/23 08:08:53.0492 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/23 08:08:53.0516 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/23 08:08:53.0538 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/23 08:08:53.0571 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/23 08:08:53.0768 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/23 08:08:54.0019 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/10/23 08:08:54.0061 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/23 08:08:54.0084 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/23 08:08:54.0115 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/23 08:08:54.0139 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/23 08:08:54.0161 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/23 08:08:54.0247 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/23 08:08:54.0303 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/23 08:08:54.0347 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/23 08:08:54.0356 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/23 08:08:54.0519 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/23 08:08:54.0593 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
2010/10/23 08:08:54.0689 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/10/23 08:08:54.0741 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/10/23 08:08:54.0771 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/10/23 08:08:54.0821 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/23 08:08:54.0903 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/23 08:08:54.0956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/23 08:08:55.0000 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/23 08:08:55.0018 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/23 08:08:55.0039 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/23 08:08:55.0056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/23 08:08:55.0085 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/23 08:08:55.0112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/23 08:08:55.0130 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/23 08:08:55.0147 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/23 08:08:55.0164 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/23 08:08:55.0247 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/23 08:08:55.0307 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/23 08:08:55.0344 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/23 08:08:55.0378 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/23 08:08:55.0405 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/23 08:08:55.0422 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/23 08:08:55.0461 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/23 08:08:55.0526 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/23 08:08:55.0576 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/23 08:08:55.0599 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/23 08:08:55.0636 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/23 08:08:55.0681 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/23 08:08:55.0714 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/23 08:08:55.0746 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/23 08:08:55.0789 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/23 08:08:55.0845 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/23 08:08:55.0971 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/23 08:08:56.0149 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/23 08:08:56.0226 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/23 08:08:56.0260 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/23 08:08:56.0289 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/23 08:08:56.0322 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/23 08:08:56.0351 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/23 08:08:56.0370 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/23 08:08:56.0387 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/23 08:08:56.0430 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/23 08:08:56.0464 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/23 08:08:56.0498 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/23 08:08:56.0557 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/23 08:08:56.0625 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/23 08:08:56.0697 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
2010/10/23 08:08:56.0739 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/23 08:08:56.0773 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/10/23 08:08:56.0815 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/23 08:08:56.0836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/23 08:08:56.0853 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/23 08:08:56.0875 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/23 08:08:56.0926 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/23 08:08:56.0996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/23 08:08:57.0047 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/23 08:08:57.0113 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/23 08:08:57.0127 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/23 08:08:57.0160 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/23 08:08:57.0206 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/23 08:08:57.0278 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/23 08:08:57.0299 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/23 08:08:57.0321 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/23 08:08:57.0342 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/23 08:08:57.0361 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/23 08:08:57.0385 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/23 08:08:57.0401 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/23 08:08:57.0432 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/23 08:08:57.0508 JRAID (fe372fde0afc9f724ed9393a33ac9aa7) C:\Windows\system32\DRIVERS\jraid.sys
2010/10/23 08:08:57.0560 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/23 08:08:57.0589 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/23 08:08:57.0616 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/23 08:08:57.0660 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/23 08:08:57.0718 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/23 08:08:57.0780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/23 08:08:57.0870 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/23 08:08:57.0923 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/23 08:08:57.0958 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/23 08:08:57.0996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/23 08:08:58.0020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/23 08:08:58.0053 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/23 08:08:58.0087 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/23 08:08:58.0118 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/23 08:08:58.0138 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/23 08:08:58.0168 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/23 08:08:58.0196 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/23 08:08:58.0214 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/23 08:08:58.0244 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/23 08:08:58.0269 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/23 08:08:58.0321 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/23 08:08:58.0354 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/23 08:08:58.0398 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/23 08:08:58.0417 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/23 08:08:58.0447 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/23 08:08:58.0493 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/23 08:08:58.0527 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/23 08:08:58.0564 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/23 08:08:58.0601 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/23 08:08:58.0617 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/23 08:08:58.0634 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/23 08:08:58.0662 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/23 08:08:58.0680 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/23 08:08:58.0697 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/23 08:08:58.0713 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/23 08:08:58.0737 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/23 08:08:58.0774 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/23 08:08:58.0817 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/23 08:08:58.0865 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/23 08:08:58.0901 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/23 08:08:58.0918 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/23 08:08:58.0943 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/23 08:08:58.0970 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/23 08:08:58.0994 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/23 08:08:59.0029 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/23 08:08:59.0116 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/23 08:08:59.0161 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/23 08:08:59.0187 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/23 08:08:59.0238 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/23 08:08:59.0313 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/23 08:08:59.0364 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
2010/10/23 08:08:59.0446 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2010/10/23 08:08:59.0495 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/23 08:08:59.0525 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/23 08:08:59.0561 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/23 08:08:59.0601 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/23 08:08:59.0652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/23 08:08:59.0674 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/23 08:08:59.0694 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/23 08:08:59.0719 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/23 08:08:59.0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/23 08:08:59.0756 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/23 08:08:59.0789 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/23 08:08:59.0814 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/23 08:08:59.0889 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/23 08:08:59.0918 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/23 08:08:59.0950 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/23 08:09:00.0012 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/23 08:09:00.0096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/23 08:09:00.0145 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/23 08:09:00.0162 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/23 08:09:00.0231 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/23 08:09:00.0301 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/23 08:09:00.0345 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/23 08:09:00.0370 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/23 08:09:00.0403 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/23 08:09:00.0433 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/23 08:09:00.0466 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/23 08:09:00.0496 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/23 08:09:00.0636 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/23 08:09:00.0669 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/23 08:09:00.0690 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/23 08:09:00.0718 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/23 08:09:00.0751 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/23 08:09:00.0802 RTHDMIAzAudService (3f521ee3308fe66bcfe688dbbc7acf7f) C:\Windows\system32\drivers\RtHDMIV.sys
2010/10/23 08:09:00.0888 RTL8167 (1a42b4cba44778d312e668cd166cbcbb) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/10/23 08:09:00.0955 RtNdPt60 (f2fec929e9fa9902f0bb52a4522068d4) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2010/10/23 08:09:00.0992 RTTEAMPT (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys
2010/10/23 08:09:01.0033 RTVLANPT (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVlan60.sys
2010/10/23 08:09:01.0055 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/23 08:09:01.0150 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/23 08:09:01.0198 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/23 08:09:01.0243 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/23 08:09:01.0279 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/23 08:09:01.0311 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/23 08:09:01.0344 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/23 08:09:01.0376 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/23 08:09:01.0412 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/23 08:09:01.0468 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/23 08:09:01.0537 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/23 08:09:01.0569 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/23 08:09:01.0585 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/23 08:09:01.0615 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/23 08:09:01.0648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/23 08:09:01.0670 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/23 08:09:01.0692 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/23 08:09:01.0731 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/23 08:09:01.0780 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/23 08:09:01.0840 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/23 08:09:01.0916 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/23 08:09:01.0965 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/23 08:09:02.0001 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/23 08:09:02.0018 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/23 08:09:02.0049 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/23 08:09:02.0141 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/23 08:09:02.0239 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/23 08:09:02.0273 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/23 08:09:02.0299 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/23 08:09:02.0315 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/23 08:09:02.0343 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/23 08:09:02.0400 TEAM (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys
2010/10/23 08:09:02.0432 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/23 08:09:02.0511 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/23 08:09:02.0547 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/23 08:09:02.0576 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/23 08:09:02.0608 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/23 08:09:02.0653 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/23 08:09:02.0699 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/23 08:09:02.0735 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/23 08:09:02.0767 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/23 08:09:02.0785 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/23 08:09:02.0818 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/23 08:09:02.0847 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/23 08:09:02.0903 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/23 08:09:02.0948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/23 08:09:02.0974 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/23 08:09:03.0002 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/23 08:09:03.0042 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/23 08:09:03.0059 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/23 08:09:03.0086 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/23 08:09:03.0119 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/23 08:09:03.0146 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/23 08:09:03.0183 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/23 08:09:03.0202 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/23 08:09:03.0248 viamraid (85e9421c8a99d1291b43b9b59a669ac3) C:\Windows\system32\DRIVERS\viamraid.sys
2010/10/23 08:09:03.0259 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/23 08:09:03.0285 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/23 08:09:03.0310 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/23 08:09:03.0335 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/23 08:09:03.0357 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/23 08:09:03.0386 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/23 08:09:03.0418 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/10/23 08:09:03.0449 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/23 08:09:03.0472 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/23 08:09:03.0487 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/23 08:09:03.0519 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/23 08:09:03.0558 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/23 08:09:03.0601 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/23 08:09:03.0627 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/23 08:09:03.0683 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/23 08:09:03.0726 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/23 08:09:03.0759 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/23 08:09:03.0793 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/23 08:09:03.0853 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2010/10/23 08:09:04.0110 ================================================================================
2010/10/23 08:09:04.0110 Scan finished
2010/10/23 08:09:04.0110 ================================================================================

#9 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 23 October 2010 - 07:25 AM

Etavares,
Could this be a rootkit that is residing on one of my other hard drives ? The reason I ask this is because it survived a reformat and reinstall of Windows 7 on my C drive a month ago. I also reset my router and changed the password to rule out a router virus.

Thanks,

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 23 October 2010 - 08:26 AM

Hello, vaporiser.
I haven't seen that before...I have seen rootkits on other hard drives, but unless you boot off that drive, they wouldn't be active. Let's run Combofix. If this doesn't work, next on the list is a fairly harmless but annoying Goored infection.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 23 October 2010 - 05:35 PM

Hello Etavares,

I ran Combofix and it showed that it deleted an install file on my E drive.

Here's the Combofix log:

ComboFix 10-10-22.05 - oem 10/23/2010 18:20:59.1.4 - x86
Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.3326.2150 [GMT -4:00]
Running from: c:\users\oem\Desktop\etavaresCF.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 22:23 . 2010-10-23 22:23 -------- d-----w- c:\users\oem\AppData\Local\temp
2010-10-23 22:23 . 2010-10-23 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-17 21:17 . 2010-10-17 21:17 -------- d-----w- c:\users\oem\AppData\Roaming\AVG9
2010-10-13 20:34 . 2010-10-13 20:34 -------- d-----w- c:\windows\Sun
2010-10-12 16:08 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F714534F-BCB8-472E-91FF-CDCD18F893F3}\mpengine.dll
2010-10-08 22:06 . 2010-10-08 22:06 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-08 13:12 . 2010-10-08 13:12 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-10-06 21:30 . 2010-10-08 22:01 -------- d-----w- c:\program files\Microsoft Works
2010-10-06 21:29 . 2010-10-06 21:29 -------- d-----w- c:\windows\PCHEALTH
2010-10-06 21:29 . 2010-10-06 21:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-06 20:35 . 2010-10-06 20:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-28 21:27 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 20:25 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 20:25 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 12:30 . 2010-09-28 12:30 -------- d-----w- c:\users\oem\AppData\Local\AVG Security Toolbar
2010-09-25 18:22 . 2010-10-14 13:17 -------- d-----w- c:\programdata\Microsoft Help
2010-09-25 18:22 . 2010-09-25 18:22 -------- d-----w- c:\users\oem\AppData\Local\Microsoft Help
2010-09-25 18:22 . 2010-09-25 18:22 -------- d-----r- C:\MSOCache
2010-09-24 22:26 . 2010-09-24 22:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-24 22:25 . 2010-09-24 22:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-24 22:25 . 2010-09-24 22:25 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 21:45 . 2010-09-13 09:46 17488 ----a-w- c:\windows\gdrv.sys
2010-09-11 22:34 . 2010-09-11 22:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-11 22:34 . 2010-09-11 22:34 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-11 22:34 . 2010-09-11 22:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-11 22:34 . 2010-09-11 22:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-21 05:32 . 2010-09-15 20:27 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-18 05:58 . 2010-08-18 05:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-04 06:21 . 2010-08-04 06:21 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 05:55 . 2010-08-04 05:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 05:54 . 2010-08-04 05:54 519680 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-04 05:52 . 2010-08-04 05:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 05:51 . 2010-08-04 05:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 05:51 . 2010-08-04 05:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 05:50 . 2010-08-04 05:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-04 05:49 . 2010-08-04 05:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 05:49 . 2010-08-04 05:49 15845888 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 05:49 . 2010-08-04 05:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 05:49 . 2010-08-04 05:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 05:49 . 2010-08-04 05:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 05:46 . 2009-07-13 22:09 3899392 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-04 05:28 . 2010-08-04 05:28 4021760 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-04 05:26 . 2010-08-04 05:26 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 05:25 . 2010-08-04 05:25 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 05:24 . 2010-08-04 05:24 4341248 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 05:23 . 2010-08-04 05:23 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 05:21 . 2010-08-04 05:21 3324416 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-04 05:16 . 2010-08-04 05:16 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 05:15 . 2010-08-04 05:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 05:15 . 2010-08-04 05:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-04 05:15 . 2010-08-04 05:15 214016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 05:15 . 2010-08-04 05:15 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-04 05:14 . 2010-08-04 05:14 27648 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-04 05:14 . 2010-08-04 05:14 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-04 05:14 . 2010-08-04 05:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 05:09 . 2010-08-04 05:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 05:09 . 2010-08-04 05:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-29 06:30 . 2010-09-12 19:23 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-09-12 19:23 82944 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-09-27 16:32 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Aim"="c:\program files\AIM\aim.exe" [2010-09-09 4424024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-09-27 431432]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-11 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-11 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-11 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-11 308136]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\marzlxwy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-23 18:23:49
ComboFix-quarantined-files.txt 2010-10-23 22:23

Pre-Run: 230,841,307,136 bytes free
Post-Run: 230,967,586,816 bytes free

- - End Of File - - EFA78CD85FCF0EA43C6F3537BC0438C1


After running Combofix, when I started to do my post one of the fake virus scanners popped up. I was only on this page when it did it. I don't know if it is important, but its the first time I have seen one pop up without going to an infected page. It has never done this before on bleeping computer. Just thought I would let you know.


I'm not sure if this will help, but here is a link to the reports that I ran before I formatted and reinstalled Windows.

http://www.bleepingcomputer.com/forums/topic345461.html/page__p__1919950__fromsearch__1#entry1919950

Thanks

Edited by vaporiser, 23 October 2010 - 05:55 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 24 October 2010 - 07:21 AM

Hello, vaporiser.
Thanks for the link to the old log, you definitely had a backdoor rootkit at that point. There's no signs of it now. Let's check for Goored.

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 October 2010 - 05:13 PM

Hello Etavares,

Here is the log for goored:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:10 on 24/10/2010 (oem)
Firefox version 3.6.11 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:29 28/09/2010]

C:\Users\oem\Application Data\Mozilla\Firefox\Profiles\marzlxwy.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [12:34 28/09/2010]
{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [12:33 28/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [22:33 11/09/2010]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [21:33 07/10/2010]

-=E.O.F=-

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 26 October 2010 - 10:33 PM

Hi! I'm sorry for the delay, I'm travelling and having connectivity issues. I'll respond on thursday. Doesn't look like gooredfix picked up anything so our mystery deepens. I'll be back on Thursday...feel free to bug me if I don't respond. I'm not forgetting you. I brought all my notes, but no way to connect a flash drive to an iPad! Sigh.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 vaporiser

vaporiser
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 26 October 2010 - 10:42 PM

Hello Etavares,
No problem on the delay. Just have a safe trip. Its a mystery to me as to what all is causing the problem anyway. I have noticed a couple of things on the redirects that may lead you in the right direction. A lot of the time when I click a link in Firefox, it will go to the correct link and open another instance of Firefox with a blank page, since I am using the Redirect remover plug in for firefox. I read about it in another redirect virus thread. A lot of the redirects during the middle of a page opening are going to Google-analytics. I am also getting the WYCIWYG pages in Firefox.

Hopefully this might help some.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users