Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot identify the source of the problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 Rootkinal2

Rootkinal2

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 October 2010 - 06:56 PM

I had started a topic and being reviewed was told to start a new one here linking the old one: http://www.bleepingcomputer.com/forums/topic351961.html

To recap, my PC gave me a prompt that hardware changes had occurred and would not boot because of them. Eventually I got the the computer to work properly however all my attempts including whatever had worked, told me they had failed. Rootrepeal doesn't seem to work which makes me believe the malware targets known tools and disrupts them. I'd like to have my logs checked to ensure my computer really is clean or if this is just a very elusive virus.



DDS (Ver_10-10-10.03) - NTFSx86
Run by Lexzl at 19:27:38.04 on Mon 10/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2150 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lexzl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=16794S&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lexzl\appdata\roaming\mozilla\firefox\profiles\8xx4wlbx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\users\lexzl\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-10 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-10 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-10 243024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-9 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-11-25 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400]

=============== Created Last 30 ================

2010-10-17 03:33:23 -------- d-----w- c:\program files\TabletPlugins
2010-10-14 11:31:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 11:31:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:31:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 23:19:47 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-12 19:16:59 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-09-29 21:11:23 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 11:43:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 11:43:10 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-19 16:34:00 316928 ----a-w- c:\windows\system32\spoolsv.exe

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 20:02:59 3661128 ----a-w- c:\windows\system32\GameMon.des
2010-08-13 16:47:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 19:28:16.52 ===============

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:14 PM

Posted 27 October 2010 - 11:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 27 October 2010 - 09:55 PM

The problem doesn't seem to be readily apparent and this is really for insurance. I've mentioned it in the first post and previous thread and so I'll just copy and paste it now.

EDIT: Probably unrelated but might be worth noting. I was attempting to play a game that I typically play on a daily basis and it crashed. I tried a few different things to get it to work like deleting caches but it crashed nevertheless. Upon restarting my screen was set to 800x600 res and the optimal resolution I've always been using 1440x900 is no longer available.

EDIT2: My knowledge of drivers and devices is limited. I have 2 Nvidia geforce 8800 gs cards and one of them is not responding (code 43). I tried uninstalling and reinstalling. I tried system restore. I tried blowing the dust off with compressed air. Nothing seems to be working. I'm not sure how to actually remove these cards properly so I'm afraid to switch their slots and see if the card is failing me... Actually I'm going to try switching the plugs. Maybe that will work... Just tried and it's definitely not a hardware issue since it reads the same PCi being erroneous despite cards getting switched. At any rate windows action center has found 38 problems associated with that and it mentions it might be because of a virus.

To recap, my PC gave me a prompt that hardware changes had occurred and would not boot because of them. Eventually I got the the computer to work properly however all my attempts including whatever had worked, told me they had failed. Rootrepeal doesn't seem to work which makes me believe the malware targets known tools and disrupts them. I'd like to have my logs checked to ensure my computer really is clean or if this is just a very elusive virus.

DDS (Ver_10-10-21.02) - NTFSx86
Run by Lexzl at 22:14:29.30 on Wed 10/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2064 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lexzl\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=16794S&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lexzl\appdata\roaming\mozilla\firefox\profiles\8xx4wlbx.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c88ecde&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lexzl\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-10 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-10 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-10 243024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-11-25 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400]

=============== Created Last 30 ================

2010-10-27 12:00:16 -------- d-----w- c:\users\lexzl\appdata\roaming\LimeWire
2010-10-27 11:15:06 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 11:15:06 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 11:15:06 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 11:15:06 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-22 06:10:26 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 06:09:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-22 06:08:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-22 06:06:28 74520 ----a-w- c:\program files\common files\windows live\.cache\44365ce01cb71af\DSETUP.dll
2010-10-22 06:06:28 484632 ----a-w- c:\program files\common files\windows live\.cache\44365ce01cb71af\DXSETUP.exe
2010-10-22 06:06:28 1670936 ----a-w- c:\program files\common files\windows live\.cache\44365ce01cb71af\dsetup32.dll
2010-10-22 05:21:06 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-22 05:21:05 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-21 21:22:16 -------- d-----w- c:\program files\MSN Toolbar
2010-10-21 21:21:34 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-21 21:21:25 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-21 21:21:25 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-21 21:21:25 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-21 21:21:22 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-21 21:21:13 469256 ----a-w- c:\program files\common files\windows live\.cache\e295a2a01cb716502\InstallManager_WLE_WLE.exe
2010-10-21 21:21:10 15712 ----a-w- c:\program files\common files\windows live\.cache\e1b842c01cb716501\MeshBetaRemover.exe
2010-10-21 16:13:29 94040 ----a-w- c:\program files\common files\windows live\.cache\e5bca3501cb713a19\DSETUP.dll
2010-10-21 16:13:29 525656 ----a-w- c:\program files\common files\windows live\.cache\e5bca3501cb713a19\DXSETUP.exe
2010-10-21 16:13:29 1691480 ----a-w- c:\program files\common files\windows live\.cache\e5bca3501cb713a19\dsetup32.dll
2010-10-21 16:13:27 94040 ----a-w- c:\program files\common files\windows live\.cache\e2e678e01cb713a18\DSETUP.dll
2010-10-21 16:13:27 525656 ----a-w- c:\program files\common files\windows live\.cache\e2e678e01cb713a18\DXSETUP.exe
2010-10-21 16:13:27 1691480 ----a-w- c:\program files\common files\windows live\.cache\e2e678e01cb713a18\dsetup32.dll
2010-10-21 16:12:05 -------- d-----w- c:\users\lexzl\appdata\local\Windows Live
2010-10-21 16:11:35 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-21 16:11:35 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-21 16:11:35 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-17 03:33:23 -------- d-----w- c:\program files\TabletPlugins
2010-10-14 11:31:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 11:31:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:31:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 23:19:47 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-12 19:16:59 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-09-29 21:11:23 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 11:43:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 11:43:10 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-18 20:02:59 3661128 ----a-w- c:\windows\system32\GameMon.des
2010-08-13 16:47:47 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:15:05.49 ===============

Edited by Rootkinal2, 28 October 2010 - 07:26 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 30 October 2010 - 07:03 AM

Hello, Rootkinal2.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!




It may still be a hardware issue...if you swapped slots and one works but the other doesn't, the motherboard itself is often a common cause of that kind of problem. So, nothing here is screaming virus, but we'll dig in much deeper as it could be a cause. The RKU log in your other thread also had a possibility of a virus.



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 30 October 2010 - 10:11 AM

Hey, as it turns out I mistook what a PCI slot was. I thought the plugs on the ends of my cards were PCI and after looking around for a tech chat I finally found someone who explained it to me. I reseated them and it turns out that one of them really did burn out. Now that i've switched them around though, i've got my native res back.

Back to the virus problem now though.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: EVGA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: EVGA
System Product Name: nForce 750i SLI
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x82E00000 \SystemRoot\system32\ntkrnlpa.exe
0x83210000 \SystemRoot\system32\halacpi.dll
0x80BA9000 \SystemRoot\system32\kdcom.dll
0x8AE27000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AE9F000 \SystemRoot\system32\PSHED.dll
0x8AEB0000 \SystemRoot\system32\BOOTVID.dll
0x8AEB8000 \SystemRoot\system32\CLFS.SYS
0x8AEFA000 \SystemRoot\system32\CI.dll
0x8B03D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B0AE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B0BC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B104000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B10D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B115000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B13F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B14A000 \SystemRoot\System32\drivers\partmgr.sys
0x8B15B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B16B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B1B6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B1CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1E1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AFA5000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8B215000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B25C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B265000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B299000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B2AA000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AFCA000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B3D9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B406000 \SystemRoot\System32\Drivers\cng.sys
0x8B463000 \SystemRoot\System32\drivers\pcw.sys
0x8B471000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B47A000 \SystemRoot\system32\drivers\ndis.sys
0x8B531000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B56F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B633000 \SystemRoot\System32\drivers\tcpip.sys
0x8B77C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B7AD000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B7B6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7F5000 \SystemRoot\System32\Drivers\spldr.sys
0x8B600000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B594000 \SystemRoot\System32\Drivers\mup.sys
0x8B5A4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B5AC000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B5DE000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x9084F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9086E000 \SystemRoot\System32\Drivers\Null.SYS
0x90875000 \SystemRoot\System32\Drivers\Beep.SYS
0x9087C000 \SystemRoot\System32\drivers\vga.sys
0x90888000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x908A9000 \SystemRoot\System32\drivers\watchdog.sys
0x908B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x908BE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x908C6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x908CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x908D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x908E7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x908FE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90909000 \SystemRoot\System32\Drivers\avgtdix.sys
0x90943000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90975000 \SystemRoot\system32\drivers\afd.sys
0x909CF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x909D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90800000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8B200000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B023000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B1EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FC16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FC57000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FC61000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FC6B000 \SystemRoot\System32\drivers\discache.sys
0x8FC77000 \SystemRoot\system32\drivers\csc.sys
0x8FCDB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FCF3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FD01000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8FD07000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8FD3B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FD5C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9163A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x920B8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x920BA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92171000 \SystemRoot\System32\drivers\dxgmms1.sys
0x921AA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x921B5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x921BF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x921D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x921E4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8FD6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x921EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91606000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91231000 \SystemRoot\system32\DRIVERS\athr.sys
0x91354000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9135E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9137D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9138A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9139C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x913B4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x913BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x913E1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91217000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FDB9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8FDC3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9122E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9100A000 \SystemRoot\system32\DRIVERS\ks.sys
0x9103E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9104C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91090000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x910A1000 \SystemRoot\system32\drivers\HdAudio.sys
0x910F1000 \SystemRoot\system32\drivers\portcls.sys
0x91120000 \SystemRoot\system32\drivers\drmk.sys
0x91139000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91144000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91157000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9115E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91160000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9116B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91178000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x91182000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x911A7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x986A0000 \SystemRoot\System32\win32k.sys
0x911B8000 \SystemRoot\System32\drivers\Dxapi.sys
0x911C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98900000 \SystemRoot\System32\TSDDD.dll
0x98950000 \SystemRoot\System32\ATMFD.DLL
0x911CD000 \SystemRoot\system32\drivers\luafv.sys
0x8FDD0000 \SystemRoot\system32\drivers\WudfPf.sys
0x911E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96812000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96858000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96868000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9687B000 \SystemRoot\system32\drivers\HTTP.sys
0x96900000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96919000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9692B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9694E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96989000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC17000 \SystemRoot\system32\drivers\peauth.sys
0x9ECAE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9ECB8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9ECD9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9ECE6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ED35000 \SystemRoot\System32\DRIVERS\srv.sys
0x989C0000 \SystemRoot\System32\cdd.dll
0x9ED86000 \SystemRoot\system32\drivers\spsys.sys
0x9EDF0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774D0000 \Windows\System32\ntdll.dll
0x478F0000 \Windows\System32\smss.exe
0x77710000 \Windows\System32\apisetschema.dll
0x00A50000 \Windows\System32\autochk.exe
0x77630000 \Windows\System32\user32.dll
0x772D0000 \Windows\System32\iertutil.dll
0x77620000 \Windows\System32\nsi.dll
0x77610000 \Windows\System32\psapi.dll
0x77130000 \Windows\System32\setupapi.dll

Processes (total 57):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
348 csrss.exe
396 C:\Windows\System32\wininit.exe
408 csrss.exe
456 C:\Windows\System32\services.exe
488 C:\Windows\System32\winlogon.exe
516 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\nvvsvc.exe
716 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\audiodg.exe
1096 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\nvvsvc.exe
1264 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\spoolsv.exe
1404 C:\Windows\System32\svchost.exe
1476 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1496 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1536 C:\Program Files\Bonjour\mDNSResponder.exe
1584 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1752 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
924 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
344 C:\Program Files\AVG\AVG9\avgnsx.exe
656 C:\Windows\System32\SearchIndexer.exe
2356 C:\Windows\System32\dwm.exe
2368 C:\Windows\explorer.exe
2480 C:\Windows\System32\taskhost.exe
2600 C:\Windows\System32\svchost.exe
2652 C:\Program Files\AVG\AVG9\avgrsx.exe
2660 C:\Program Files\AVG\AVG9\avgchsvx.exe
2732 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2992 C:\Program Files\AVG\AVG9\avgtray.exe
3044 C:\Program Files\iTunes\iTunesHelper.exe
3068 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3076 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3120 C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
3128 C:\Windows\System32\SearchProtocolHost.exe
3176 C:\Program Files\LimeWire\LimeWire.exe
3196 C:\Windows\System32\SearchFilterHost.exe
3564 C:\Program Files\iPod\bin\iPodService.exe
3732 C:\Program Files\Windows Media Player\wmpnetwk.exe
3880 C:\Windows\System32\svchost.exe
2108 WmiPrvSE.exe
2640 C:\Program Files\Mozilla Firefox\firefox.exe
3936 dllhost.exe
168 C:\Windows\System32\sppsvc.exe
3864 WmiPrvSE.exe
2248 C:\Users\Lexzl\Downloads\MBRCheck(2).exe
2916 C:\Windows\System32\conhost.exe
3272 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 30 October 2010 - 02:36 PM

Hello, Rootkinal2.

OK, that's good news. Let's run TDSS Killer just in case based on the RKU scan showing a hidden thread, we'll also run MBAM and scan for infections.



Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 31 October 2010 - 09:42 AM

Doesn't seem to be showing anything

2010/10/31 10:33:53.0261 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 10:33:53.0261 ================================================================================
2010/10/31 10:33:53.0262 SystemInfo:
2010/10/31 10:33:53.0262
2010/10/31 10:33:53.0262 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/31 10:33:53.0262 Product type: Workstation
2010/10/31 10:33:53.0262 ComputerName: EXPERIENCE
2010/10/31 10:33:53.0263 UserName: Lexzl
2010/10/31 10:33:53.0263 Windows directory: C:\Windows
2010/10/31 10:33:53.0263 System windows directory: C:\Windows
2010/10/31 10:33:53.0263 Processor architecture: Intel x86
2010/10/31 10:33:53.0263 Number of processors: 1
2010/10/31 10:33:53.0263 Page size: 0x1000
2010/10/31 10:33:53.0263 Boot type: Normal boot
2010/10/31 10:33:53.0263 ================================================================================
2010/10/31 10:33:53.0550 Initialize success
2010/10/31 10:34:06.0070 ================================================================================
2010/10/31 10:34:06.0070 Scan started
2010/10/31 10:34:06.0070 Mode: Manual;
2010/10/31 10:34:06.0070 ================================================================================
2010/10/31 10:34:09.0038 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/31 10:34:09.0086 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/31 10:34:09.0139 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/31 10:34:09.0197 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/31 10:34:09.0326 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/31 10:34:09.0429 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/31 10:34:09.0578 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/31 10:34:09.0626 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/31 10:34:09.0674 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/31 10:34:09.0745 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/31 10:34:09.0823 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/31 10:34:09.0879 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/31 10:34:09.0940 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/31 10:34:09.0976 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/31 10:34:10.0012 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/31 10:34:10.0063 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/31 10:34:10.0099 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/31 10:34:10.0189 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/31 10:34:10.0323 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/31 10:34:10.0390 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/31 10:34:10.0468 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/31 10:34:10.0559 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/31 10:34:10.0658 athr (ecf01c1e13591a1350fcf91d4197d9e2) C:\Windows\system32\DRIVERS\athr.sys
2010/10/31 10:34:10.0801 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/31 10:34:10.0860 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/31 10:34:10.0921 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/31 10:34:11.0109 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/31 10:34:11.0198 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/31 10:34:11.0295 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/31 10:34:11.0389 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/31 10:34:11.0502 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/31 10:34:11.0568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/31 10:34:11.0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/31 10:34:11.0689 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/31 10:34:11.0738 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/31 10:34:11.0780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/31 10:34:11.0842 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/31 10:34:11.0882 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/31 10:34:12.0189 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/31 10:34:12.0234 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/31 10:34:12.0278 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/31 10:34:12.0364 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/31 10:34:12.0506 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/31 10:34:12.0545 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/31 10:34:12.0599 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/31 10:34:12.0631 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/31 10:34:12.0680 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/31 10:34:12.0714 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/31 10:34:12.0799 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/31 10:34:12.0901 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/31 10:34:12.0973 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/31 10:34:13.0037 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/31 10:34:13.0098 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/31 10:34:13.0201 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2010/10/31 10:34:13.0277 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/31 10:34:13.0413 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/31 10:34:13.0564 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/31 10:34:13.0613 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/31 10:34:13.0705 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/31 10:34:13.0775 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/31 10:34:13.0854 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/31 10:34:13.0926 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/31 10:34:13.0985 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/31 10:34:14.0060 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/31 10:34:14.0135 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/31 10:34:14.0212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/31 10:34:14.0306 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/31 10:34:14.0406 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/31 10:34:14.0464 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/31 10:34:14.0532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/31 10:34:14.0607 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/31 10:34:14.0677 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/31 10:34:14.0762 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/10/31 10:34:14.0820 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/31 10:34:14.0865 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/31 10:34:14.0913 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/31 10:34:14.0946 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/31 10:34:15.0015 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/31 10:34:15.0072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/31 10:34:15.0122 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/31 10:34:15.0174 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/31 10:34:15.0234 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/31 10:34:15.0300 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/31 10:34:15.0344 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/31 10:34:15.0419 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/31 10:34:15.0466 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/31 10:34:15.0529 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/31 10:34:15.0581 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/31 10:34:15.0614 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/31 10:34:15.0706 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/31 10:34:15.0742 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/31 10:34:15.0781 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/31 10:34:15.0836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/31 10:34:15.0900 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/31 10:34:15.0978 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/31 10:34:16.0047 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/31 10:34:16.0119 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/31 10:34:16.0175 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/31 10:34:16.0217 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/31 10:34:16.0273 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/31 10:34:16.0310 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/31 10:34:16.0400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/31 10:34:16.0452 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/31 10:34:16.0500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/31 10:34:16.0554 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/31 10:34:16.0628 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/31 10:34:16.0706 MotioninJoyUSBFilter (3695844dcfaea92827a33d2330310fcd) C:\Windows\system32\DRIVERS\MijUfilt.sys
2010/10/31 10:34:16.0753 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/31 10:34:16.0804 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/31 10:34:16.0852 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/31 10:34:16.0894 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/31 10:34:16.0961 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/31 10:34:17.0025 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/31 10:34:17.0105 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/31 10:34:17.0160 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/31 10:34:17.0229 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/31 10:34:17.0279 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/31 10:34:17.0319 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/31 10:34:17.0388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/31 10:34:17.0427 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/31 10:34:17.0463 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/31 10:34:17.0518 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/31 10:34:17.0562 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/31 10:34:17.0608 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/31 10:34:17.0649 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/31 10:34:17.0714 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/31 10:34:17.0754 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/31 10:34:17.0794 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/31 10:34:17.0847 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/31 10:34:17.0924 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/31 10:34:17.0986 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/31 10:34:18.0036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/31 10:34:18.0100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/31 10:34:18.0143 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/31 10:34:18.0192 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/31 10:34:18.0244 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/31 10:34:18.0309 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/31 10:34:18.0393 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/31 10:34:18.0482 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/31 10:34:18.0551 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/31 10:34:18.0657 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2010/10/31 10:34:18.0767 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/31 10:34:18.0877 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/31 10:34:18.0943 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/31 10:34:19.0220 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/31 10:34:19.0410 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/31 10:34:19.0546 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/31 10:34:20.0310 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/31 10:34:20.0674 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/31 10:34:21.0079 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/31 10:34:21.0181 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/31 10:34:21.0230 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/31 10:34:21.0365 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/31 10:34:21.0558 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/31 10:34:21.0622 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/31 10:34:21.0690 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/31 10:34:21.0746 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/31 10:34:21.0894 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/31 10:34:21.0948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/31 10:34:22.0022 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/31 10:34:22.0099 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/31 10:34:22.0185 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/31 10:34:22.0228 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/31 10:34:22.0275 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/31 10:34:22.0362 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/31 10:34:22.0893 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/31 10:34:23.0485 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/31 10:34:23.0670 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/31 10:34:23.0794 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/31 10:34:23.0866 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/31 10:34:23.0918 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/31 10:34:23.0998 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/31 10:34:24.0032 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/31 10:34:24.0088 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/31 10:34:24.0136 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/31 10:34:24.0191 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/31 10:34:24.0285 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/31 10:34:24.0354 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/31 10:34:24.0435 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/31 10:34:24.0593 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/31 10:34:24.0813 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/31 10:34:24.0869 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/31 10:34:24.0913 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/31 10:34:24.0963 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/31 10:34:25.0124 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/31 10:34:25.0228 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/31 10:34:25.0310 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/31 10:34:25.0377 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/31 10:34:25.0474 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/31 10:34:25.0552 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/31 10:34:25.0624 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/31 10:34:25.0661 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/31 10:34:25.0767 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/31 10:34:25.0928 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/31 10:34:25.0995 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/31 10:34:26.0045 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/31 10:34:26.0172 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/31 10:34:26.0237 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/31 10:34:26.0327 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/31 10:34:26.0391 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/31 10:34:26.0567 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/31 10:34:26.0737 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/31 10:34:26.0831 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/31 10:34:26.0880 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/31 10:34:26.0917 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/31 10:34:27.0102 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/31 10:34:27.0169 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/31 10:34:27.0278 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/31 10:34:27.0359 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/31 10:34:27.0411 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/31 10:34:27.0485 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/31 10:34:27.0553 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/31 10:34:27.0594 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/31 10:34:27.0636 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/31 10:34:27.0717 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/31 10:34:27.0764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/31 10:34:27.0852 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/31 10:34:27.0956 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/31 10:34:28.0019 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/31 10:34:28.0087 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/31 10:34:28.0150 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/31 10:34:28.0211 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/31 10:34:28.0293 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/31 10:34:28.0338 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/31 10:34:28.0398 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/31 10:34:28.0458 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/31 10:34:28.0508 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/31 10:34:28.0549 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/31 10:34:28.0591 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/31 10:34:28.0656 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/31 10:34:28.0694 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/31 10:34:28.0736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/31 10:34:28.0833 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/31 10:34:28.0953 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/31 10:34:29.0006 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/31 10:34:29.0058 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/31 10:34:29.0134 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/31 10:34:29.0187 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/31 10:34:29.0241 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 10:34:29.0264 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 10:34:29.0464 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/31 10:34:29.0562 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/31 10:34:29.0678 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/31 10:34:29.0721 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/31 10:34:29.0859 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/31 10:34:29.0939 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/31 10:34:30.0063 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/31 10:34:30.0150 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/31 10:34:30.0211 ================================================================================
2010/10/31 10:34:30.0211 Scan finished
2010/10/31 10:34:30.0211 ================================================================================
2010/10/31 10:34:38.0129 Deinitialize success



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5007

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2010 10:42:46 AM
mbam-log-2010-10-31 (10-42-46).txt

Scan type: Quick scan
Objects scanned: 141711
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 31 October 2010 - 10:46 AM

Hello, Rootkinal2.
Yup, looking like you're clean. Let's get one last opinion.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 22 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version.



Step 2

Please go to the Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 31 October 2010 - 03:15 PM

We've got something. Limewire was removed some time ago so guess it just left a nasty present. And pokesav I didn't think was malicious in the least but guess I was wrong.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 31, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 31, 2010 11:31:53
Records in database: 4196268
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 137849
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:51:05


File name / Threat / Threats count
C:\Users\Lexzl\Downloads\LimeWireSetup.exe Infected: not-a-virus:WebToolbar.Win32.Zango.oj 1
C:\Users\Lexzl\Downloads\pokesav_compact_en.zip Infected: Backdoor.Win32.VB.mdo 2

Selected area has been scanned.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 31 October 2010 - 04:51 PM

Hello, Rootkinal2.
Actually, a good scan. LimeWire was infected with Adware, not a virus...just a toolbar in the installer. The ZIP file can't do any harm unless you extract the contents. It could be a false positive. In any case, you will have to delete those files manually, Kapersky doesn't do it for you. I'll leave it up to you, although I do recommend deleting pokesav based on those results. It is a hack tool to edit sav files...and hacking tools often contains hacks of your computer.

Other than that, it's looking good. How id your computer running?


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 01 November 2010 - 11:00 AM

I deleted them both. Computer is running the same though which is fine. Rootrepeal still refuses to work but given that every other malware prevention tool you guys have given me HAS worked, I'm going to chalk it up to some script error that clashes with a windows update... or something.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 01 November 2010 - 05:50 PM

Hello, Rootkinal2.

Yeah, often one or more of the anti-rootkit programs will fail to run. They're not always compatible, and they see different things, so sometimes I run several. GMER often results in a blue screen.







Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the Posted Image icon to start the program.
  • Then, click the big Posted Image button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.



Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start and type in SystemsPropertiesProtection and run that program.
  • Select the System Protection tab.
  • Press Create.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully.


Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> My Computer
  • Right-click on C: and select Properties.
  • Click on Disk Cleanup.
  • Double-click Files from all users on this computer.
  • Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  • Disk cleanup will remove those restore points and close itself.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 November 2010 - 04:05 PM

Eh... Well I used oldtimer but I can't create a system restore point. The option "Open System Protection" as well as the keyword I was supposed to type into the start searchbar don't exist.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 02 November 2010 - 05:58 PM

You're using Windows 7 Professional, right? Is this a work computer and they disabled it for some reason? If not, this is leftover from the virus and we should fix it. Do you have an installation CD handy?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Rootkinal2

Rootkinal2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 November 2010 - 09:26 PM

This is a Windows 7 Professional and it's a personal computer. I happened to have made a boot CD some time ago that I had sitting here for the last 2 weeks and now it's mysteriously moved... Anyway, once I find it, what am I doing? Not wiping my drive I hope.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users