Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Themes System Crashing, Windows Update Blocked, Javascript Exploits, Sudden Bluescreens


  • This topic is locked This topic is locked
4 replies to this topic

#1 reece.alexander

reece.alexander

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 12 December 2010 - 06:00 AM

Hey having a huge collection of issues all of a sudden.. started with JavaScript exploits being blocked by AVG. Themes system crashed.. Now windows update is blocked.. it gets redirected over and over until timeout. and worst of all BlueScreen shutdowns - I'll try and grab the log next time it occurs.

I have followed all guide lines and below are my logs (Attach.txt I noticed has hundreds of lines in regards to theme system not working- will attach if requested)

I do appreciate your time and a donation is definitely in order for helping
---------------------------------------------------------------------------


DDS (Ver_10-12-12.01) - NTFSx86
Run by Reece n Jess at 20:28:00.47 on Sun 12/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3039.1134 [GMT 10:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\BattlePing\BattleP.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\games\World of Warcraft\Wow.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Reece n Jess\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15820&l=dis
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Clip2Net] c:\program files\clip2net\clip2net.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
uExplorerRun: [Policies] c:\windows\system32\install\server.exe
mExplorerRun: [Policies] c:\windows\system32\install\server.exe
StartupFolder: c:\users\reecen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\BattleP.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {9D71D88C-C598-4935-C5D1-43AA4DB90836} - c:\program files\bifrost\server.exe s
mASetup: {RVR3IMIB-0BF1-Y782-4DU1-K5BHT5V7YI04} - c:\windows\system32\install\server.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\reecen~1\appdata\roaming\mozilla\firefox\profiles\cljqpvkl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15820&l=dis
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\users\reece n jess\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\reecen~1\appdata\roaming\mozilla\firefox\profiles\cljqpvkl.default\extensions\firebug@software.joehewitt.com
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-27 243024]
R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2010-8-30 5281672]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files\acunetix\web vulnerability scanner 7\WVSScheduler7.exe [2010-10-28 674104]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-8-25 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308136]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-10-31 2011944]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-7-3 9216]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-8-12 56040]
R3 BATTLEP;BATTLEP;c:\program files\battleping\BattleP.exe [2009-12-25 1568768]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-11-28 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2010-8-30 5230088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-25 185344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 Apache2.2;Apache2.2;"c:\server 3.3.3a\server\apache\bin\apache.exe" -k runservice --> c:\server 3.3.3a\server\apache\bin\apache.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-11-28 102912]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-8-25 4232192]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2010-8-30 5230088]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

=============== File Associations ===============

txtfile="c:\program files\e\e.exe" "%1"

=============== Created Last 30 ================

2010-12-10 22:50:50 -------- d-----w- C:\Temp
2010-12-07 12:32:59 -------- d-----w- c:\users\reecen~1\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-07 12:32:59 -------- d-----w- c:\users\reecen~1\appdata\roaming\Adobe Mini Bridge CS5
2010-12-05 13:49:38 -------- d-----w- c:\progra~2\{FA64B359-9D66-4861-BD91-6E3388D327C7}
2010-12-05 13:49:36 -------- d-----w- c:\program files\LiveZilla
2010-12-04 19:55:23 -------- d-----w- c:\users\reecen~1\appdata\roaming\OpenOffice.org
2010-12-04 19:52:59 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-25 15:27:25 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-11-25 15:27:25 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-11-18 11:34:38 -------- d-----w- c:\windows\system32\Data
2010-11-18 11:34:38 -------- d-----w- c:\users\reecen~1\appdata\local\Bapes
2010-11-18 11:34:27 -------- d-----w- c:\program files\Bapes Easy Botting

==================== Find3M ====================

2010-09-22 14:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 04:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9500420AS rev.0003HPM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x82E4A000]<< >>UNKNOWN [0x8BA11000]<< >>UNKNOWN [0x8C5DA000]<< >>UNKNOWN [0x8C600000]<< >>UNKNOWN [0x82E13000]<< >>UNKNOWN [0x836A9000]<< >>UNKNOWN [0x86E1D555]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82E86458] -> \Device\Harddisk0\DR0[0x86DF8A20]
\Driver\Disk[0x86DF61E8] -> IRP_MJ_CREATE -> 0x8BA1539F
3 [0x8BA1559E] -> ntkrnlpa!IofCallDriver[0x82E86458] -> [0x86DF7628]
\Driver\hpdskflt[0x86DA30A0] -> IRP_MJ_CREATE -> 0x8C601FB0
5 [0x8C602090] -> ntkrnlpa!IofCallDriver[0x82E86458] -> [0x86886918]
\Driver\ACPI[0x86880DB8] -> IRP_MJ_CREATE -> 0x836B24AA
7 [0x836B23B2] -> ntkrnlpa!IofCallDriver[0x82E86458] -> \IdeDeviceP0T0L0-0[0x86CEB030]
\Driver\atapi[0x86DFE878] -> IRP_MJ_CREATE -> 0x86E1D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST9500420AS_____________________________0003HPM1#5&129c6798&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 20:28:34.30 ===============




GMER LOG - Noticable Rootkit behaviour


----------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-12 20:59:41
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9500420AS rev.0003HPM1
Running: gmer.exe; Driver: C:\Users\REECEN~1\AppData\Local\Temp\kxtcrfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94206000, 0x2D5046, 0xE8000020]
? C:\Users\REECEN~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtProtectVirtualMemory 776B5360 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtWriteVirtualMemory 776B5EE0 5 Bytes JMP 00B7000A
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!KiUserExceptionDispatcher 776B6448 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[1868] ole32.dll!CoCreateInstance 7756590C 5 Bytes JMP 00D7000A
.text C:\Windows\system32\svchost.exe[1868] USER32.dll!GetCursorPos 773FC198 5 Bytes JMP 00E2000A
.text C:\Windows\Explorer.EXE[3200] ntdll.dll!NtProtectVirtualMemory 776B5360 5 Bytes JMP 0093000A
.text C:\Windows\Explorer.EXE[3200] ntdll.dll!NtWriteVirtualMemory 776B5EE0 5 Bytes JMP 0094000A
.text C:\Windows\Explorer.EXE[3200] ntdll.dll!KiUserExceptionDispatcher 776B6448 5 Bytes JMP 0092000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3632] USER32.dll!TrackPopupMenu 77424B3B 5 Bytes JMP 5ACD2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5108] ntdll.dll!NtProtectVirtualMemory 776B5360 5 Bytes JMP 002E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5108] ntdll.dll!NtWriteVirtualMemory 776B5EE0 5 Bytes JMP 002F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5108] ntdll.dll!KiUserExceptionDispatcher 776B6448 5 Bytes JMP 002D000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\0000007b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST9500420AS_____________________________0003HPM1#5&129c6798&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2af2e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2af2e9 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 976772912 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 reece.alexander

reece.alexander
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 12 December 2010 - 07:52 AM

2010/12/12 22:59:41.0579 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 22:59:41.0579 ================================================================================
2010/12/12 22:59:41.0579 SystemInfo:
2010/12/12 22:59:41.0579
2010/12/12 22:59:41.0579 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/12 22:59:41.0579 Product type: Workstation
2010/12/12 22:59:41.0579 ComputerName: REECENJESS-PC
2010/12/12 22:59:41.0581 UserName: Reece n Jess
2010/12/12 22:59:41.0581 Windows directory: C:\Windows
2010/12/12 22:59:41.0581 System windows directory: C:\Windows
2010/12/12 22:59:41.0581 Processor architecture: Intel x86
2010/12/12 22:59:41.0581 Number of processors: 2
2010/12/12 22:59:41.0581 Page size: 0x1000
2010/12/12 22:59:41.0581 Boot type: Normal boot
2010/12/12 22:59:41.0581 ================================================================================
2010/12/12 22:59:42.0217 Initialize success
2010/12/12 22:59:47.0995 ================================================================================
2010/12/12 22:59:47.0995 Scan started
2010/12/12 22:59:47.0995 Mode: Manual;
2010/12/12 22:59:47.0995 ================================================================================
2010/12/12 22:59:51.0708 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/12 22:59:51.0772 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/12/12 22:59:51.0809 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/12 22:59:51.0873 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/12 22:59:51.0939 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/12 22:59:51.0977 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/12 22:59:52.0012 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/12 22:59:52.0099 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/12 22:59:52.0172 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/12 22:59:52.0225 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/12 22:59:52.0255 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/12 22:59:52.0336 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/12 22:59:52.0559 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/12 22:59:52.0596 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/12 22:59:52.0686 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/12 22:59:52.0719 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/12 22:59:52.0775 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/12 22:59:52.0837 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/12 22:59:52.0862 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/12 22:59:52.0947 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/12 22:59:53.0011 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/12 22:59:53.0050 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/12 22:59:53.0118 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/12 22:59:53.0158 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/12 22:59:53.0209 AtiHdmiService (0bf168115851f9a7e070dc16901cf7c1) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/12 22:59:53.0353 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/12 22:59:53.0534 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/12/12 22:59:53.0578 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/12/12 22:59:53.0639 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/12/12 22:59:53.0717 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/12 22:59:53.0781 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/12 22:59:53.0873 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/12 22:59:53.0943 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/12 22:59:54.0009 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/12 22:59:54.0053 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/12 22:59:54.0109 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/12 22:59:54.0131 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/12 22:59:54.0174 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/12 22:59:54.0203 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/12 22:59:54.0231 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/12 22:59:54.0273 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/12 22:59:54.0329 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/12 22:59:54.0353 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/12 22:59:54.0397 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/12 22:59:54.0447 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/12/12 22:59:54.0499 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/12 22:59:54.0550 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/12 22:59:54.0592 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/12 22:59:54.0651 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/12 22:59:54.0693 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/12 22:59:54.0756 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/12 22:59:54.0804 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/12 22:59:54.0845 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/12 22:59:54.0905 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/12 22:59:54.0948 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/12 22:59:55.0109 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/12 22:59:55.0204 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/12 22:59:55.0229 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/12 22:59:55.0319 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/12 22:59:55.0377 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/12 22:59:55.0424 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/12 22:59:55.0554 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/12 22:59:55.0679 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/12 22:59:55.0737 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys
2010/12/12 22:59:55.0775 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/12 22:59:55.0854 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2010/12/12 22:59:55.0889 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/12 22:59:55.0918 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/12 22:59:55.0973 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/12 22:59:56.0008 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/12 22:59:56.0047 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/12 22:59:56.0095 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/12 22:59:56.0147 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/12 22:59:56.0192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/12 22:59:56.0235 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/12 22:59:56.0300 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/12 22:59:56.0355 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/12 22:59:56.0427 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/12 22:59:56.0488 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/12 22:59:56.0515 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/12 22:59:56.0551 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/12 22:59:56.0589 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/12 22:59:56.0680 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/12 22:59:56.0729 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/12 22:59:56.0785 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/12/12 22:59:56.0819 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/12/12 22:59:56.0865 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/12 22:59:56.0925 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/12 22:59:56.0999 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/12/12 22:59:57.0034 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/12 22:59:57.0096 hwusbfake (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys
2010/12/12 22:59:57.0159 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/12 22:59:57.0216 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/12 22:59:57.0254 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/12 22:59:57.0296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/12 22:59:57.0328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/12 22:59:57.0368 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/12 22:59:57.0428 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/12 22:59:57.0460 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/12 22:59:57.0497 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/12 22:59:57.0542 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/12 22:59:57.0585 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/12 22:59:57.0626 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys
2010/12/12 22:59:57.0712 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/12 22:59:57.0785 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/12 22:59:57.0823 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/12 22:59:57.0876 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/12 22:59:57.0964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/12 22:59:58.0017 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/12 22:59:58.0047 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/12 22:59:58.0104 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/12 22:59:58.0146 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/12 22:59:58.0198 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/12 22:59:58.0240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/12 22:59:58.0262 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/12 22:59:58.0291 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/12 22:59:58.0354 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/12 22:59:58.0396 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/12 22:59:58.0460 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/12 22:59:58.0512 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/12 22:59:58.0544 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/12 22:59:58.0573 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/12 22:59:58.0609 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/12 22:59:58.0678 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/12 22:59:58.0724 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/12 22:59:58.0748 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/12 22:59:58.0796 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/12 22:59:58.0842 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/12 22:59:58.0912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/12 22:59:58.0951 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/12 22:59:59.0020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/12 22:59:59.0078 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/12 22:59:59.0138 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/12 22:59:59.0174 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/12 22:59:59.0303 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/12 22:59:59.0361 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/12 22:59:59.0490 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/12 22:59:59.0517 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/12 22:59:59.0540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/12 22:59:59.0604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/12 22:59:59.0645 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/12 22:59:59.0720 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/12 22:59:59.0767 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/12 22:59:59.0816 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/12 22:59:59.0847 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/12 22:59:59.0871 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/12 22:59:59.0894 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/12 22:59:59.0921 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/12 23:00:00.0193 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/12/12 23:00:00.0466 netw5v32 (fb6d0c4caf4c6984079656f26ffd7b86) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/12/12 23:00:00.0599 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/12 23:00:00.0742 NLNdisMP (2401f61753632bfd955993f095ab3c46) C:\Windows\system32\DRIVERS\nlndis.sys
2010/12/12 23:00:00.0956 NLNdisPT (2401f61753632bfd955993f095ab3c46) C:\Windows\system32\DRIVERS\nlndis.sys
2010/12/12 23:00:01.0168 nltdi (e470fc9371500cd712a39bb912060f44) C:\Program Files\NetLimiter 3\nltdi.sys
2010/12/12 23:00:01.0309 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/12 23:00:01.0340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/12 23:00:01.0391 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/12 23:00:01.0440 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/12 23:00:01.0476 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/12/12 23:00:01.0533 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/12 23:00:01.0577 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/12 23:00:01.0615 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/12 23:00:01.0668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/12 23:00:01.0736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/12 23:00:01.0900 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/12 23:00:01.0924 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/12 23:00:01.0971 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/12 23:00:01.0998 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/12 23:00:02.0028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/12 23:00:02.0072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/12 23:00:02.0102 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/12 23:00:02.0208 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/12 23:00:02.0240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/12 23:00:02.0306 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/12 23:00:02.0357 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/12 23:00:02.0421 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/12 23:00:02.0460 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/12 23:00:02.0485 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/12 23:00:02.0531 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/12 23:00:02.0578 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/12 23:00:02.0625 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/12 23:00:02.0673 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/12 23:00:02.0719 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/12 23:00:02.0750 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/12 23:00:02.0820 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/12 23:00:02.0848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/12 23:00:02.0881 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/12 23:00:02.0908 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/12 23:00:02.0947 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/12 23:00:03.0003 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/12 23:00:03.0050 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/12 23:00:03.0112 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/12 23:00:03.0187 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/12 23:00:03.0215 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/12 23:00:03.0258 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/12 23:00:03.0373 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/12 23:00:03.0608 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/12 23:00:03.0656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/12 23:00:03.0695 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/12 23:00:03.0742 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/12 23:00:03.0768 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/12 23:00:03.0796 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/12 23:00:03.0836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/12 23:00:03.0879 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/12 23:00:03.0940 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/12 23:00:03.0961 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/12 23:00:04.0018 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/12 23:00:04.0079 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/12 23:00:04.0142 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/12 23:00:04.0195 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/12 23:00:04.0258 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/12 23:00:04.0305 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/12 23:00:04.0363 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/12 23:00:04.0409 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/12 23:00:04.0492 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/12 23:00:04.0555 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
2010/12/12 23:00:04.0610 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/12 23:00:04.0699 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/12 23:00:04.0804 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/12 23:00:04.0886 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/12 23:00:04.0948 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/12 23:00:04.0999 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/12 23:00:05.0023 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/12 23:00:05.0053 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/12 23:00:05.0127 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/12 23:00:05.0219 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/12 23:00:05.0262 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/12 23:00:05.0328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/12 23:00:05.0373 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/12 23:00:05.0442 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/12 23:00:05.0479 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/12 23:00:05.0531 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/12 23:00:05.0568 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/12 23:00:05.0600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/12 23:00:05.0638 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/12 23:00:05.0687 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/12 23:00:05.0718 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/12 23:00:05.0762 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/12 23:00:05.0818 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/12 23:00:05.0845 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/12 23:00:05.0901 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/12 23:00:05.0963 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/12 23:00:06.0019 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/12 23:00:06.0047 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/12 23:00:06.0075 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/12 23:00:06.0118 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/12 23:00:06.0151 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/12 23:00:06.0176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/12 23:00:06.0225 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/12 23:00:06.0257 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/12 23:00:06.0288 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/12 23:00:06.0320 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/12 23:00:06.0360 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/12 23:00:06.0383 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/12 23:00:06.0420 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/12/12 23:00:06.0485 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/12 23:00:06.0554 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 23:00:06.0568 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 23:00:06.0685 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/12 23:00:06.0727 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/12 23:00:06.0824 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/12 23:00:06.0865 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/12 23:00:06.0994 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/12 23:00:07.0044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/12 23:00:07.0088 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/12 23:00:07.0136 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/12 23:00:07.0198 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/12 23:00:07.0295 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/12 23:00:07.0299 ================================================================================
2010/12/12 23:00:07.0299 Scan finished
2010/12/12 23:00:07.0300 ================================================================================
2010/12/12 23:00:07.0312 Detected object count: 1
2010/12/12 23:00:20.0077 \HardDisk0 - will be cured after reboot
2010/12/12 23:00:20.0089 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/12 23:03:12.0713 Deinitialize success

Edited by reece.alexander, 12 December 2010 - 08:10 AM.


#3 reece.alexander

reece.alexander
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 12 December 2010 - 11:05 AM

C:\pvpTool.exe a variant of Win32/Packed.MoleboxUltra application cleaned by deleting - quarantined
C:\Program Files\Acunetix\Web Vulnerability Scanner 7\Activation.exe a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\AppData\Local\Temp\227E.tmp Win32/Olmarik.AIW trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\AppData\Local\Temp\229E.tmp Win32/Olmarik.AIW trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\AppData\Local\Temp\mirc-6.35-incl-keygen-and-patch.rar multiple threats deleted - quarantined
C:\Users\Reece n Jess\AppData\Local\Temp\myAutToExe2_09_AutoIt3_Decompiler_opensource.zip multiple threats deleted - quarantined
C:\Users\Reece n Jess\AppData\Local\Temp\WLMCreator.7z Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Users\Reece n Jess\AppData\Local\Xenocode\ApplianceCaches\ist2.exe_v62107FEC\Native\STUBEXE\@APPDATA@\rundll.exe Win32/Injector.BVG trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\AppData\Local\{45D8C298-2E01-45FB-8B0F-BB9D6A72C372}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\BattlePing1.52.exe probably a variant of Win32/TrojanDropper.Agent.DYFXRPJ trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\BattlePing1.53.exe probably a variant of Win32/Spy.Agent.LJJGPUK trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\BattlePing1.54(2).exe probably a variant of Win32/Spy.Agent.NMIYFWN trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\BattlePing1.54.exe probably a variant of Win32/Spy.Agent.GBINUDQ trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\BattlePing1.6.exe probably a variant of Win32/Spy.Agent.MHLEZMA trojan cleaned by deleting - quarantined
C:\Users\Reece n Jess\Downloads\microsoftoffice2007applicationskeygenmicrosoft.zip Win32/Olmarik.AIW trojan deleted - quarantined
C:\Users\Reece n Jess\Downloads\microsoftofficeformsserver2007serialtbe.zip Win32/Olmarik.AIW trojan deleted - quarantined
C:\Users\Reece n Jess\Downloads\office_2007_12_0_6013_crack.zip a variant of Win32/TrojanDropper.Joiner.NAH trojan deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool (1).rar probably unknown NewHeur_PE virus deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool(2).rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool(3).rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool(4).rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool(5).rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool(6).rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool.rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool_v2.1.2.16.rar a variant of Win32/Packed.MoleboxUltra application deleted - quarantined
C:\Users\Reece n Jess\Downloads\pvpTool_v2.1.2.16\pvpTool\pvpTool.exe a variant of Win32/Packed.MoleboxUltra application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c741ce8-29d84e14 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-6b06f6ce a variant of Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantined

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:56 PM

Posted 20 December 2010 - 12:58 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 03 January 2011 - 08:57 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users