Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Userinit.exe rootkit...redirects...survives formatting???


  • This topic is locked This topic is locked
3 replies to this topic

#1 azzihs

azzihs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 December 2010 - 10:41 PM

First of all the only symptom I have noticed are browser redirects in chrome and ie. I'm sure theres other things going on but nothing noticeable right off the bat. Second of all, I have formatted with fresh installs of Windows 7 and I seem to be instantly reinfected each time. I don't know if this is somehow surviving the formatting or if I am somehow reinfected myself or being exploited each time, but this is extremely frustrating.

The first time I ran ComboFix it said Wininit.exe was infected! but it didn't attempt to do anything about it. I realized I had forgotten to close Kaspersky so I closed it and reran it, now it says it has successfully restored wininit.exe but the virus/rootkit is still there. I could try rerunning ComboFix again if someone thinks it will be productive but I'm almost certain it will just do the exact same thing. After ComboFix rebooted the system I had to give a file called rmbr.cfxxe or something of those sorts permissions in Kaspersky before it would complete the log generation and close. Google searches showed this file seemed to be related to ComboFix so i gave it permissions.

I had TDSS.Rootkit in the somewhat recent past but I had run tdsskiller on it already and have formatted several times since then. I don't know if this virus/rootkit could be related to that somehow.

TDSSKiller is coming up clean but I'm posting the log anyway in case it could be of use

MBAM is coming up clean

Kaspersky is coming up clean

ESET Online Scanner is coming up clean

Gmer isnt highlighting anything in red or giving me any popups while scanning

I know I was not supposed to run ComboFix but I had already run it before I came here for help so here it is.

PLEASE HELP

Logs:

ComboFix 10-12-20.01 - Brandon 12/20/2010 20:50:28.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1012.471 [GMT -5:00]
Running from: c:\users\Brandon\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 02:01 . 2010-12-21 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 01:44 . 2010-12-21 01:44 -------- d-----w- c:\program files\CCleaner
2010-12-21 00:10 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:10 . 2010-12-21 00:10 -------- d-----w- c:\programdata\Malwarebytes
2010-12-21 00:10 . 2010-12-21 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-21 00:10 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:39 . 2010-12-20 23:39 -------- d-----w- c:\program files\uTorrent
2010-12-20 23:35 . 2010-12-20 23:36 -------- d-----w- c:\users\Brandon
2010-12-20 23:35 . 2010-12-20 23:35 -------- d-----w- C:\Recovery
2010-12-20 23:24 . 2010-12-20 23:35 -------- d-----w- c:\windows\Panther
2010-12-20 23:05 . 2010-12-20 23:06 -------- d-----w- c:\windows\system32\autorun
2010-12-20 23:03 . 2006-03-23 17:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-12-20 23:03 . 2007-04-13 16:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-12-20 23:03 . 2006-03-30 18:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-12-20 23:03 . 2005-12-09 14:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-12-20 23:03 . 2004-11-03 14:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-12-20 23:03 . 2010-12-20 23:03 -------- d-----w- C:\Acer
2010-12-20 21:52 . 2010-12-20 22:03 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-20 21:52 . 2010-12-20 22:03 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-20 21:51 . 2010-12-21 02:04 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-20 21:51 . 2010-12-20 21:51 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-20 21:48 . 2010-12-20 21:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-20 21:19 . 2007-12-03 23:11 207368 ----a-w- c:\windows\UNINST32.EXE
2010-12-20 21:17 . 2010-12-20 21:17 -------- d-----w- c:\program files\7-Zip
2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\programdata\AIM
2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\AIM
2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\Common Files\AOL
2010-12-20 21:00 . 2010-12-20 21:00 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-20 20:59 . 2010-12-20 20:59 -------- d-----w- c:\windows\PCHEALTH
2010-12-20 20:59 . 2010-12-20 21:53 -------- d-sh--w- c:\windows\Installer
2010-12-20 20:58 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{130E0235-A542-47E2-980B-38AECAA30ACC}\mpengine.dll
2010-12-20 20:58 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 20:54 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-20 20:45 . 2010-12-20 20:45 -------- d-----w- c:\windows\system32\x64
2010-12-20 20:45 . 2009-09-24 03:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-12-20 20:43 . 2010-12-20 23:35 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 14:50 . 2010-11-11 14:50 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-11 14:50 . 2010-11-11 14:50 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-11 14:50 . 2010-11-11 14:50 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-11 14:49 . 2010-11-11 14:49 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-11 14:49 . 2010-11-11 14:49 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-11 14:49 . 2010-11-11 14:49 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-11 14:49 . 2010-11-11 14:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-11 14:49 . 2010-11-11 14:49 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-11-11 14:48 . 2010-11-11 14:48 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-11-11 14:48 . 2010-11-11 14:48 417792 ----a-w- c:\windows\system32\msdri.dll
2010-11-11 14:48 . 2010-11-11 14:48 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-11-11 14:48 . 2010-11-11 14:48 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-11 14:48 . 2010-11-11 14:48 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-11 14:48 . 2010-11-11 14:48 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-11 14:47 . 2010-11-11 14:47 224256 ----a-w- c:\windows\system32\schannel.dll
2010-11-11 14:47 . 2010-11-11 14:47 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-11-11 14:47 . 2010-11-11 14:47 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-11 14:46 . 2010-11-11 14:46 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-11-11 14:45 . 2010-11-11 14:45 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-11 14:44 . 2010-11-11 14:44 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-11 14:44 . 2010-11-11 14:44 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-11-11 14:43 . 2010-11-11 14:43 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-11-11 14:43 . 2010-11-11 14:43 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-11 14:43 . 2010-11-11 14:43 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-11 14:43 . 2010-11-11 14:43 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-11 14:43 . 2010-11-11 14:43 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-11 14:43 . 2010-11-11 14:43 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-11 14:43 . 2010-11-11 14:43 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-11 14:43 . 2010-11-11 14:43 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-11 14:41 . 2010-11-11 14:41 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-11-11 14:40 . 2010-11-11 14:40 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-11-11 14:40 . 2010-11-11 14:40 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-11-11 14:40 . 2010-11-11 14:40 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-11-11 14:39 . 2010-11-11 14:39 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-11-11 14:39 . 2010-11-11 14:39 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-11 14:39 . 2010-11-11 14:39 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-11 14:38 . 2010-11-11 14:38 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-11-11 14:38 . 2010-11-11 14:38 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-11 14:37 . 2010-11-11 14:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-11-11 14:37 . 2010-11-11 14:37 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-11-11 14:37 . 2010-11-11 14:37 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-11 14:36 . 2010-11-11 14:36 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-11 14:36 . 2010-11-11 14:36 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-11 14:36 . 2010-11-11 14:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-11 14:35 . 2010-11-11 14:35 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-11 14:35 . 2010-11-11 14:35 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-11 14:35 . 2010-11-11 14:35 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-11 14:35 . 2010-11-11 14:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-11 14:35 . 2010-11-11 14:35 369152 ----a-w- c:\windows\system32\secproc.dll
2010-11-11 14:35 . 2010-11-11 14:35 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-11 14:35 . 2010-11-11 14:35 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-11 14:35 . 2010-11-11 14:35 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-11 14:35 . 2010-11-11 14:35 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-11 14:35 . 2010-11-11 14:35 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-11 14:34 . 2010-11-11 14:34 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-11 14:34 . 2010-11-11 14:34 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-11 14:34 . 2010-11-11 14:34 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-11 14:33 . 2010-11-11 14:33 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-11-11 14:33 . 2010-11-11 14:33 2614272 ----a-w- c:\windows\explorer.exe
2010-11-11 14:33 . 2010-11-11 14:33 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-11-11 14:32 . 2010-11-11 14:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-11 14:32 . 2010-11-11 14:32 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-11-11 14:32 . 2010-11-11 14:32 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-11 14:32 . 2010-11-11 14:32 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-11 14:32 . 2010-11-11 14:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-11 14:32 . 2010-11-11 14:32 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-11-11 14:32 . 2010-11-11 14:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-11 14:32 . 2010-11-11 14:32 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-11-11 14:32 . 2010-11-11 14:32 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-11 14:32 . 2010-11-11 14:32 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-11-11 14:31 . 2010-11-11 14:31 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-11 14:31 . 2010-11-11 14:31 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-11-11 14:31 . 2010-11-11 14:31 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-11 14:31 . 2010-11-11 14:31 507568 ----a-w- c:\windows\system32\winload.exe
2010-11-11 14:31 . 2010-11-11 14:31 442920 ----a-w- c:\windows\system32\winresume.exe
2010-11-11 14:31 . 2010-11-11 14:31 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-11-11 14:30 . 2010-11-11 14:30 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-06 04:27 . 2010-10-06 04:27 228024 ----a-w- c:\windows\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-20 136176]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-09-04 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547570943-3476092972-945727233-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 20:41]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547570943-3476092972-945727233-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 20:41]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2010-12-20 21:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-21 02:12
ComboFix2.txt 2010-12-20 23:38

Pre-Run: 139,328,299,008 bytes free
Post-Run: 139,288,932,352 bytes free

- - End Of File - - A112D38BA651242CF504265D6EFCBBB1

2010/12/20 19:25:44.0560 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 19:25:44.0560 ================================================================================
2010/12/20 19:25:44.0560 SystemInfo:
2010/12/20 19:25:44.0560
2010/12/20 19:25:44.0560 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/20 19:25:44.0560 Product type: Workstation
2010/12/20 19:25:44.0560 ComputerName: BRANDON-PC
2010/12/20 19:25:44.0654 UserName: Brandon
2010/12/20 19:25:44.0654 Windows directory: C:\Windows
2010/12/20 19:25:44.0654 System windows directory: C:\Windows
2010/12/20 19:25:44.0654 Processor architecture: Intel x86
2010/12/20 19:25:44.0654 Number of processors: 2
2010/12/20 19:25:44.0654 Page size: 0x1000
2010/12/20 19:25:44.0654 Boot type: Normal boot
2010/12/20 19:25:44.0654 ================================================================================
2010/12/20 19:25:46.0682 Initialize success
2010/12/20 19:25:50.0098 ================================================================================
2010/12/20 19:25:50.0098 Scan started
2010/12/20 19:25:50.0098 Mode: Manual;
2010/12/20 19:25:50.0098 ================================================================================
2010/12/20 19:25:52.0391 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/20 19:25:52.0797 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/20 19:25:53.0437 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/20 19:25:54.0263 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/20 19:25:54.0934 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/20 19:25:55.0964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/20 19:25:57.0118 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/20 19:25:57.0961 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/20 19:25:59.0645 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/20 19:26:00.0269 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/20 19:26:00.0784 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/20 19:26:01.0299 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/20 19:26:02.0048 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/20 19:26:02.0625 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/20 19:26:03.0109 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/20 19:26:03.0670 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/20 19:26:04.0435 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/20 19:26:05.0090 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/20 19:26:05.0776 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/20 19:26:06.0244 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/20 19:26:07.0055 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/20 19:26:07.0898 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/20 19:26:08.0834 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/12/20 19:26:09.0505 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/20 19:26:10.0175 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/20 19:26:11.0080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/20 19:26:12.0016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/20 19:26:12.0905 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/20 19:26:14.0029 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/20 19:26:15.0370 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/20 19:26:17.0071 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/20 19:26:18.0178 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/20 19:26:19.0301 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/20 19:26:20.0097 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/20 19:26:20.0503 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/20 19:26:22.0437 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/20 19:26:23.0513 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/20 19:26:24.0465 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/20 19:26:24.0824 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/20 19:26:25.0417 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/20 19:26:25.0838 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/20 19:26:26.0431 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/20 19:26:27.0133 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/20 19:26:27.0694 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/20 19:26:28.0443 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/20 19:26:29.0005 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/20 19:26:29.0722 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/20 19:26:30.0237 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/20 19:26:30.0752 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/20 19:26:31.0906 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/20 19:26:32.0515 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/20 19:26:33.0716 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/20 19:26:34.0496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/20 19:26:35.0089 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/20 19:26:35.0822 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/20 19:26:36.0259 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/20 19:26:36.0961 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/20 19:26:38.0037 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/20 19:26:39.0176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/20 19:26:39.0862 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/20 19:26:40.0549 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/20 19:26:41.0313 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/20 19:26:42.0124 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/20 19:26:42.0733 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/20 19:26:43.0248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/20 19:26:44.0059 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/20 19:26:44.0542 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/20 19:26:45.0385 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/20 19:26:46.0118 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/20 19:26:46.0586 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/20 19:26:47.0101 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/20 19:26:49.0503 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/20 19:26:50.0252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/20 19:26:51.0334 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/20 19:26:51.0843 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/20 19:26:52.0474 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/20 19:26:54.0684 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/20 19:26:56.0684 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 19:26:59.0763 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/20 19:26:59.0997 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/12/20 19:27:00.0783 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/20 19:27:01.0943 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/20 19:27:03.0077 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/20 19:27:03.0498 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/20 19:27:03.0951 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/20 19:27:04.0494 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/20 19:27:05.0178 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/20 19:27:05.0673 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/20 19:27:06.0575 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/20 19:27:07.0153 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/20 19:27:09.0135 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2010/12/20 19:27:11.0071 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2010/12/20 19:27:13.0404 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
2010/12/20 19:27:13.0895 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2010/12/20 19:27:14.0651 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2010/12/20 19:27:15.0169 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/20 19:27:16.0443 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/20 19:27:17.0324 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/20 19:27:18.0054 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/20 19:27:18.0684 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/20 19:27:19.0296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/20 19:27:20.0318 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/20 19:27:20.0929 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/20 19:27:21.0543 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/20 19:27:21.0965 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/20 19:27:22.0641 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/20 19:27:23.0190 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/20 19:27:23.0656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/20 19:27:24.0491 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/20 19:27:24.0993 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/20 19:27:25.0453 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/20 19:27:28.0742 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/20 19:27:30.0094 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/20 19:27:30.0745 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/20 19:27:31.0423 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/20 19:27:32.0011 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/20 19:27:32.0626 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/20 19:27:33.0182 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/20 19:27:33.0773 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/20 19:27:34.0263 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/20 19:27:34.0762 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/20 19:27:35.0403 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/20 19:27:36.0040 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/20 19:27:36.0689 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/20 19:27:37.0453 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/20 19:27:38.0145 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/20 19:27:38.0665 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/20 19:27:39.0089 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/20 19:27:39.0756 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/20 19:27:40.0372 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/20 19:27:40.0921 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/20 19:27:41.0534 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/20 19:27:41.0988 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/20 19:27:42.0467 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/20 19:27:43.0073 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/20 19:27:43.0565 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/20 19:27:44.0009 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/20 19:27:45.0300 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/20 19:27:46.0422 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/20 19:27:47.0511 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/20 19:27:48.0468 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/20 19:27:49.0133 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/20 19:27:49.0725 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/20 19:27:50.0807 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/20 19:27:52.0156 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/20 19:27:52.0890 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/20 19:27:54.0228 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/20 19:27:55.0059 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/20 19:27:55.0683 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/20 19:27:56.0161 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/20 19:27:56.0681 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/20 19:27:57.0245 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/20 19:27:57.0713 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/20 19:27:58.0633 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/20 19:27:59.0329 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/20 19:28:00.0927 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2010/12/20 19:28:01.0619 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/20 19:28:02.0143 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/20 19:28:06.0203 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/20 19:28:08.0173 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/20 19:28:12.0018 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/20 19:28:13.0013 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/20 19:28:13.0579 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/20 19:28:14.0210 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/20 19:28:15.0039 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/20 19:28:15.0920 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/20 19:28:16.0833 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/20 19:28:17.0917 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/20 19:28:18.0896 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/20 19:28:19.0784 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/20 19:28:20.0346 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/20 19:28:20.0988 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/20 19:28:21.0929 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/20 19:28:22.0411 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/20 19:28:23.0131 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/20 19:28:24.0159 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/20 19:28:24.0894 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/20 19:28:26.0463 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/20 19:28:27.0319 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/20 19:28:28.0584 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/20 19:28:29.0939 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/20 19:28:30.0711 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/20 19:28:31.0699 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/20 19:28:32.0573 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/20 19:28:33.0295 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/20 19:28:34.0008 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/20 19:28:34.0696 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/20 19:28:35.0486 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/20 19:28:36.0544 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/20 19:28:38.0093 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/20 19:28:39.0096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/20 19:28:39.0786 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/20 19:28:41.0211 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/20 19:28:45.0097 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/20 19:28:46.0579 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/20 19:28:47.0161 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/20 19:28:48.0323 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/20 19:28:49.0449 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/20 19:28:51.0163 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/20 19:28:53.0744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/20 19:28:56.0937 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/20 19:29:02.0671 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/20 19:29:07.0910 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/20 19:29:08.0622 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/20 19:29:10.0326 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/20 19:29:11.0953 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/20 19:29:13.0557 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/20 19:29:18.0466 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/20 19:29:22.0626 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/20 19:29:24.0076 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/20 19:29:25.0745 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/20 19:29:31.0180 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/20 19:29:32.0772 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/20 19:29:34.0012 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/20 19:29:38.0163 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/20 19:29:38.0689 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/20 19:29:40.0499 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/20 19:29:42.0462 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/20 19:29:42.0971 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/20 19:29:44.0100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/20 19:29:44.0695 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/20 19:29:45.0182 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/20 19:29:46.0173 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/20 19:29:47.0913 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/20 19:29:49.0677 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/20 19:29:50.0487 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/20 19:29:51.0561 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/20 19:29:52.0195 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/20 19:29:52.0785 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/20 19:29:53.0286 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/20 19:29:53.0895 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/20 19:29:54.0709 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/20 19:29:55.0506 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/20 19:29:56.0412 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/20 19:29:58.0420 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/20 19:29:59.0233 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/20 19:30:00.0403 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/20 19:30:02.0584 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/20 19:30:04.0495 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/20 19:30:06.0584 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 19:30:06.0964 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 19:30:09.0595 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/20 19:30:10.0169 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/20 19:30:12.0556 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/20 19:30:14.0079 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/20 19:30:15.0081 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/20 19:30:16.0044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/20 19:30:16.0733 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/20 19:30:17.0364 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/20 19:30:17.0957 ================================================================================
2010/12/20 19:30:17.0957 Scan finished
2010/12/20 19:30:17.0957 ================================================================================
2010/12/20 19:30:33.0357 Deinitialize success

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-20 20:33:31
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\Brandon\AppData\Local\Temp\pxddyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x87E24DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x87E26FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x87E27262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x87E274D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x87E256BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x87E264F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x87E26A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x87E2599A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x87E26922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x87E24998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x87E267F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x87E24B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x87E26B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x87E25344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x87E25442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x87E27722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x87E2688C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x87E2824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x87E25E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x87E29458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x87E25C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x87E2833C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x87E28AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x87E26AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x87E25740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x87E269B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x87E24FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x87E2883E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x87E26BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x87E24ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x87E277DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x87E28DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x87E286D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x87E23652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x87E26F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x87E26E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x87E27FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x87E239CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x87E292FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x87E235EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x87E26238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x87E25560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x87E2787E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x87E284DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x87E28F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x87E29020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x87E2915A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x87E2816E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x87E2518E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x87E250E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x87E28C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x87E2527A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8183B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8185B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1397 81862664 4 Bytes [AA, 4D, E2, 87] {STOSB ; DEC EBP; LOOP 0xffffffffffffff8b}
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8186268C 8 Bytes CALL E40E0900
.text ntoskrnl.exe!KeRemoveQueueEx + 1403 818626D0 4 Bytes [D8, 74, E2, 87] {FDIV DWORD [EDX-0x79]}
.text ntoskrnl.exe!KeRemoveQueueEx + 142F 818626FC 4 Bytes [BE, 56, E2, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 1453 81862720 4 Bytes [F2, 64, E2, 87]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] USER32.dll!NotifyWinEvent + 48B 77EBF724 4 Bytes JMP 4813E077
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] USER32.dll!NotifyWinEvent + 48B 77EBF724 4 Bytes JMP 4813E077

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00600240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 006002B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00600320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00600390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77F907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77F90860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77F909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00FD0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77F90A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FD0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00FD0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00FD0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77F90A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77F90B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00610160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 006101D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00610240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00610320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 77FB07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77FB0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 77FB08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 006104E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 77FB09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00610B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00610B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00610BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00610C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77FB0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00610CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77FB0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77FB0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00FE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00610D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00610DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00FE00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00FE0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 00FE01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 006301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 006302B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00FF0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00FF0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00FF04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00FF0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00FF05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 006308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00630940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 006309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00630A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77FB0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 77FB00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77FB0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77F901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 77FB0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77F90320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77FB0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77FB0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 77FB00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 77FB01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00220240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00220320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00220390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77F907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77F90860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77F909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 003E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77F90A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 003E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 003E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77F90A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77F90B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00230160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 002301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00230240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00230320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 77FB07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77FB0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 77FB08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 002304E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 77FB09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00230B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00230B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00230BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00230C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77FB0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00230CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77FB0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77FB0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 003F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00230D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00230DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 003F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 003F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 003F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 002501D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002502B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00460400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00460470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 004604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00460550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 004605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00460630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00250940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00250A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77F90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77F90010
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [005C02D5] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005C0380] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)
IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005C0267] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 azzihs

azzihs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 December 2010 - 10:42 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Brandon at 22:01:22.57 on Mon 12/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1012.317 [GMT -5:00]

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [Google Update] "c:\users\brandon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-5-22 167936]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-3 365336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-12-21 02:16:09 -------- d-----w- c:\program files\ESET
2010-12-21 02:10:31 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-21 01:44:42 -------- d-----w- c:\program files\CCleaner
2010-12-21 00:10:46 -------- d-----w- c:\users\brandon\appdata\roaming\Malwarebytes
2010-12-21 00:10:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:10:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-21 00:10:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-21 00:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 23:40:59 -------- d-----w- c:\users\brandon\appdata\local\Deployment
2010-12-20 23:40:59 -------- d-----w- c:\users\brandon\appdata\local\Apps
2010-12-20 23:39:48 -------- d-----w- c:\program files\uTorrent
2010-12-20 23:39:06 -------- d-----w- c:\users\brandon\appdata\roaming\uTorrent
2010-12-20 23:26:24 -------- d-----w- c:\users\brandon\appdata\local\temp
2010-12-20 23:24:24 -------- d-----w- c:\windows\Panther
2010-12-20 23:05:08 -------- d-----w- c:\windows\system32\autorun
2010-12-20 23:03:38 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-12-20 23:03:37 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-12-20 23:03:37 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-12-20 23:03:37 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-12-20 23:03:37 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-12-20 23:03:29 -------- d-----w- C:\Acer
2010-12-20 22:53:14 89088 ----a-w- c:\windows\MBR.exe
2010-12-20 22:53:14 256512 ----a-w- c:\windows\PEV.exe
2010-12-20 22:53:13 98816 ----a-w- c:\windows\sed.exe
2010-12-20 22:53:13 161792 ----a-w- c:\windows\SWREG.exe
2010-12-20 21:52:39 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-20 21:52:39 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-20 21:51:23 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-20 21:51:23 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-12-20 21:48:18 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-12-20 21:19:30 207368 ----a-w- c:\windows\UNINST32.EXE
2010-12-20 21:10:05 -------- d-----w- c:\users\brandon\appdata\local\AOL
2010-12-20 21:10:05 -------- d-----w- c:\users\brandon\appdata\local\AIM
2010-12-20 21:09:53 -------- d-----w- c:\progra~2\AIM
2010-12-20 21:09:48 -------- d-----w- c:\program files\AIM
2010-12-20 21:09:47 -------- d-----w- c:\program files\common files\Software Update Utility
2010-12-20 21:09:44 -------- d-----w- c:\program files\common files\AOL
2010-12-20 21:00:07 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-20 20:59:59 -------- d-----w- c:\windows\PCHEALTH
2010-12-20 20:59:56 -------- d-sh--w- c:\windows\Installer
2010-12-20 20:58:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{130e0235-a542-47e2-980b-38aecaa30acc}\mpengine.dll
2010-12-20 20:58:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 20:54:46 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-20 20:45:25 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-12-20 20:45:25 -------- d-----w- c:\windows\system32\x64
2010-12-20 20:43:02 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-20 20:41:43 -------- d-----w- c:\users\brandon\appdata\local\Google

==================== Find3M ====================

2010-11-11 18:44:07 805 ----a-w- c:\windows\system32\RTSLCS.dll
2010-11-11 14:50:57 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-11 14:50:57 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-11 14:50:36 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-11 14:49:36 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-11 14:49:17 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-11-11 14:48:56 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-11-11 14:48:56 417792 ----a-w- c:\windows\system32\msdri.dll
2010-11-11 14:48:56 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-11-11 14:48:56 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-11 14:48:32 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-11 14:47:57 224256 ----a-w- c:\windows\system32\schannel.dll
2010-11-11 14:47:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-11-11 14:47:02 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-11 14:46:43 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-11-11 14:45:48 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-11 14:43:59 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-11-11 14:43:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-11 14:43:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-11 14:43:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-11 14:43:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-11 14:43:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-11 14:41:05 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-11-11 14:40:46 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-11-11 14:40:28 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-11-11 14:40:28 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-11-11 14:39:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-11-11 14:39:13 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-11 14:39:13 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-11 14:38:31 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-11-11 14:38:10 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-11 14:37:46 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-11-11 14:37:03 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-11 14:35:46 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-11 14:35:27 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-11 14:35:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-11 14:35:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-11 14:35:10 369152 ----a-w- c:\windows\system32\secproc.dll
2010-11-11 14:35:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-11 14:35:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-11 14:35:10 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-11 14:35:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-11 14:35:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-11 14:34:32 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-11 14:34:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-11 14:33:52 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-11-11 14:33:52 2614272 ----a-w- c:\windows\explorer.exe
2010-11-11 14:32:52 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-11 14:32:34 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-11-11 14:32:34 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-11 14:32:34 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-11 14:32:34 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-11 14:32:34 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-11-11 14:32:34 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-11 14:32:34 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-11-11 14:32:34 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-11 14:31:59 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-11 14:31:41 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-11-11 14:31:15 507568 ----a-w- c:\windows\system32\winload.exe
2010-11-11 14:31:15 442920 ----a-w- c:\windows\system32\winresume.exe
2010-11-11 14:31:15 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-11-11 14:30:45 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
2010-10-06 04:27:04 228024 ----a-w- c:\windows\system32\klogon.dll

============= FINISH: 22:02:34.58 ===============

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 AM

Posted 30 December 2010 - 06:26 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 AM

Posted 08 January 2011 - 06:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users