Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Laptop - Infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 swduffy

swduffy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 June 2011 - 01:49 PM

I received this computer from a friend and it came to me with a fake anti-virus virus. I was able to get rid of that but somewhere in Time Avg got corrupted and would not start. The computer has a re-director virus, plus possibly other viruses.

I attempted to re-install avg but whatever was running blocked AVG from getting updates, etc from their site

I originally recommended that this computer be put back to factory with the restore CD, however the original owner has lost said disk, and did not want to spend any money on getting a new copy of the operating system.

The computer is a Toshiba Satelite laptop running Windows 7 Premium (32 Bit)

As I am cleaning up this laptop for my friend I want to make sure that I get everything I can off of the machine. As part of the clean-up I created a new profile for me to work from. I transfered the pictures and music to a USB hard drive and deleted the original profile.

Now that I have done that I have been able to install and run AVG (free version) AVG picked and removed a few things but I want to make sure that there is nothing AVG has missed. I intend to install a firewall program as well.

I have never used Hijack this or Combo fix, so as much as «i am fixing this laptop for a friend, I see this as a learning oportunity for me to learn new skills to help people whose computers who are virused.

OBTW I work afternoons so I won`t be able to respond to questions or requests till tommorrow at the earliest My family has a member who is dying from cancer and is expected to pass any day now, and if she passes it may be days before I continue with this laptop

Sean

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 29 June 2011 - 08:42 PM

Welcome aboard Posted Image

I intend to install a firewall program as well.

Make sure, Windows firewall is on for now.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

======================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2011 - 04:07 PM

Ok

Ran everything as suggested here are the logs:

Security Checker

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

Malabytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7005

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02/07/2011 3:42:16 PM
mbam-log-2011-07-02 (15-42-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 252919
Time elapsed: 1 hour(s), 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Root Unhooker:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x9A75A4D5-->993B7E64 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x9A83CDDF-->993B7DA4 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0x9A766595-->993B7DF8 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x9A7787C7-->993B7D22 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x85F0DA60 [224] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x875557B8 [256] C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation, TOSHIBA eco Utility Service)
0x87A3CD40 [304] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x897FF760 [404] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
0x883CB530 [432] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x897314B0 [584] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)
0x89077468 [672] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x882CD490 [680] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
0x886F52B8 [716] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x8869B600 [728] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x895A0A18 [776] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x895A6030 [812] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x8874F8E8 [824] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x895A4030 [832] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x89604030 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89CFD468 [1040] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation, TSS TMachInfo Service)
0x85CE1D40 [1044] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89610B18 [1116] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87472B10 [1128] C:\Windows\System32\igfxext.exe (Intel Corporation, igfxext Module)
0x89650278 [1188] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x896519C8 [1220] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x892BCD40 [1292] C:\Users\Sean\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x875D0A28 [1336] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x896B0030 [1388] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x896DFD40 [1472] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88377D40 [1640] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8837CD40 [1680] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x883CED40 [1760] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated, Adobe Acrobat Update Service)
0x89774030 [1796] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x897AED40 [1848] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x897B2030 [1896] C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation, TOSHIBA HDD Protection Service)
0x89750BC0 [1956] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)
0x8974CA20 [1984] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x898B8B18 [2124] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x89B49730 [2152] C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation, TOSHIBA HDD Protection Service)
0x88FDE808 [2528] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation, Message Center)
0x89B46660 [2572] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x899DDB18 [2648] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89D0EB18 [2676] C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation, TOSHIBA eco Utility)
0x89CDE6D8 [2728] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation, TOSHIBA PC Health Monitor)
0x898D79C0 [2748] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation, TosSENotify.exe.mui)
0x89D26D40 [2784] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation, TOSHIBA Service Station)
0x89D0C510 [2836] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation., HDMICtrlMan.exe)
0x89D0DC20 [2928] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION., -)
0x85E50650 [2984] C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation, LSI Soft Modem Call Progress Service)
0x89D1FD40 [3132] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation, Monitor of TOSHIBA ReelTime)
0x86233B90 [3144] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x89CF6030 [3164] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation, IPoint.exe)
0x89A8E030 [3320] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation, TosSmartSrv.exe)
0x85EEC030 [3452] C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation, RSelSvc Service Application)
0x89B0E030 [3508] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x89D86D40 [3536] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x85F36A60 [3584] C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation, TOSHIBA PC Health Monitor)
0x89D06760 [3608] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x89B62380 [3652] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x89D6FC88 [3700] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation, dpupdchk.exe)
0x89B0E8A0 [3780] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89C38030 [3908] C:\Windows\System32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x89C07260 [3936] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x89C77520 [3968] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION, KeNotify MFC Application)
0x89C85030 [3976] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x89C9C9E0 [4012] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)
0x89B9BA90 [4032] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x89CBDD40 [4040] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)
0x89CCED40 [4060] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)
0x899156C8 [4088] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x868496B0 [4100] C:\Windows\System32\notepad.exe (Microsoft Corporation, Notepad)
0x89987030 [4216] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x89E34888 [4312] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x85D5D7A0 [4372] C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation., SoundChanger.exe)
0x85ECC6C8 [4428] C:\Windows\System32\notepad.exe (Microsoft Corporation, Notepad)
0x85D56030 [4552] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (-, -)
0x8971AB10 [4704] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x89C09488 [4828] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree Task Tray Menu)
0x85F4C030 [5028] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x85E9FA58 [5088] C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x85E3E658 [5120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85D79938 [5616] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x87477D40 [6076] C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager Process)
0x85C2CD40 [4] System
0x88FEB378 [3952] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x91636000 C:\windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8300F000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8300F000 PnpManager 4259840 bytes
0x8300F000 RAW 4259840 bytes
0x8300F000 WMIxWDM 4259840 bytes
0x9242A000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9A6F0000 Win32k 2404352 bytes
0x9A6F0000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B609000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B41A000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90C88000 C:\windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (LSI Corporation, SoftModem Device Driver)
0x90839000 C:\windows\system32\DRIVERS\rtl8192se.sys 983040 bytes (Realtek Semiconductor Corporation , Realtek RTL81892SE NDIS Driverr)
0x8FC17000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8B23A000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91C5D000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83E2F000 C:\windows\system32\DRIVERS\NDIS.SYS 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x836D5000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAEE0F000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99276000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83602000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83780000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8B55C000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90A04000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAEF52000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xAEEE3000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9A9A0000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91D58000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83F14000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83C16000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x83D6D000 C:\windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8B398000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x99204000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x90C33000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83693000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90AC6000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B783000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x83D2F000 C:\windows\system32\DRIVERS\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x90B4D000 C:\windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x99349000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91D14000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8341F000 ACPI_HAL 225280 bytes
0x8341F000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x909A1000 C:\windows\system32\DRIVERS\SynTP.sys 221184 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8B353000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x83DB4000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x83F8A000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FDCB000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B752000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x926C6000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83CD6000 C:\windows\system32\DRIVERS\ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0x8B200000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x91DD1000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x83D04000 C:\windows\system32\DRIVERS\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83C6F000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x90952000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x83FBC000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B5D0000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x92755000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x8B31D000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9271B000 C:\windows\system32\drivers\IntcHdmi.sys 143360 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x99326000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x90BAA000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAEEB0000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90B89000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FD55000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAEF32000 C:\windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8FD10000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91DB2000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90A65000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9A980000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9240B000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x99384000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90DA4000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x992FB000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x926F5000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90B27000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9097C000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x91600000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90BCC000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90BE4000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FC00000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FDB4000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9273E000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83F5F000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9279A000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B549000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9925A000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90AA3000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9081F000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90800000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x99314000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B400000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x927DC000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B387000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90C77000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83CB1000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8367A000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90A84000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x90DBE000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B7DC000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9924A000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90AB6000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83F04000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91DA3000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90B3F000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90A95000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FDA6000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83F7C000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B5B9000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x91623000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x837F1000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90812000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x927CF000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90994000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83CA4000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x9270E000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x909D9000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xAEED1000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FD76000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FD2F000 C:\windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x90B1B000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x927AD000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8FD49000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83EF9000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9278F000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x92400000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x927B9000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8FD9B000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91618000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x927C4000 C:\windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)
0x83CCB000 C:\windows\system32\DRIVERS\ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0x83EE6000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B7C9000 C:\windows\system32\DRIVERS\thpdrv.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0x91D4D000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83C99000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x927ED000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B340000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x90B11000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90B07000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAEEA6000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x909E6000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x90929000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B34A000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B314000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xAEFAC000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x9277F000 C:\windows\system32\DRIVERS\dc3d.sys 36864 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x8B5C7000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x83CC2000 C:\windows\system32\DRIVERS\sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0x9A950000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x9926D000 C:\windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x83C5E000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8368B000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83EF1000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B7EC000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCB000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83C67000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FD83000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FD8B000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8FD93000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B7D4000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B7F4000 C:\windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8FD42000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92788000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FD3B000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83F75000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x909F0000 C:\windows\system32\DRIVERS\TVALZFL.sys 28672 bytes (TOSHIBA Corporation, TOSHIBA TVALZ Filter Driver)
0x90A5E000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92779000 C:\windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)
0xAEEDE000 C:\windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8B7C2000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8B7FB000 C:\windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x993B7000 C:\windows\system32\DRIVERS\AVGIDSShim.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x90978000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x90831000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8B7C7000 C:\windows\system32\DRIVERS\Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0x909D7000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x8748FA91 Unknown page with executable code, 1391 bytes
0x8B783000 WARNING: Virus alike driver modification [volsnap.sys], 258048 bytes
0x8748E288 Unknown page with executable code, 3448 bytes
0x87490191 Unknown page with executable code, 3695 bytes
0x87492E7A Unknown thread object [ ETHREAD 0x874134C0 ] TID: 264, 600 bytes
0x87495008 Unknown thread object [ ETHREAD 0x8756C9E0 ] TID: 268, 600 bytes
0x87494CDC Unknown page with executable code, 804 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
[3780]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77150E51-->69C78197 [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7718D29C-->69D9FF3B [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77174AA7-->69D9FED8 [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7718CF6A-->69D9FE75 [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7717564A-->69B94BA7 [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7719EA29-->69D9FD3D [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7719EA4D-->69D9FCDB [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7719E8C9-->69D9FE0A [ieframe.dll]
[3780]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7719E9C3-->69D9FD9F [ieframe.dll]
[3780]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x766B9ABA-->00146A90 [unknown_code_page]
[3780]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x766C0848-->00146C90 [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C33BED-->0035000A [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C348BE-->0033000A [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76C36737-->005A000A [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76C47133-->003C000A [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C347DF-->0032000A [unknown_code_page]
[3780]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C3C4C8-->003B000A [unknown_code_page]
[4312]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7714CC8F-->69C69D94 [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77150E51-->69C78197 [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7718D29C-->69D9FF3B [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77174AA7-->69D9FED8 [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7718CF6A-->69D9FE75 [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7717564A-->69B94BA7 [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7719EA29-->69D9FD3D [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7719EA4D-->69D9FCDB [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7719E8C9-->69D9FE0A [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7719E9C3-->69D9FD9F [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7715210A-->69C2463B [ieframe.dll]
[4312]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7714CC7B-->69C883A2 [ieframe.dll]
[4312]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x766B9ABA-->00986A90 [unknown_code_page]
[4312]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x766C0848-->00986C90 [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C33BED-->0040000A [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C348BE-->003F000A [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76C36737-->00AE000A [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76C47133-->00AD000A [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C347DF-->003E000A [unknown_code_page]
[4312]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C3C4C8-->00AC000A [unknown_code_page]


What am I looking at and what am I looking for?

Sean

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 02 July 2011 - 06:03 PM

It looks like we have rootkited file there [volsnap.sys].

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2011 - 06:39 PM

TDS Killer result:

2011/07/02 19:35:33.0470 5440 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 19:35:33.0870 5440 ================================================================================
2011/07/02 19:35:33.0870 5440 SystemInfo:
2011/07/02 19:35:33.0870 5440
2011/07/02 19:35:33.0870 5440 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 19:35:33.0870 5440 Product type: Workstation
2011/07/02 19:35:33.0870 5440 ComputerName: BRYAN-PC
2011/07/02 19:35:33.0870 5440 UserName: Sean
2011/07/02 19:35:33.0870 5440 Windows directory: C:\windows
2011/07/02 19:35:33.0870 5440 System windows directory: C:\windows
2011/07/02 19:35:33.0870 5440 Processor architecture: Intel x86
2011/07/02 19:35:33.0870 5440 Number of processors: 2
2011/07/02 19:35:33.0870 5440 Page size: 0x1000
2011/07/02 19:35:33.0870 5440 Boot type: Normal boot
2011/07/02 19:35:33.0870 5440 ================================================================================
2011/07/02 19:35:34.0480 5440 Initialize success
2011/07/02 19:35:38.0900 4116 ================================================================================
2011/07/02 19:35:38.0900 4116 Scan started
2011/07/02 19:35:38.0900 4116 Mode: Manual;
2011/07/02 19:35:38.0900 4116 ================================================================================
2011/07/02 19:35:39.0920 4116 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/02 19:35:40.0080 4116 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/02 19:35:40.0220 4116 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/02 19:35:40.0440 4116 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/02 19:35:40.0580 4116 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/02 19:35:40.0740 4116 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/02 19:35:40.0890 4116 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/07/02 19:35:41.0110 4116 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/07/02 19:35:41.0260 4116 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/02 19:35:41.0400 4116 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/02 19:35:41.0550 4116 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/02 19:35:41.0680 4116 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/02 19:35:41.0830 4116 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/02 19:35:41.0980 4116 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/02 19:35:42.0130 4116 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/02 19:35:42.0260 4116 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/07/02 19:35:42.0390 4116 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/02 19:35:42.0510 4116 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/07/02 19:35:42.0650 4116 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/02 19:35:42.0770 4116 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/02 19:35:42.0890 4116 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/02 19:35:43.0010 4116 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/02 19:35:43.0130 4116 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/02 19:35:43.0300 4116 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/02 19:35:43.0430 4116 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/02 19:35:43.0550 4116 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/02 19:35:43.0680 4116 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/02 19:35:43.0820 4116 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
2011/07/02 19:35:43.0970 4116 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
2011/07/02 19:35:44.0100 4116 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
2011/07/02 19:35:44.0260 4116 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
2011/07/02 19:35:44.0410 4116 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 19:35:44.0550 4116 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 19:35:44.0720 4116 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/02 19:35:44.0880 4116 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/02 19:35:45.0010 4116 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/07/02 19:35:45.0130 4116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 19:35:45.0240 4116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 19:35:45.0370 4116 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/02 19:35:45.0480 4116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/02 19:35:45.0590 4116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 19:35:45.0690 4116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/02 19:35:45.0800 4116 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/02 19:35:45.0930 4116 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/02 19:35:46.0040 4116 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/02 19:35:46.0170 4116 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/02 19:35:46.0280 4116 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/02 19:35:46.0450 4116 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/02 19:35:46.0570 4116 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/02 19:35:46.0690 4116 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/02 19:35:46.0800 4116 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/02 19:35:46.0930 4116 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 19:35:47.0070 4116 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/02 19:35:47.0200 4116 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\windows\system32\DRIVERS\dc3d.sys
2011/07/02 19:35:47.0350 4116 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/07/02 19:35:47.0480 4116 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/02 19:35:47.0600 4116 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/02 19:35:47.0740 4116 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/02 19:35:47.0860 4116 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/02 19:35:48.0100 4116 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/02 19:35:48.0310 4116 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/02 19:35:48.0430 4116 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/02 19:35:48.0600 4116 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/02 19:35:48.0710 4116 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/02 19:35:48.0830 4116 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/02 19:35:48.0960 4116 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/02 19:35:49.0080 4116 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/02 19:35:49.0190 4116 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/02 19:35:49.0310 4116 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/02 19:35:49.0440 4116 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/02 19:35:49.0570 4116 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/07/02 19:35:49.0710 4116 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/02 19:35:49.0830 4116 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/02 19:35:49.0960 4116 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 19:35:50.0100 4116 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/02 19:35:50.0220 4116 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/02 19:35:50.0350 4116 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 19:35:50.0470 4116 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/02 19:35:50.0600 4116 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/02 19:35:50.0720 4116 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/02 19:35:50.0850 4116 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/02 19:35:50.0990 4116 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 19:35:51.0120 4116 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/02 19:35:51.0230 4116 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/02 19:35:51.0350 4116 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/02 19:35:51.0470 4116 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/02 19:35:51.0580 4116 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/07/02 19:35:51.0840 4116 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/02 19:35:52.0080 4116 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/02 19:35:52.0330 4116 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/02 19:35:52.0520 4116 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
2011/07/02 19:35:52.0630 4116 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/02 19:35:52.0750 4116 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/02 19:35:52.0880 4116 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 19:35:52.0990 4116 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/02 19:35:53.0110 4116 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/02 19:35:53.0220 4116 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/02 19:35:53.0340 4116 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/02 19:35:53.0470 4116 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\windows\system32\DRIVERS\jmcr.sys
2011/07/02 19:35:53.0600 4116 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/02 19:35:53.0720 4116 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/02 19:35:53.0830 4116 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/02 19:35:53.0940 4116 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/02 19:35:54.0080 4116 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/02 19:35:54.0220 4116 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/07/02 19:35:54.0340 4116 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 19:35:54.0470 4116 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 19:35:54.0620 4116 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 19:35:54.0730 4116 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 19:35:54.0860 4116 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/02 19:35:54.0980 4116 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/02 19:35:55.0110 4116 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/02 19:35:55.0240 4116 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/02 19:35:55.0340 4116 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/02 19:35:55.0460 4116 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/02 19:35:55.0580 4116 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/02 19:35:55.0700 4116 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/02 19:35:55.0820 4116 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/02 19:35:55.0930 4116 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/02 19:35:56.0040 4116 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/02 19:35:56.0190 4116 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 19:35:56.0330 4116 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 19:35:56.0470 4116 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 19:35:56.0580 4116 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/02 19:35:56.0690 4116 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/02 19:35:56.0830 4116 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/02 19:35:56.0940 4116 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/02 19:35:57.0060 4116 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/02 19:35:57.0190 4116 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/02 19:35:57.0310 4116 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/02 19:35:57.0440 4116 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/02 19:35:57.0550 4116 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/02 19:35:57.0670 4116 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/02 19:35:57.0790 4116 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/02 19:35:57.0900 4116 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/02 19:35:58.0010 4116 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/02 19:35:58.0160 4116 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/02 19:35:58.0290 4116 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/02 19:35:58.0410 4116 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/02 19:35:58.0580 4116 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/02 19:35:58.0730 4116 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/02 19:35:58.0850 4116 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/02 19:35:58.0970 4116 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/02 19:35:59.0090 4116 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/02 19:35:59.0210 4116 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/02 19:35:59.0360 4116 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/02 19:35:59.0490 4116 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/02 19:35:59.0610 4116 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/02 19:35:59.0760 4116 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/07/02 19:35:59.0890 4116 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/02 19:36:00.0010 4116 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/07/02 19:36:00.0200 4116 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/07/02 19:36:00.0340 4116 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/02 19:36:00.0570 4116 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/02 19:36:00.0760 4116 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/02 19:36:00.0880 4116 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/02 19:36:00.0990 4116 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/02 19:36:01.0120 4116 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/02 19:36:01.0240 4116 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/02 19:36:01.0350 4116 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/02 19:36:01.0470 4116 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/02 19:36:01.0610 4116 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/02 19:36:01.0750 4116 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/07/02 19:36:01.0900 4116 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\windows\system32\DRIVERS\point32k.sys
2011/07/02 19:36:02.0040 4116 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/02 19:36:02.0160 4116 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/02 19:36:02.0300 4116 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/02 19:36:02.0440 4116 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/02 19:36:02.0550 4116 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/02 19:36:02.0690 4116 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/02 19:36:02.0810 4116 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/02 19:36:02.0940 4116 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 19:36:03.0070 4116 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 19:36:03.0210 4116 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/02 19:36:03.0330 4116 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/02 19:36:03.0450 4116 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/02 19:36:03.0570 4116 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/02 19:36:03.0690 4116 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 19:36:03.0810 4116 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/02 19:36:03.0920 4116 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/02 19:36:04.0030 4116 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/02 19:36:04.0160 4116 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/02 19:36:04.0340 4116 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/02 19:36:04.0470 4116 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 19:36:04.0630 4116 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/07/02 19:36:04.0760 4116 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/02 19:36:04.0890 4116 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/02 19:36:05.0020 4116 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\windows\system32\drivers\sdbus.sys
2011/07/02 19:36:05.0150 4116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/02 19:36:05.0290 4116 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/02 19:36:05.0430 4116 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/02 19:36:05.0540 4116 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/02 19:36:05.0670 4116 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/07/02 19:36:05.0780 4116 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/02 19:36:05.0880 4116 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys
2011/07/02 19:36:05.0990 4116 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/02 19:36:06.0110 4116 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/02 19:36:06.0250 4116 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 19:36:06.0360 4116 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/02 19:36:06.0480 4116 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/02 19:36:06.0630 4116 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/02 19:36:06.0800 4116 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/07/02 19:36:06.0940 4116 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/07/02 19:36:07.0080 4116 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/02 19:36:07.0210 4116 ssfs0bbc (010232855e1903f70bd34afa026543c4) C:\windows\system32\DRIVERS\ssfs0bbc.sys
2011/07/02 19:36:07.0310 4116 sshrmd (1b4edfe8d487277fcbaf6905d255f855) C:\windows\system32\DRIVERS\sshrmd.sys
2011/07/02 19:36:07.0420 4116 ssidrv (72b663021fc7a23ed7241092558fe573) C:\windows\system32\DRIVERS\ssidrv.sys
2011/07/02 19:36:07.0540 4116 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/02 19:36:07.0660 4116 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/02 19:36:07.0790 4116 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/02 19:36:07.0960 4116 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/07/02 19:36:08.0120 4116 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/02 19:36:08.0260 4116 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/02 19:36:08.0410 4116 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/07/02 19:36:08.0530 4116 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/02 19:36:08.0650 4116 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/02 19:36:08.0780 4116 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/02 19:36:08.0900 4116 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/02 19:36:09.0060 4116 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
2011/07/02 19:36:09.0190 4116 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/07/02 19:36:09.0380 4116 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/07/02 19:36:09.0510 4116 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 19:36:09.0660 4116 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/02 19:36:09.0800 4116 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/02 19:36:09.0930 4116 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/07/02 19:36:10.0050 4116 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/02 19:36:10.0180 4116 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/07/02 19:36:10.0330 4116 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 19:36:10.0460 4116 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/02 19:36:10.0580 4116 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/02 19:36:10.0710 4116 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/02 19:36:10.0820 4116 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/02 19:36:10.0940 4116 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/02 19:36:11.0070 4116 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/02 19:36:11.0180 4116 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/02 19:36:11.0290 4116 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/02 19:36:11.0400 4116 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 19:36:11.0520 4116 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/02 19:36:11.0650 4116 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/07/02 19:36:11.0790 4116 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 19:36:11.0930 4116 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/02 19:36:12.0050 4116 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/02 19:36:12.0160 4116 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/02 19:36:12.0290 4116 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/02 19:36:12.0410 4116 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/02 19:36:12.0530 4116 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/02 19:36:12.0650 4116 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/02 19:36:12.0780 4116 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/02 19:36:12.0910 4116 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/02 19:36:12.0910 4116 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/02 19:36:12.0920 4116 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/02 19:36:13.0050 4116 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/02 19:36:13.0180 4116 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/02 19:36:13.0290 4116 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/02 19:36:13.0420 4116 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/02 19:36:13.0530 4116 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/02 19:36:13.0660 4116 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/02 19:36:13.0680 4116 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/02 19:36:13.0840 4116 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/02 19:36:13.0960 4116 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/02 19:36:14.0120 4116 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/02 19:36:14.0230 4116 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/02 19:36:14.0420 4116 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/02 19:36:14.0570 4116 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 19:36:14.0720 4116 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/02 19:36:14.0860 4116 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/02 19:36:14.0950 4116 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/07/02 19:36:14.0980 4116 Boot (0x1200) (56313d8693577dc8626058fcccd957b4) \Device\Harddisk0\DR0\Partition0
2011/07/02 19:36:14.0990 4116 ================================================================================
2011/07/02 19:36:14.0990 4116 Scan finished
2011/07/02 19:36:14.0990 4116 ================================================================================
2011/07/02 19:36:15.0000 5716 Detected object count: 1
2011/07/02 19:36:15.0000 5716 Actual detected object count: 1
2011/07/02 19:36:42.0460 5716 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/02 19:36:42.0470 5716 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/02 19:36:44.0060 5716 Backup copy found, using it..
2011/07/02 19:36:44.0070 5716 C:\windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/07/02 19:36:44.0070 5716 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 02 July 2011 - 06:42 PM

Well done :)

How is computer doing?

Please post fresh RKUnhooker log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2011 - 06:48 PM

After re-boot

2011/07/02 19:44:02.0038 3700 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 19:44:02.0412 3700 ================================================================================
2011/07/02 19:44:02.0412 3700 SystemInfo:
2011/07/02 19:44:02.0412 3700
2011/07/02 19:44:02.0412 3700 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 19:44:02.0412 3700 Product type: Workstation
2011/07/02 19:44:02.0412 3700 ComputerName: BRYAN-PC
2011/07/02 19:44:02.0412 3700 UserName: Sean
2011/07/02 19:44:02.0412 3700 Windows directory: C:\windows
2011/07/02 19:44:02.0412 3700 System windows directory: C:\windows
2011/07/02 19:44:02.0412 3700 Processor architecture: Intel x86
2011/07/02 19:44:02.0412 3700 Number of processors: 2
2011/07/02 19:44:02.0412 3700 Page size: 0x1000
2011/07/02 19:44:02.0412 3700 Boot type: Normal boot
2011/07/02 19:44:02.0412 3700 ================================================================================
2011/07/02 19:44:13.0332 3700 Initialize success
2011/07/02 19:44:28.0917 0876 ================================================================================
2011/07/02 19:44:28.0917 0876 Scan started
2011/07/02 19:44:28.0917 0876 Mode: Manual;
2011/07/02 19:44:28.0917 0876 ================================================================================
2011/07/02 19:44:29.0712 0876 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/02 19:44:29.0868 0876 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/02 19:44:30.0009 0876 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/02 19:44:30.0196 0876 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/02 19:44:30.0368 0876 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/02 19:44:30.0539 0876 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/02 19:44:30.0804 0876 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/07/02 19:44:31.0319 0876 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/07/02 19:44:31.0428 0876 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/02 19:44:31.0740 0876 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/02 19:44:31.0990 0876 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/02 19:44:32.0162 0876 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/02 19:44:32.0318 0876 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/02 19:44:32.0474 0876 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/02 19:44:32.0692 0876 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/02 19:44:32.0957 0876 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/07/02 19:44:33.0113 0876 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/02 19:44:33.0254 0876 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/07/02 19:44:33.0425 0876 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/02 19:44:33.0566 0876 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/02 19:44:33.0706 0876 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/02 19:44:33.0878 0876 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/02 19:44:34.0049 0876 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/02 19:44:34.0221 0876 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/02 19:44:34.0424 0876 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/02 19:44:34.0611 0876 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/02 19:44:34.0860 0876 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/02 19:44:35.0126 0876 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
2011/07/02 19:44:35.0313 0876 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
2011/07/02 19:44:35.0500 0876 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
2011/07/02 19:44:35.0750 0876 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
2011/07/02 19:44:35.0984 0876 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 19:44:36.0108 0876 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 19:44:36.0280 0876 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/02 19:44:36.0639 0876 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/02 19:44:36.0810 0876 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/07/02 19:44:37.0013 0876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 19:44:37.0185 0876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 19:44:37.0356 0876 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/02 19:44:37.0544 0876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/02 19:44:37.0700 0876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 19:44:37.0980 0876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/02 19:44:38.0152 0876 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/02 19:44:38.0292 0876 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/02 19:44:38.0433 0876 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/02 19:44:38.0573 0876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/02 19:44:38.0698 0876 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/02 19:44:38.0870 0876 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/02 19:44:38.0916 0876 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/02 19:44:39.0041 0876 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/02 19:44:39.0150 0876 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/02 19:44:39.0275 0876 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 19:44:39.0400 0876 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/02 19:44:39.0540 0876 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\windows\system32\DRIVERS\dc3d.sys
2011/07/02 19:44:39.0696 0876 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/07/02 19:44:39.0821 0876 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/02 19:44:39.0946 0876 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/02 19:44:40.0071 0876 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/02 19:44:40.0196 0876 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/02 19:44:40.0445 0876 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/02 19:44:40.0679 0876 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/02 19:44:40.0804 0876 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/02 19:44:40.0929 0876 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/02 19:44:41.0054 0876 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/02 19:44:41.0178 0876 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/02 19:44:41.0288 0876 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/02 19:44:41.0412 0876 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/02 19:44:41.0522 0876 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/02 19:44:41.0646 0876 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/02 19:44:41.0787 0876 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/02 19:44:41.0912 0876 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/07/02 19:44:42.0036 0876 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/02 19:44:42.0161 0876 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/02 19:44:42.0286 0876 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 19:44:42.0442 0876 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/02 19:44:42.0567 0876 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/02 19:44:42.0707 0876 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 19:44:42.0832 0876 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/02 19:44:42.0941 0876 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/02 19:44:43.0050 0876 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/02 19:44:43.0191 0876 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/02 19:44:43.0331 0876 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 19:44:43.0456 0876 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/02 19:44:43.0565 0876 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/02 19:44:43.0690 0876 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/02 19:44:43.0799 0876 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/02 19:44:43.0908 0876 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/07/02 19:44:44.0189 0876 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/02 19:44:44.0454 0876 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/02 19:44:44.0657 0876 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/02 19:44:44.0798 0876 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
2011/07/02 19:44:44.0907 0876 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/02 19:44:45.0016 0876 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/02 19:44:45.0156 0876 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 19:44:45.0281 0876 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/02 19:44:45.0390 0876 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/02 19:44:45.0500 0876 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/02 19:44:45.0624 0876 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/02 19:44:45.0749 0876 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\windows\system32\DRIVERS\jmcr.sys
2011/07/02 19:44:45.0874 0876 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/02 19:44:45.0983 0876 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/02 19:44:46.0092 0876 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/02 19:44:46.0202 0876 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/02 19:44:46.0373 0876 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/02 19:44:46.0514 0876 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/07/02 19:44:46.0638 0876 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 19:44:46.0763 0876 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 19:44:46.0888 0876 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 19:44:46.0997 0876 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 19:44:47.0122 0876 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/02 19:44:47.0231 0876 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/02 19:44:47.0372 0876 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/02 19:44:47.0496 0876 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/02 19:44:47.0606 0876 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/02 19:44:47.0730 0876 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/02 19:44:47.0855 0876 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/02 19:44:47.0964 0876 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/02 19:44:48.0074 0876 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/02 19:44:48.0198 0876 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/02 19:44:48.0323 0876 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/02 19:44:48.0495 0876 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 19:44:48.0620 0876 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 19:44:48.0744 0876 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 19:44:48.0854 0876 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/02 19:44:48.0963 0876 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/02 19:44:49.0119 0876 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/02 19:44:49.0228 0876 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/02 19:44:49.0353 0876 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/02 19:44:49.0493 0876 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/02 19:44:49.0602 0876 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/02 19:44:49.0727 0876 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/02 19:44:49.0836 0876 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/02 19:44:49.0977 0876 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/02 19:44:50.0086 0876 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/02 19:44:50.0211 0876 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/02 19:44:50.0320 0876 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/02 19:44:50.0460 0876 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/02 19:44:50.0601 0876 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/02 19:44:50.0741 0876 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/02 19:44:50.0866 0876 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/02 19:44:50.0991 0876 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/02 19:44:51.0116 0876 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/02 19:44:51.0256 0876 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/02 19:44:51.0381 0876 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/02 19:44:51.0474 0876 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/02 19:44:51.0630 0876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/02 19:44:51.0755 0876 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/02 19:44:51.0880 0876 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/02 19:44:52.0020 0876 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/07/02 19:44:52.0161 0876 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/02 19:44:52.0286 0876 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/07/02 19:44:52.0395 0876 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/07/02 19:44:52.0520 0876 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/02 19:44:52.0644 0876 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/02 19:44:52.0785 0876 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/02 19:44:52.0894 0876 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/02 19:44:53.0003 0876 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/02 19:44:53.0128 0876 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/02 19:44:53.0253 0876 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/02 19:44:53.0378 0876 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/02 19:44:53.0471 0876 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/02 19:44:53.0596 0876 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/02 19:44:53.0736 0876 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/07/02 19:44:53.0877 0876 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\windows\system32\DRIVERS\point32k.sys
2011/07/02 19:44:54.0033 0876 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/02 19:44:54.0142 0876 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/02 19:44:54.0267 0876 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/02 19:44:54.0407 0876 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/02 19:44:54.0532 0876 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/02 19:44:54.0657 0876 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/02 19:44:54.0766 0876 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/02 19:44:54.0891 0876 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 19:44:55.0031 0876 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 19:44:55.0172 0876 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/02 19:44:55.0296 0876 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/02 19:44:55.0406 0876 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/02 19:44:55.0515 0876 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/02 19:44:55.0624 0876 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 19:44:55.0749 0876 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/02 19:44:55.0858 0876 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/02 19:44:55.0967 0876 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/02 19:44:56.0092 0876 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/02 19:44:56.0295 0876 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/02 19:44:56.0420 0876 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 19:44:56.0576 0876 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/07/02 19:44:56.0716 0876 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/02 19:44:56.0841 0876 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/02 19:44:56.0981 0876 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\windows\system32\drivers\sdbus.sys
2011/07/02 19:44:57.0106 0876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/02 19:44:57.0246 0876 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/02 19:44:57.0387 0876 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/02 19:44:57.0496 0876 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/02 19:44:57.0636 0876 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/07/02 19:44:57.0730 0876 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/02 19:44:57.0824 0876 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys
2011/07/02 19:44:57.0933 0876 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/02 19:44:58.0058 0876 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/02 19:44:58.0198 0876 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 19:44:58.0338 0876 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/02 19:44:58.0479 0876 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/02 19:44:58.0635 0876 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/02 19:44:58.0806 0876 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/07/02 19:44:58.0947 0876 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/07/02 19:44:59.0087 0876 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/02 19:44:59.0212 0876 ssfs0bbc (010232855e1903f70bd34afa026543c4) C:\windows\system32\DRIVERS\ssfs0bbc.sys
2011/07/02 19:44:59.0321 0876 sshrmd (1b4edfe8d487277fcbaf6905d255f855) C:\windows\system32\DRIVERS\sshrmd.sys
2011/07/02 19:44:59.0415 0876 ssidrv (72b663021fc7a23ed7241092558fe573) C:\windows\system32\DRIVERS\ssidrv.sys
2011/07/02 19:44:59.0555 0876 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/02 19:44:59.0696 0876 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/02 19:44:59.0805 0876 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/02 19:44:59.0992 0876 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/07/02 19:45:00.0148 0876 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/02 19:45:00.0304 0876 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/02 19:45:00.0460 0876 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/07/02 19:45:00.0585 0876 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/02 19:45:00.0710 0876 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/02 19:45:00.0819 0876 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/02 19:45:00.0928 0876 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/02 19:45:01.0084 0876 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
2011/07/02 19:45:01.0209 0876 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/07/02 19:45:01.0412 0876 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/07/02 19:45:01.0552 0876 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 19:45:01.0692 0876 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/02 19:45:01.0833 0876 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/02 19:45:01.0958 0876 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/07/02 19:45:02.0082 0876 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/02 19:45:02.0207 0876 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/07/02 19:45:02.0394 0876 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 19:45:02.0519 0876 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/02 19:45:02.0644 0876 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/02 19:45:02.0769 0876 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/02 19:45:02.0878 0876 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/02 19:45:03.0003 0876 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/02 19:45:03.0128 0876 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/02 19:45:03.0237 0876 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/02 19:45:03.0346 0876 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/02 19:45:03.0455 0876 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 19:45:03.0580 0876 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/02 19:45:03.0705 0876 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/07/02 19:45:03.0861 0876 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 19:45:03.0986 0876 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/02 19:45:04.0110 0876 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/02 19:45:04.0220 0876 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/02 19:45:04.0376 0876 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/02 19:45:04.0485 0876 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/02 19:45:04.0625 0876 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/02 19:45:04.0734 0876 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/02 19:45:04.0890 0876 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/02 19:45:05.0015 0876 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/02 19:45:05.0156 0876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/02 19:45:05.0280 0876 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/02 19:45:05.0405 0876 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/02 19:45:05.0514 0876 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/02 19:45:05.0639 0876 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/02 19:45:05.0764 0876 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/02 19:45:05.0795 0876 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/02 19:45:05.0936 0876 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/02 19:45:06.0060 0876 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/02 19:45:06.0232 0876 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/02 19:45:06.0388 0876 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/02 19:45:06.0560 0876 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/02 19:45:06.0700 0876 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 19:45:06.0856 0876 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/02 19:45:06.0981 0876 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/02 19:45:07.0074 0876 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/07/02 19:45:07.0106 0876 Boot (0x1200) (56313d8693577dc8626058fcccd957b4) \Device\Harddisk0\DR0\Partition0
2011/07/02 19:45:07.0106 0876 ================================================================================
2011/07/02 19:45:07.0106 0876 Scan finished
2011/07/02 19:45:07.0106 0876 ================================================================================
2011/07/02 19:45:07.0121 4056 Detected object count: 0
2011/07/02 19:45:07.0121 4056 Actual detected object count: 0

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 02 July 2011 - 06:52 PM

That's good, but I wanted to double check, so I asked:

Please post fresh RKUnhooker log.


...and:

How is computer doing?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2011 - 07:40 PM

When I run unhooker I keep getting AVG tell me that says the computer is infected with Download.Generic11.XIP. When I click move to vault it says it can't quarantene the file.

Also unhooker gets a cannot start service error, and there is a second pop up titled RkU

If this is the unhooker why a different file name each time?

Here is the new log

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: Address change 0x832832EB-->85C217D0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x833122A9-->86978C98 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x833122F4-->85C21C80 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x833120B2-->85C21AA0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThreadEx, Type: Address change 0x83270221-->85C215F0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateUserProcess, Type: Address change 0x8328D2BC-->85C21668 [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x832B8A11-->95BD77A0 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x83223B3D-->85C21848 [Unknown module filename]
ntkrnlpa.exe-->NtReadVirtualMemory, Type: Address change 0x832BB059-->85C216E0 [Unknown module filename]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x833131B7-->85C21938 [Unknown module filename]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Address change 0x832848E5-->85C21B90 [Unknown module filename]
ntkrnlpa.exe-->NtSetInformationThread, Type: Address change 0x832A0C8A-->85C219B0 [Unknown module filename]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x83313D57-->85C21B18 [Unknown module filename]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x832D0B36-->85C218C0 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x8329901D-->95BD7848 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x832ABDC4-->95BD78E4 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x832BEA95-->95BD7980 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x8273A4D5-->95BD6E64 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x8281CDDF-->95BD6DA4 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0x82746595-->95BD6DF8 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x827587C7-->95BD6D22 [C:\windows\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x87682020 [280] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x88367530 [408] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x89697D40 [552] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
0x88EF4D40 [604] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x885C2708 [664] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8905CD40 [672] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x8972AB18 [684] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x89079D40 [728] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x88632D40 [756] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x85CDE030 [768] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x89081D40 [796] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x894A2478 [892] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x894D5D40 [976] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85DDC460 [992] C:\Windows\System32\sppsvc.exe (Microsoft Corporation, Microsoft Software Protection Platform Service)
0x8828CD40 [1080] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89076610 [1112] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x894B98F0 [1136] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85DA1750 [1192] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x896EAD40 [1208] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
0x89529D40 [1256] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85DBA1D8 [1264] C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation, TOSHIBA PC Health Monitor)
0x899E26C8 [1312] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8955DA70 [1364] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8830BD40 [1576] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x88326D40 [1616] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89831030 [1656] C:\Program Files\AVG\AVG10\avgscanx.exe (AVG Technologies CZ, s.r.o., AVG Command-line Scanning Utility)
0x89701D40 [1704] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x88363D40 [1712] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated, Adobe Acrobat Update Service)
0x8960B3E8 [1792] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x895FD478 [1816] C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation, TOSHIBA HDD Protection Service)
0x89607470 [1852] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)
0x89611D40 [1900] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x89A5A030 [1916] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (-, -)
0x8965D830 [2020] C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation, TOSHIBA eco Utility Service)
0x85D58488 [2036] C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation, Windows Modules Installer)
0x8971CD40 [2068] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8615BD40 [2240] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x897764C8 [2376] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x899ED478 [2436] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation, TOSHIBA PC Health Monitor)
0x85DF8370 [2520] C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation, LSI Soft Modem Call Progress Service)
0x876A2AD0 [2528] C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager Process)
0x89726030 [2632] C:\Windows\System32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x89828A10 [2648] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x85D4F030 [2660] C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x898466B8 [2800] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION, KeNotify MFC Application)
0x876A38F0 [2808] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x85E08D40 [2868] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation, TSS TMachInfo Service)
0x8610DD40 [2888] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x89881460 [2892] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)
0x898A7D40 [2912] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)
0x885099F0 [2924] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)
0x8955BD40 [2948] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x898CB030 [2968] C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation, TOSHIBA HDD Protection Service)
0x894D0790 [2976] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x85DFAB90 [3004] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8985D030 [3052] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x898F8750 [3060] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree Task Tray Menu)
0x898FC030 [3128] C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation, TOSHIBA eco Utility)
0x87424720 [3176] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x89906480 [3272] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation, TOSHIBA Service Station)
0x8989CD40 [3304] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation., HDMICtrlMan.exe)
0x89926D40 [3360] C:\Windows\System32\igfxext.exe (Intel Corporation, igfxext Module)
0x899518F0 [3432] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x8958D718 [3464] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation, TosSmartSrv.exe)
0x89941790 [3540] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION., -)
0x8997A030 [3564] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation, Message Center)
0x89977598 [3580] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation, Monitor of TOSHIBA ReelTime)
0x8998B3B0 [3636] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation, IPoint.exe)
0x897F91E8 [3648] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x85DDCAB8 [3700] C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation, RSelSvc Service Application)
0x860E4830 [3736] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x895B6460 [3796] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation, dpupdchk.exe)
0x8751DD40 [3876] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x85DC1BA0 [4028] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x89050810 [4036] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation, TosSENotify.exe.mui)
0x8995FCD8 [4088] C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation., SoundChanger.exe)
0x861F4D40 [4344] C:\Program Files\Aurora\firefox.exe (Mozilla Corporation, Aurora)
0x86291938 [4876] C:\Users\Sean\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x85C2CD40 [4] System
0x8969F4A0 [1204] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)
0x895C6B20 [1740] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x899ACD40 [3688] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
==============================================
>Drivers
==============================================
0x91632000 C:\windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x83037000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x83037000 PnpManager 4259840 bytes
0x83037000 RAW 4259840 bytes
0x83037000 WMIxWDM 4259840 bytes
0x9243A000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x826D0000 Win32k 2404352 bytes
0x826D0000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B61A000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B417000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9109B000 C:\windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (LSI Corporation, SoftModem Device Driver)
0x91220000 C:\windows\system32\DRIVERS\rtl8192se.sys 983040 bytes (Realtek Semiconductor Corporation , Realtek RTL81892SE NDIS Driverr)
0x90439000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8B217000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91C59000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83E25000 C:\windows\system32\DRIVERS\NDIS.SYS 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x836D6000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x99812000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x95A95000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83603000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83C3C000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB4A2A000 C:\windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8B559000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9009F000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x99955000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x998E6000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82980000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91D54000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83F0A000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83CBB000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90026000 C:\windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8B375000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x95A23000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91046000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83694000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90161000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B794000 C:\windows\system32\drivers\tsk8C2B.tmp 258048 bytes
0x83796000 C:\windows\system32\DRIVERS\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x83C00000 C:\windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x95B68000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91D10000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83000000 ACPI_HAL 225280 bytes
0x83000000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x91388000 C:\windows\system32\DRIVERS\SynTP.sys 221184 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8B330000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91004000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x83F80000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x9006D000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B763000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x926D6000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83D7B000 C:\windows\system32\DRIVERS\ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0x8B3BC000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x91DCD000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x83DA9000 C:\windows\system32\DRIVERS\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83D14000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91339000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x83FB2000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B5CD000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x92765000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x8B2FA000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9272B000 C:\windows\system32\drivers\IntcHdmi.sys 143360 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x95B45000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x90400000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x998B3000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90000000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90569000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x99935000 C:\windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x90524000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91DAE000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9131A000 C:\windows\system32\DRIVERS\jmcr.sys 126976 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)
0x90100000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82960000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x92415000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x95BA3000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x911B7000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x95B1A000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92705000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x901C2000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91363000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x91600000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91618000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x901E8000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90422000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x905C8000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9274E000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83F55000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x83781000 C:\windows\system32\drivers\31688942.sys 86016 bytes
0x927AA000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B546000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95A79000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9013E000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x91200000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x913DE000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x95B33000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B608000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x927EC000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B364000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9108A000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83D56000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8367B000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9011F000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x911D1000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B7ED000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x95A69000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90151000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83EFA000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91D9F000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x901DA000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90130000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x905BA000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83F72000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B5B6000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x91038000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83CAD000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x913F0000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x927DF000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9137B000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83D49000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x9271E000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x913C0000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x998D4000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9058A000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90543000 C:\windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x901B6000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x927BD000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9055D000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83EEF000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9279F000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9240A000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x927C9000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x905AF000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91212000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x927D4000 C:\windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)
0x83D70000 C:\windows\system32\DRIVERS\ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0x83EDC000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B7DA000 C:\windows\system32\DRIVERS\thpdrv.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0x91D49000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83D3E000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x92400000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B31D000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x901AC000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x901A2000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x998A9000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x913CD000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x91310000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B327000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B2F1000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB4A94000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x9278F000 C:\windows\system32\DRIVERS\dc3d.sys 36864 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x8B5C4000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x83D67000 C:\windows\system32\DRIVERS\sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0x82930000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x95A8C000 C:\windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x83D03000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8368C000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83EE7000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B600000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BD0000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83D0C000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90597000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9059F000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x905A7000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B7E5000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B5F2000 C:\windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x90556000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92798000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9054F000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83F6B000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x913D7000 C:\windows\system32\DRIVERS\TVALZFL.sys 28672 bytes (TOSHIBA Corporation, TOSHIBA TVALZ Filter Driver)
0x900F9000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92789000 C:\windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)
0x998E1000 C:\windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8B7D3000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8B5F9000 C:\windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x95BD6000 C:\windows\system32\DRIVERS\AVGIDSShim.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x9135F000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9121D000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8B7D8000 C:\windows\system32\DRIVERS\Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0x913BE000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006FDB8, Type: Inline - PushRet 0x830A6DB8-->C218C085 [unknown_code_page]
ntkrnlpa.exe+0x0006FDC8, Type: Inline - RelativeJump 0x830A6DC8-->830A6D8C [ntkrnlpa.exe]
[4344]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E8F5B5-->012E1410 [firefox.exe]

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 02 July 2011 - 08:01 PM

Are you still getting redirected?

I'd like to see one more scan...

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 04 July 2011 - 01:22 PM

Ok

Had 1 issue running this.

I am using the default power settings for this machine and when the machine came out of hibernation I got a Stop D1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL) bugcheck in USBPORT while transferring USB data and selecting USB interface error

I set the computer never to go into hibernation mode while on power and had no issues.I haven't started tweaking windows yet, as I want to make sure this computer is clean first


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-04 13:58:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG02
Running: gmer.exe; Driver: C:\Users\Sean\AppData\Local\Temp\awloqpod.sys


---- System - GMER 1.0.15 ----

SSDT 8697BFA8 ZwAllocateVirtualMemory
SSDT 86978F40 ZwCreateProcess
SSDT 86978D38 ZwCreateProcessEx
SSDT 86978B58 ZwCreateThread
SSDT 8697BDC8 ZwCreateThreadEx
SSDT 8697BE40 ZwCreateUserProcess
SSDT 8697B020 ZwQueueApcThread
SSDT 8697BEB8 ZwReadVirtualMemory
SSDT 869789F0 ZwSetContextThread
SSDT 86978C48 ZwSetInformationProcess
SSDT 86978A68 ZwSetInformationThread
SSDT 86978BD0 ZwSuspendProcess
SSDT 86978978 ZwSuspendThread
SSDT 86978CC0 ZwTerminateProcess
SSDT 86978AE0 ZwTerminateThread
SSDT 8697BF30 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83046339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307FD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83086DE8 4 Bytes [A8, BF, 97, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 83086ED8 8 Bytes [40, 8F, 97, 86, 38, 8D, 97, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 83086EF8 8 Bytes [58, 8B, 97, 86, C8, BD, 97, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 83086F10 4 Bytes [40, BE, 97, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 14DB 830871D0 4 Bytes [20, B0, 97, 86]
.text ...
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B379000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B3BE000, 0x3DC, 0x48000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:340] 91142B0C
Thread System [4:344] 91148C3C
Thread System [4:348] 91148C3C
Thread System [4:352] 91148C3C
Thread System [4:1116] ACADAF2E

---- EOF - GMER 1.0.15 ----

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 04 July 2011 - 01:36 PM

There is definitely some more bad stuff, that we can cure using tools allowed in this forum.

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 swduffy

swduffy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 05 July 2011 - 01:31 PM

I have started a new topic here referancing this thread

Here is the link to the new post:

http://www.bleepingcomputer.com/forums/topic407854.html

Thanks for your help

Sean

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 05 July 2011 - 03:08 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:06 PM

Posted 05 July 2011 - 03:14 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users