Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser search engine searches forwarding to other sites


  • Please log in to reply
7 replies to this topic

#1 troopercooper

troopercooper

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 10 July 2011 - 03:14 PM

Hi guys,

I picked up the "Windows 7 Fix" malware program, which I have seemingly been able to clear thanks to instructions on here. However, I have a residual problem where any search engine search results get a click and I get forwarded to a site (which seems to switch pending on time of the day and browser) before returning me back to Google. This happens on Chrome, Firefox and IE, so I presume it's a registry problem or something. Can anyone assist?

Many thanks,

Pete

Edited by Orange Blossom, 10 July 2011 - 03:52 PM.
Moved to AII from Windows 7 ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:56 PM

Posted 10 July 2011 - 04:03 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 troopercooper

troopercooper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 July 2011 - 02:45 PM

Hi Broni!

Results are as follows. SecurityCheck log:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````




MiniToolBox log:

MiniToolBox by Farbar
Ran by User (administrator) on 11-07-2011 at 20:39:00
Windows 7 Professional Service Pack 1 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : User-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-CA-19-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::41d7:d9c8:2c7e:e010%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 July 2011 18:58:02
Lease Expires . . . . . . . . . . : 12 July 2011 19:51:30
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 239100294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-7E-B2-E3-40-61-86-CA-19-06
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:201d:4e:9255:1a12(Preferred)
Link-local IPv6 Address . . . . . : fe80::201d:4e:9255:1a12%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.146.104
209.85.146.105
209.85.146.106
209.85.146.147
209.85.146.99
209.85.146.103


Pinging google.com [209.85.146.103] with 32 bytes of data:
Reply from 209.85.146.103: bytes=32 time=24ms TTL=52
Reply from 209.85.146.103: bytes=32 time=24ms TTL=52

Ping statistics for 209.85.146.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=182ms TTL=52
Reply from 98.137.149.56: bytes=32 time=178ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 182ms, Average = 180ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...40 61 86 ca 19 06 ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.68 276
192.168.1.68 255.255.255.255 On-link 192.168.1.68 276
192.168.1.255 255.255.255.255 On-link 192.168.1.68 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:201d:4e:9255:1a12/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::201d:4e:9255:1a12/128
On-link
10 276 fe80::41d7:d9c8:2c7e:e010/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/11/2011 06:59:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x82c46d06
Faulting process id: 0x3e0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/10/2011 04:23:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x82c7ad06
Faulting process id: 0xb88
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/10/2011 03:53:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xb2733b88
Faulting process id: 0xa00
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/10/2011 03:43:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x82c7ad06
Faulting process id: 0xf44
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/10/2011 02:53:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Exception code: 0x40000015
Fault offset: 0x0008cb40
Faulting process id: 0x14dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/10/2011 02:45:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000006
Faulting process id: 0xf70
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/10/2011 02:42:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xe9000261
Faulting process id: 0xf14
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/10/2011 02:26:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x82c4fd06
Faulting process id: 0xd90
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/25/2011 11:19:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17622, time stamp: 0x4de0795b
Exception code: 0xc0000005
Fault offset: 0x0023e9b8
Faulting process id: 0x530
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/21/2011 07:09:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: YahooMessenger.exe, version: 10.0.0.1270, time stamp: 0x4c053ffe
Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c0540c3
Exception code: 0xc0000005
Fault offset: 0x6109427d
Faulting process id: 0xa7c
Faulting application start time: 0xYahooMessenger.exe0
Faulting application path: YahooMessenger.exe1
Faulting module path: YahooMessenger.exe2
Report Id: YahooMessenger.exe3


System errors:
=============
Error: (07/11/2011 07:52:23 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MALCPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FEF5A41-97AC-4BFB-88BF-1F8979A53E6.
The master browser is stopping or an election is being forced.

Error: (07/11/2011 07:03:34 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MALCLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FEF5A41-97AC-4BFB-88BF-1F8979A.
The master browser is stopping or an election is being forced.

Error: (07/11/2011 07:00:03 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (07/11/2011 07:00:03 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (07/10/2011 04:59:49 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MALCLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FEF5A41-97AC-4BFB-88BF-1F8979A.
The master browser is stopping or an election is being forced.

Error: (07/10/2011 04:25:02 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (07/10/2011 04:25:02 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (07/10/2011 04:24:45 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MALCPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FEF5A41-97AC-4BFB-88BF-1F8979A53E6.
The master browser is stopping or an election is being forced.

Error: (07/10/2011 04:00:49 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MALCPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FEF5A41-97AC-4BFB-88BF-1F8979A53E6.
The master browser is stopping or an election is being forced.

Error: (07/10/2011 03:54:42 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 45%
Total physical RAM: 3293.18 MB
Available physical RAM: 1786.36 MB
Total Pagefile: 6584.64 MB
Available Pagefile: 4912.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.18 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:354.96 GB) NTFS

================= Users: ==================================================

User accounts for \\USER-PC

-------------------------------------------------------------------------------
Administrator Guest User
The command completed successfully.

================= End of Users ============================================





Malwarebytes Anti Malware log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7062

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/07/2011 20:39:07
mbam-log-2011-07-11 (20-39-07).txt

Scan type: Quick scan
Objects scanned: 166099
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 troopercooper

troopercooper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 July 2011 - 03:18 PM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-11 21:14:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38
Running: tc2of2xw.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT 86E859C0 ZwAlertResumeThread
SSDT 86E85A80 ZwAlertThread
SSDT 86E841D8 ZwAllocateVirtualMemory
SSDT 86E1B868 ZwAlpcConnectPort
SSDT 86E97870 ZwAssignProcessToJobObject
SSDT 86E85710 ZwCreateMutant
SSDT 86E97590 ZwCreateSymbolicLinkObject
SSDT 86E85460 ZwCreateThread
SSDT 86E97680 ZwCreateThreadEx
SSDT 86E97950 ZwDebugActiveProcess
SSDT 86E26320 ZwDuplicateObject
SSDT 86E86728 ZwFreeVirtualMemory
SSDT 86E85800 ZwImpersonateAnonymousToken
SSDT 86E858E0 ZwImpersonateThread
SSDT 86BC56A0 ZwLoadDriver
SSDT 86E86628 ZwMapViewOfSection
SSDT 86E97D38 ZwOpenEvent
SSDT 86E85348 ZwOpenProcess
SSDT 86E26260 ZwOpenProcessToken
SSDT 86E97B78 ZwOpenSection
SSDT 86E263F0 ZwOpenThread
SSDT 86E97780 ZwProtectVirtualMemory
SSDT 86E84CD0 ZwResumeThread
SSDT 86E84F70 ZwSetContextThread
SSDT 86E86458 ZwSetInformationProcess
SSDT 86E97A30 ZwSetSystemInformation
SSDT 86E97C58 ZwSuspendProcess
SSDT 86E84DB0 ZwSuspendThread
SSDT 86E97E10 ZwTerminateProcess
SSDT 86E84E90 ZwTerminateThread
SSDT 86E86548 ZwUnmapViewOfSection
SSDT 86E84108 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A42339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82A82DD0 5 Bytes [C0, 59, E8, 86, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10E1 82A82DD6 2 Bytes [E8, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82A82DE8 4 Bytes [D8, 41, E8, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82A82DF4 4 Bytes [68, B8, E1, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82A82E48 4 Bytes [70, 78, E9, 86]
.text ...
.text peauth.sys 9BF65C9E 27 Bytes [46, EE, D5, EA, C1, 27, 64, ...]
.text peauth.sys 9BF65CC2 27 Bytes [46, EE, D5, EA, C1, 27, 64, ...]
.text autochk.exe 00681204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0068120C 1 Byte [00]
.text autochk.exe 00681210 1 Byte [00]
.text autochk.exe 00681214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 00681218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ntdll.dll!NtMapViewOfSection 77C05C28 5 Bytes JMP 01F5003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ntdll.dll!NtSetInformationProcess 77C06678 5 Bytes JMP 01F500F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!K32GetPerformanceInfo + 1B6 7790602A 7 Bytes JMP 01F50266
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!ReadProcessMemory + B 7790C1D9 7 Bytes JMP 01F501B0
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!TerminateProcess + B 7791233C 7 Bytes JMP 01F503D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!GetEnvironmentStringsA + 11 77922FB1 7 Bytes JMP 01F5031C
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!CreateThread 7792375D 5 Bytes JMP 6C8971CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!SetUnhandledExceptionFilter + 19C 77923E9D 7 Bytes JMP 01F50488
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!EnableWindow 77228D02 5 Bytes JMP 6C8D98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CallNextHookEx 7722ABE1 5 Bytes JMP 6C8F7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!UnhookWindowsHookEx 7722ADF9 5 Bytes JMP 6C91E9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DefWindowProcA 7722BB1C 7 Bytes JMP 6C8993F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CreateWindowExA 7722BF40 5 Bytes JMP 6C8A3223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!SetWindowsHookExW 7722E30C 5 Bytes JMP 6C8D204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CreateWindowExW 7722EC7C 5 Bytes JMP 6C8FFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DefWindowProcW 7723507D 7 Bytes JMP 6C8F7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxParamW 77243B9B 5 Bytes JMP 6C8315E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxIndirectParamW 77253B7F 5 Bytes JMP 6CA25E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxParamA 7726CF42 5 Bytes JMP 6CA25E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxIndirectParamA 7726D274 5 Bytes JMP 6CA25EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxIndirectA 7727E869 5 Bytes JMP 6CA25DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxIndirectW 7727E963 5 Bytes JMP 6CA25D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxExA 7727E9C9 5 Bytes JMP 6CA25CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxExW 7727E9ED 5 Bytes JMP 6CA25C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ole32.dll!OleLoadFromStream 779B6143 5 Bytes JMP 6CA2666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ole32.dll!CoGetMarshalSizeMax + 62BD 779E54A8 7 Bytes JMP 01F5053E
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ole32.dll!CoCreateInstance + 3E 779F9D49 7 Bytes JMP 01F505F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WININET.dll!HttpAddRequestHeadersA 763D1B9C 5 Bytes JMP 003D6822
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WININET.dll!HttpAddRequestHeadersW 7641F7A8 5 Bytes JMP 003D6A2D
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!closesocket 77D23918 5 Bytes JMP 005D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!getaddrinfo 77D24296 5 Bytes JMP 0060000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!recv 77D26B0E 5 Bytes JMP 005A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!connect 77D26BDD 5 Bytes JMP 005C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!send 77D26F01 3 Bytes JMP 005E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!send + 4 77D26F05 1 Byte [88]
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!gethostbyname 77D37673 3 Bytes JMP 005F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] WS2_32.dll!gethostbyname + 4 77D37677 1 Byte [88]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] ntdll.dll!NtMapViewOfSection 77C05C28 5 Bytes JMP 0181003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] ntdll.dll!NtSetInformationProcess 77C06678 5 Bytes JMP 018100F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] ntdll.dll!LdrLoadDll 77C222B8 5 Bytes JMP 00221410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] kernel32.dll!K32GetPerformanceInfo + 1B6 7790602A 7 Bytes JMP 01810266
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] kernel32.dll!ReadProcessMemory + B 7790C1D9 7 Bytes JMP 018101B0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] kernel32.dll!TerminateProcess + B 7791233C 7 Bytes JMP 018103D2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] kernel32.dll!GetEnvironmentStringsA + 11 77922FB1 7 Bytes JMP 0181031C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] kernel32.dll!SetUnhandledExceptionFilter + 19C 77923E9D 7 Bytes JMP 01810488
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] WS2_32.dll!closesocket 77D23918 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] WS2_32.dll!getaddrinfo 77D24296 5 Bytes JMP 0062000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] WS2_32.dll!connect 77D26BDD 5 Bytes JMP 003A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] WS2_32.dll!send 77D26F01 5 Bytes JMP 0060000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3152] WS2_32.dll!gethostbyname 77D37673 5 Bytes JMP 0061000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!EnableWindow 77228D02 5 Bytes JMP 6C8D98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamW 77243B9B 5 Bytes JMP 6C8315E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamW 77253B7F 5 Bytes JMP 6CA25E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamA 7726CF42 5 Bytes JMP 6CA25E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamA 7726D274 5 Bytes JMP 6CA25EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectA 7727E869 5 Bytes JMP 6CA25DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectW 7727E963 5 Bytes JMP 6CA25D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExA 7727E9C9 5 Bytes JMP 6CA25CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExW 7727E9ED 5 Bytes JMP 6CA25C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] WININET.dll!HttpAddRequestHeadersA 763D1B9C 5 Bytes JMP 00996822
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] WININET.dll!HttpAddRequestHeadersW 7641F7A8 5 Bytes JMP 00996A2D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [80BC05E9] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [80BC05DF] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [80BC060D] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [80BC0631] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [80BC0619] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [80BC0625] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [80BC05F3] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [80BC05FF] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
IAT \SystemRoot\system32\halmacpi.dll[KDCOM.dll!KdRestore] [80BC0619] \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1844] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75C9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:208] 865180B3
Thread System [4:220] 865197FB

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:56 PM

Posted 11 July 2011 - 07:50 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 troopercooper

troopercooper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 July 2011 - 04:01 AM

Hi Broni,

TDSSKiller won't actually load. It never opens whenever I try and run it. Any idea why this might be?

#7 troopercooper

troopercooper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 July 2011 - 12:51 PM

Managed to get it working - seemingly fixed the problem!

2011/07/12 18:43:09.0918 2308 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 18:43:11.0919 2308 ================================================================================
2011/07/12 18:43:11.0919 2308 SystemInfo:
2011/07/12 18:43:11.0919 2308
2011/07/12 18:43:11.0920 2308 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/12 18:43:11.0920 2308 Product type: Workstation
2011/07/12 18:43:11.0920 2308 ComputerName: USER-PC
2011/07/12 18:43:11.0920 2308 UserName: User
2011/07/12 18:43:11.0920 2308 Windows directory: C:\Windows
2011/07/12 18:43:11.0920 2308 System windows directory: C:\Windows
2011/07/12 18:43:11.0920 2308 Processor architecture: Intel x86
2011/07/12 18:43:11.0920 2308 Number of processors: 2
2011/07/12 18:43:11.0920 2308 Page size: 0x1000
2011/07/12 18:43:11.0920 2308 Boot type: Normal boot
2011/07/12 18:43:11.0920 2308 ================================================================================
2011/07/12 18:43:13.0264 2308 Initialize success
2011/07/12 18:43:13.0873 5036 ================================================================================
2011/07/12 18:43:13.0873 5036 Scan started
2011/07/12 18:43:13.0873 5036 Mode: Manual;
2011/07/12 18:43:13.0873 5036 ================================================================================
2011/07/12 18:43:15.0501 5036 Scan interrupted by user!
2011/07/12 18:43:15.0501 5036 Scan interrupted by user!
2011/07/12 18:43:15.0501 5036 Scan interrupted by user!
2011/07/12 18:43:15.0501 5036 ================================================================================
2011/07/12 18:43:15.0501 5036 Scan finished
2011/07/12 18:43:15.0501 5036 ================================================================================
2011/07/12 18:43:15.0517 3048 Detected object count: 0
2011/07/12 18:43:15.0517 3048 Actual detected object count: 0
2011/07/12 18:43:30.0269 5564 ================================================================================
2011/07/12 18:43:30.0269 5564 Scan started
2011/07/12 18:43:30.0269 5564 Mode: Manual;
2011/07/12 18:43:30.0269 5564 ================================================================================
2011/07/12 18:43:31.0179 5564 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/12 18:43:31.0690 5564 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/12 18:43:31.0726 5564 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/12 18:43:31.0803 5564 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/12 18:43:31.0846 5564 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/12 18:43:31.0869 5564 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/12 18:43:31.0949 5564 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/12 18:43:31.0999 5564 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/12 18:43:32.0039 5564 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/12 18:43:32.0114 5564 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/12 18:43:32.0145 5564 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/12 18:43:32.0178 5564 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/12 18:43:32.0254 5564 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/12 18:43:32.0303 5564 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/12 18:43:32.0361 5564 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/12 18:43:32.0393 5564 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/12 18:43:32.0428 5564 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/12 18:43:32.0496 5564 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/12 18:43:32.0618 5564 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/12 18:43:32.0670 5564 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/12 18:43:32.0701 5564 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/12 18:43:32.0733 5564 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/12 18:43:32.0788 5564 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/12 18:43:32.0834 5564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/12 18:43:32.0900 5564 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/12 18:43:33.0106 5564 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/12 18:43:33.0189 5564 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/12 18:43:33.0243 5564 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/12 18:43:33.0276 5564 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/12 18:43:33.0312 5564 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/12 18:43:33.0355 5564 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/12 18:43:33.0398 5564 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/12 18:43:33.0434 5564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/12 18:43:33.0461 5564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/12 18:43:33.0493 5564 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/12 18:43:33.0567 5564 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/12 18:43:33.0624 5564 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/12 18:43:33.0674 5564 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/12 18:43:33.0725 5564 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/12 18:43:33.0790 5564 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/12 18:43:33.0849 5564 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/12 18:43:33.0907 5564 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/12 18:43:33.0967 5564 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/12 18:43:34.0025 5564 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/12 18:43:34.0084 5564 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/12 18:43:34.0162 5564 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/12 18:43:34.0244 5564 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/12 18:43:34.0291 5564 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/12 18:43:34.0334 5564 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/12 18:43:34.0395 5564 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/12 18:43:34.0456 5564 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/12 18:43:34.0604 5564 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/12 18:43:34.0750 5564 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/12 18:43:34.0881 5564 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/12 18:43:34.0954 5564 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/12 18:43:34.0999 5564 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/12 18:43:35.0064 5564 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/12 18:43:35.0102 5564 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/12 18:43:35.0205 5564 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/12 18:43:35.0262 5564 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/12 18:43:35.0289 5564 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/12 18:43:35.0331 5564 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/12 18:43:35.0378 5564 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/12 18:43:35.0442 5564 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/12 18:43:35.0475 5564 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/12 18:43:35.0536 5564 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/12 18:43:35.0584 5564 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/12 18:43:35.0637 5564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/12 18:43:35.0702 5564 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/12 18:43:35.0757 5564 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/12 18:43:35.0815 5564 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/12 18:43:35.0853 5564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/12 18:43:35.0882 5564 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/12 18:43:35.0919 5564 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/12 18:43:35.0985 5564 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/12 18:43:36.0044 5564 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/12 18:43:36.0112 5564 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/12 18:43:36.0165 5564 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/12 18:43:36.0232 5564 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/12 18:43:36.0286 5564 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/12 18:43:36.0512 5564 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110708.032\IDSvix86.sys
2011/07/12 18:43:36.0788 5564 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/12 18:43:37.0001 5564 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/12 18:43:37.0063 5564 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/12 18:43:37.0107 5564 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/12 18:43:37.0145 5564 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/12 18:43:37.0191 5564 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/12 18:43:37.0222 5564 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/12 18:43:37.0273 5564 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/12 18:43:37.0306 5564 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/12 18:43:37.0348 5564 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/12 18:43:37.0396 5564 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/12 18:43:37.0433 5564 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/12 18:43:37.0495 5564 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/12 18:43:37.0542 5564 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/12 18:43:37.0599 5564 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/07/12 18:43:37.0723 5564 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/12 18:43:37.0810 5564 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/12 18:43:37.0892 5564 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/12 18:43:37.0971 5564 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/12 18:43:38.0013 5564 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/12 18:43:38.0051 5564 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/12 18:43:38.0093 5564 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/12 18:43:38.0136 5564 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/12 18:43:38.0229 5564 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/12 18:43:38.0266 5564 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/12 18:43:38.0308 5564 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/12 18:43:38.0361 5564 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/12 18:43:38.0412 5564 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/12 18:43:38.0456 5564 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/12 18:43:38.0508 5564 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/12 18:43:38.0548 5564 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/12 18:43:38.0582 5564 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/12 18:43:38.0622 5564 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/12 18:43:38.0671 5564 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/12 18:43:38.0698 5564 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/12 18:43:38.0723 5564 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/12 18:43:38.0773 5564 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/12 18:43:38.0800 5564 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/12 18:43:38.0855 5564 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/12 18:43:38.0874 5564 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/12 18:43:38.0898 5564 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/12 18:43:38.0962 5564 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/12 18:43:39.0014 5564 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/12 18:43:39.0035 5564 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/12 18:43:39.0069 5564 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/12 18:43:39.0110 5564 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/12 18:43:39.0134 5564 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/12 18:43:39.0155 5564 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/12 18:43:39.0177 5564 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/12 18:43:39.0224 5564 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/12 18:43:39.0384 5564 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110711.003\NAVENG.SYS
2011/07/12 18:43:39.0449 5564 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110711.003\NAVEX15.SYS
2011/07/12 18:43:39.0564 5564 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/12 18:43:39.0601 5564 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/12 18:43:39.0643 5564 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/12 18:43:39.0678 5564 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/12 18:43:39.0731 5564 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/12 18:43:39.0772 5564 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/12 18:43:39.0792 5564 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/12 18:43:39.0833 5564 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/12 18:43:39.0886 5564 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/12 18:43:39.0976 5564 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/12 18:43:40.0010 5564 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/12 18:43:40.0092 5564 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/12 18:43:40.0159 5564 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/12 18:43:40.0203 5564 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/12 18:43:40.0227 5564 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/12 18:43:40.0271 5564 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/12 18:43:40.0363 5564 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/12 18:43:40.0451 5564 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/12 18:43:40.0506 5564 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/12 18:43:40.0564 5564 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/12 18:43:40.0820 5564 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/12 18:43:40.0903 5564 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/12 18:43:40.0989 5564 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/12 18:43:41.0025 5564 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/12 18:43:41.0104 5564 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\Windows\system32\DRIVERS\P0620Vid.sys
2011/07/12 18:43:41.0202 5564 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/12 18:43:41.0400 5564 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/12 18:43:41.0444 5564 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/12 18:43:41.0511 5564 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/12 18:43:41.0591 5564 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/12 18:43:41.0652 5564 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/12 18:43:41.0694 5564 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/12 18:43:41.0730 5564 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/12 18:43:41.0767 5564 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/12 18:43:41.0810 5564 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/12 18:43:41.0859 5564 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/12 18:43:41.0895 5564 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/12 18:43:41.0947 5564 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/12 18:43:41.0978 5564 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/12 18:43:42.0028 5564 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/12 18:43:42.0069 5564 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/12 18:43:42.0122 5564 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/12 18:43:42.0155 5564 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/12 18:43:42.0200 5564 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/12 18:43:42.0267 5564 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/12 18:43:42.0387 5564 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/12 18:43:42.0441 5564 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/12 18:43:42.0489 5564 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/12 18:43:42.0552 5564 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/12 18:43:42.0613 5564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/12 18:43:42.0681 5564 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/12 18:43:42.0715 5564 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/12 18:43:42.0759 5564 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/12 18:43:42.0826 5564 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/12 18:43:42.0857 5564 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/12 18:43:42.0892 5564 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/12 18:43:42.0929 5564 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/12 18:43:42.0973 5564 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/12 18:43:43.0020 5564 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/12 18:43:43.0052 5564 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/12 18:43:43.0106 5564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/12 18:43:43.0167 5564 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/12 18:43:43.0282 5564 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS
2011/07/12 18:43:43.0342 5564 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/07/12 18:43:43.0405 5564 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/12 18:43:43.0438 5564 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/12 18:43:43.0465 5564 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/12 18:43:43.0542 5564 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/12 18:43:43.0611 5564 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/12 18:43:43.0672 5564 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/12 18:43:43.0719 5564 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/12 18:43:43.0802 5564 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/07/12 18:43:43.0874 5564 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/07/12 18:43:43.0984 5564 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/12 18:43:44.0058 5564 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/07/12 18:43:44.0117 5564 SymNetS (cc71cf163de8b62ccd077e20e909c960) C:\Windows\system32\drivers\NIS\1206000.01D\SYMNETS.SYS
2011/07/12 18:43:44.0211 5564 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/12 18:43:44.0302 5564 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/12 18:43:44.0360 5564 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/12 18:43:44.0414 5564 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/12 18:43:44.0471 5564 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/12 18:43:44.0534 5564 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/12 18:43:44.0583 5564 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/12 18:43:44.0670 5564 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/12 18:43:44.0726 5564 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/12 18:43:44.0787 5564 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/12 18:43:44.0827 5564 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/12 18:43:44.0893 5564 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/12 18:43:44.0975 5564 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/12 18:43:45.0015 5564 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/12 18:43:45.0055 5564 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/12 18:43:45.0130 5564 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/12 18:43:45.0184 5564 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/12 18:43:45.0223 5564 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/12 18:43:45.0261 5564 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/12 18:43:45.0343 5564 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/12 18:43:45.0433 5564 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/07/12 18:43:45.0488 5564 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/12 18:43:45.0543 5564 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/12 18:43:45.0590 5564 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/12 18:43:45.0658 5564 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/12 18:43:45.0730 5564 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/12 18:43:45.0762 5564 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/12 18:43:45.0815 5564 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/12 18:43:45.0878 5564 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/12 18:43:45.0944 5564 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/12 18:43:46.0005 5564 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/12 18:43:46.0115 5564 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/12 18:43:46.0161 5564 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/12 18:43:46.0239 5564 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/12 18:43:46.0305 5564 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/12 18:43:46.0376 5564 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/12 18:43:46.0414 5564 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/12 18:43:46.0453 5564 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/12 18:43:46.0508 5564 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/12 18:43:46.0566 5564 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 18:43:46.0593 5564 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 18:43:46.0665 5564 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/12 18:43:46.0708 5564 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/12 18:43:46.0806 5564 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/12 18:43:46.0859 5564 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/12 18:43:46.0978 5564 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/12 18:43:47.0040 5564 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/12 18:43:47.0114 5564 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/12 18:43:47.0200 5564 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/12 18:43:47.0250 5564 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/12 18:43:47.0322 5564 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/12 18:43:47.0354 5564 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/12 18:43:47.0387 5564 Boot (0x1200) (aeeca06233373d0f70a8bb4babda2e2b) \Device\Harddisk0\DR0\Partition0
2011/07/12 18:43:47.0437 5564 Boot (0x1200) (4160631dc318bb7294e60098749afec4) \Device\Harddisk0\DR0\Partition1
2011/07/12 18:43:47.0453 5564 ================================================================================
2011/07/12 18:43:47.0453 5564 Scan finished
2011/07/12 18:43:47.0453 5564 ================================================================================
2011/07/12 18:43:47.0473 4832 Detected object count: 1
2011/07/12 18:43:47.0473 4832 Actual detected object count: 1
2011/07/12 18:44:05.0622 4832 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/12 18:44:05.0622 4832 \Device\Harddisk0\DR0 - ok
2011/07/12 18:44:05.0646 4832 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/12 18:44:22.0836 5936 Deinitialize success

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:56 PM

Posted 12 July 2011 - 07:34 PM

Very good :)

Let's recheck...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users