Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SHeur3.CKYT


  • This topic is locked This topic is locked
17 replies to this topic

#1 Fixitprz

Fixitprz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 24 July 2011 - 12:24 PM

Hello,

My computer has a virus SHeu3.CKYT

AVG version 9.0.901 detected this in two different spots:

"C:\Windows\SysWOW64\wlandlg32.exe";"Trojan horse SHeur3.CKYT";"Moved to Virus Vault"

"C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe";"Trojan horse SHeur3.CKYT";"Moved to Virus Vault"



What the virus is doing:
When I search for something in google whie using firefox, the result links are redirected links to the wrong pages. Google Chrome and Opera are fine.

I'm running Windows 7.

Here is the DDS reports.




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Why at 13:08:15 on 2011-07-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7990.4963 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: {0ed1f037-6b35-40b6-8160-4b58770174ee} - C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Why\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRunOnce: [Application Restart #0] C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end -- "C:\Users\Why\Downloads\Fatal Alliance (Star Wars)\Fatal Alliance (Star Wars)\Star Wars - Sean Williams - [The Old Republic] - Fatal Alliance.htm" --restore-last-session
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Why\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{36C69631-D8DB-4FBF-A184-B3F3A964C09F} : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{36C69631-D8DB-4FBF-A184-B3F3A964C09F}\0514E4542514 : DhcpNameServer = 10.0.0.4
TCP: Interfaces\{36C69631-D8DB-4FBF-A184-B3F3A964C09F}\C696E6B6379737 : DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{36C69631-D8DB-4FBF-A184-B3F3A964C09F}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Why\AppData\Roaming\Mozilla\Firefox\Profiles\nv8y2fej.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\Why\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Why\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Why\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: XUL Cache: {42e0a5ec-5115-40c7-be2c-971eedf67b0f} - %profile%\extensions\{42e0a5ec-5115-40c7-be2c-971eedf67b0f}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-3-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-17 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-17 308136]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-10 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-2-5 1355968]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-10 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 btwdins32;Bluetooth Service ;C:\Windows\system32\wlandlg32.exe --> C:\Windows\system32\wlandlg32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-07-24 01:14:54 -------- d--h--w- C:\$AVG
2011-07-24 00:25:08 440320 ----a-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
2011-07-23 17:13:35 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-23 17:13:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-07-23 17:13:35 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-07-23 17:13:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-07-23 17:13:35 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-07-23 17:13:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-07-23 17:13:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-07-23 17:13:34 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-23 17:13:34 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-07-01 20:31:39 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-05 23:37:05 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
.
============= FINISH: 13:08:32.70 ===============


Thank you very much for your time and effort. Greatly appreciated.

Edited by Fixitprz, 24 July 2011 - 12:25 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 03 August 2011 - 04:18 AM

Hi Fixitprz,

Welcome to the forum and apologies for the delay.

Please update me on the current condition of your computer.

In case the issue is not resolved please run DDS copy and post DDS.txt and attach Attach.txt, without zipping, to your reply.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 08 August 2011 - 02:14 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 22 August 2011 - 01:02 AM

Topic reopened upon request.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


#5 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 August 2011 - 08:31 AM

[list=1]
[*]Please download TDSSKiller.zip and and extract it.[list]
[*]Run TDSSKiller.exe.
[*] Click Start scan.
[*]When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
[*]Let reboot if needed and tell me if the tool needed a reboot.
[*]Click on Report and post the contents of the text file that will open.


I did exactly as instructed, no infections were found. A reboot was not required. Scan took 44 seconds.

Here is the contents of the TxT file report.

In my next reply I will post the results of your second set of instructions.








2011/08/23 09:25:43.0908 3488 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 09:25:44.0166 3488 ================================================================================
2011/08/23 09:25:44.0166 3488 SystemInfo:
2011/08/23 09:25:44.0166 3488
2011/08/23 09:25:44.0166 3488 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 09:25:44.0166 3488 Product type: Workstation
2011/08/23 09:25:44.0166 3488 ComputerName: WHY-PC
2011/08/23 09:25:44.0167 3488 UserName: Why
2011/08/23 09:25:44.0167 3488 Windows directory: C:\Windows
2011/08/23 09:25:44.0167 3488 System windows directory: C:\Windows
2011/08/23 09:25:44.0167 3488 Running under WOW64
2011/08/23 09:25:44.0167 3488 Processor architecture: Intel x64
2011/08/23 09:25:44.0167 3488 Number of processors: 4
2011/08/23 09:25:44.0167 3488 Page size: 0x1000
2011/08/23 09:25:44.0167 3488 Boot type: Normal boot
2011/08/23 09:25:44.0167 3488 ================================================================================
2011/08/23 09:25:45.0278 3488 Initialize success
2011/08/23 09:25:49.0343 6416 ================================================================================
2011/08/23 09:25:49.0343 6416 Scan started
2011/08/23 09:25:49.0343 6416 Mode: Manual;
2011/08/23 09:25:49.0343 6416 ================================================================================
2011/08/23 09:25:51.0042 6416 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 09:25:51.0259 6416 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/08/23 09:25:51.0444 6416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 09:25:51.0617 6416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 09:25:51.0735 6416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 09:25:51.0990 6416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 09:25:52.0314 6416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 09:25:53.0091 6416 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 09:25:53.0422 6416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 09:25:53.0665 6416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 09:25:54.0185 6416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 09:25:54.0285 6416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 09:25:54.0727 6416 amdkmdag (8e98e43819992dd12290b2cbe1bffbf6) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/08/23 09:25:55.0078 6416 amdkmdap (70fe97a6470e93880e8b149d287ce660) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/23 09:25:55.0277 6416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 09:25:55.0428 6416 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 09:25:55.0548 6416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 09:25:55.0691 6416 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 09:25:56.0132 6416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 09:25:56.0336 6416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 09:25:56.0556 6416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 09:25:56.0672 6416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 09:25:56.0994 6416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 09:25:57.0749 6416 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/23 09:25:58.0222 6416 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2011/08/23 09:25:58.0481 6416 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2011/08/23 09:25:59.0007 6416 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
2011/08/23 09:25:59.0230 6416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 09:25:59.0480 6416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 09:25:59.0678 6416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 09:26:00.0108 6416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 09:26:00.0296 6416 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 09:26:00.0460 6416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 09:26:00.0824 6416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 09:26:01.0075 6416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 09:26:01.0194 6416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 09:26:01.0596 6416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 09:26:01.0906 6416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 09:26:02.0221 6416 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/23 09:26:02.0414 6416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 09:26:02.0701 6416 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/23 09:26:03.0178 6416 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
2011/08/23 09:26:03.0560 6416 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/23 09:26:03.0818 6416 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
2011/08/23 09:26:04.0217 6416 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
2011/08/23 09:26:05.0123 6416 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/23 09:26:05.0458 6416 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/23 09:26:05.0903 6416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 09:26:06.0182 6416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 09:26:06.0443 6416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 09:26:06.0521 6416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 09:26:06.0701 6416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 09:26:06.0753 6416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 09:26:06.0921 6416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 09:26:07.0144 6416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 09:26:07.0887 6416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 09:26:08.0400 6416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 09:26:08.0943 6416 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 09:26:09.0463 6416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 09:26:09.0611 6416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 09:26:09.0750 6416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 09:26:09.0855 6416 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
2011/08/23 09:26:10.0001 6416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 09:26:10.0357 6416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 09:26:11.0135 6416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 09:26:11.0411 6416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 09:26:11.0507 6416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 09:26:11.0541 6416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 09:26:11.0616 6416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 09:26:11.0663 6416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 09:26:11.0710 6416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 09:26:11.0778 6416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 09:26:11.0810 6416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 09:26:11.0893 6416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 09:26:11.0937 6416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 09:26:11.0997 6416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 09:26:12.0051 6416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 09:26:12.0099 6416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 09:26:12.0176 6416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 09:26:12.0228 6416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 09:26:12.0285 6416 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/23 09:26:12.0467 6416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 09:26:12.0494 6416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 09:26:12.0583 6416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 09:26:12.0670 6416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 09:26:12.0814 6416 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/08/23 09:26:12.0892 6416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 09:26:12.0985 6416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 09:26:13.0032 6416 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 09:26:13.0048 6416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 09:26:13.0126 6416 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/23 09:26:13.0207 6416 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 09:26:13.0526 6416 igfx (90afab2b5962b1cd5bb23320675d6174) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/23 09:26:13.0827 6416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 09:26:13.0908 6416 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/23 09:26:13.0993 6416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 09:26:14.0260 6416 intelkmd (90afab2b5962b1cd5bb23320675d6174) C:\Windows\system32\DRIVERS\igdpmd64.sys
2011/08/23 09:26:14.0506 6416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 09:26:14.0578 6416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 09:26:14.0689 6416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 09:26:14.0758 6416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 09:26:14.0811 6416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 09:26:14.0876 6416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 09:26:14.0935 6416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 09:26:14.0993 6416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 09:26:15.0070 6416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 09:26:15.0113 6416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 09:26:15.0159 6416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 09:26:15.0208 6416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 09:26:15.0302 6416 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/23 09:26:15.0396 6416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 09:26:15.0505 6416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 09:26:15.0583 6416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 09:26:15.0692 6416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 09:26:15.0790 6416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 09:26:15.0913 6416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 09:26:16.0110 6416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 09:26:16.0762 6416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 09:26:17.0004 6416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 09:26:17.0221 6416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 09:26:17.0376 6416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 09:26:17.0565 6416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 09:26:17.0674 6416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 09:26:17.0760 6416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 09:26:18.0019 6416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 09:26:18.0311 6416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 09:26:18.0482 6416 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 09:26:18.0735 6416 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 09:26:19.0115 6416 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 09:26:19.0190 6416 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 09:26:19.0463 6416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 09:26:19.0854 6416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 09:26:20.0210 6416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 09:26:20.0286 6416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 09:26:20.0597 6416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 09:26:21.0039 6416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 09:26:21.0479 6416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 09:26:21.0754 6416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 09:26:21.0839 6416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 09:26:21.0901 6416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 09:26:21.0948 6416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 09:26:22.0008 6416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 09:26:22.0325 6416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 09:26:22.0767 6416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 09:26:23.0096 6416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 09:26:23.0420 6416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 09:26:23.0527 6416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 09:26:23.0549 6416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 09:26:23.0577 6416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 09:26:23.0827 6416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 09:26:23.0992 6416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 09:26:24.0322 6416 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/08/23 09:26:24.0869 6416 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/23 09:26:25.0236 6416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 09:26:25.0336 6416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 09:26:25.0385 6416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 09:26:25.0453 6416 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 09:26:25.0538 6416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 09:26:25.0630 6416 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 09:26:25.0692 6416 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 09:26:25.0739 6416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 09:26:25.0770 6416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 09:26:25.0848 6416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 09:26:25.0895 6416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 09:26:25.0957 6416 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 09:26:25.0991 6416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 09:26:26.0032 6416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 09:26:26.0068 6416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 09:26:26.0117 6416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 09:26:26.0239 6416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 09:26:26.0278 6416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 09:26:26.0344 6416 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 09:26:26.0392 6416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 09:26:26.0492 6416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 09:26:26.0551 6416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 09:26:26.0592 6416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 09:26:26.0649 6416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 09:26:26.0690 6416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 09:26:26.0721 6416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 09:26:26.0776 6416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 09:26:26.0805 6416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 09:26:26.0838 6416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 09:26:26.0870 6416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 09:26:26.0928 6416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 09:26:26.0966 6416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 09:26:26.0981 6416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 09:26:27.0012 6416 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 09:26:27.0158 6416 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/23 09:26:27.0223 6416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 09:26:27.0274 6416 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/23 09:26:27.0348 6416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 09:26:27.0388 6416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 09:26:27.0430 6416 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/23 09:26:27.0511 6416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 09:26:27.0653 6416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 09:26:27.0730 6416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 09:26:27.0787 6416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 09:26:27.0863 6416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 09:26:27.0921 6416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 09:26:27.0986 6416 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 09:26:28.0076 6416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 09:26:28.0160 6416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 09:26:28.0222 6416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 09:26:28.0300 6416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 09:26:28.0363 6416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 09:26:28.0534 6416 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 09:26:28.0620 6416 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 09:26:28.0727 6416 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/23 09:26:28.0797 6416 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/23 09:26:28.0880 6416 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/23 09:26:29.0038 6416 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 09:26:29.0239 6416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 09:26:29.0372 6416 STHDA (936a4d05f7a790b8aab3b6be61651e0e) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/23 09:26:29.0485 6416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 09:26:29.0636 6416 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/23 09:26:29.0889 6416 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 09:26:30.0087 6416 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 09:26:30.0170 6416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 09:26:30.0253 6416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 09:26:30.0280 6416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 09:26:30.0307 6416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 09:26:30.0356 6416 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 09:26:30.0433 6416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 09:26:30.0502 6416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 09:26:30.0549 6416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 09:26:30.0604 6416 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 09:26:30.0670 6416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 09:26:30.0721 6416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 09:26:30.0768 6416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 09:26:30.0846 6416 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 09:26:30.0893 6416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 09:26:30.0940 6416 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/08/23 09:26:31.0002 6416 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 09:26:31.0049 6416 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/08/23 09:26:31.0126 6416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 09:26:31.0174 6416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/23 09:26:31.0314 6416 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/23 09:26:31.0372 6416 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 09:26:31.0573 6416 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 09:26:31.0766 6416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 09:26:31.0835 6416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 09:26:31.0923 6416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 09:26:31.0991 6416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 09:26:32.0051 6416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 09:26:32.0113 6416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 09:26:32.0178 6416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 09:26:32.0310 6416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 09:26:32.0387 6416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 09:26:32.0436 6416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/23 09:26:32.0582 6416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 09:26:32.0659 6416 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/23 09:26:32.0805 6416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 09:26:32.0855 6416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 09:26:32.0872 6416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 09:26:32.0969 6416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 09:26:33.0055 6416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 09:26:33.0185 6416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 09:26:33.0225 6416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 09:26:33.0373 6416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 09:26:33.0497 6416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 09:26:33.0607 6416 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 09:26:33.0693 6416 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 09:26:33.0833 6416 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/23 09:26:33.0919 6416 MBR (0x1B8) (d3f7302125c0e064925e32a5029e4424) \Device\Harddisk0\DR0
2011/08/23 09:26:33.0987 6416 Boot (0x1200) (3a9fe04f488600ed23320a7f3b287637) \Device\Harddisk0\DR0\Partition0
2011/08/23 09:26:34.0014 6416 Boot (0x1200) (640d8a03a4da94b766595605f52b1c07) \Device\Harddisk0\DR0\Partition1
2011/08/23 09:26:34.0058 6416 Boot (0x1200) (0ebeaa2359c62299c8d876ec17035a16) \Device\Harddisk0\DR0\Partition2
2011/08/23 09:26:34.0117 6416 Boot (0x1200) (3e7e4323174f5d1bd2ff8b279b9819cd) \Device\Harddisk0\DR0\Partition3
2011/08/23 09:26:34.0122 6416 ================================================================================
2011/08/23 09:26:34.0122 6416 Scan finished
2011/08/23 09:26:34.0122 6416 ================================================================================
2011/08/23 09:26:34.0132 4968 Detected object count: 0
2011/08/23 09:26:34.0132 4968 Actual detected object count: 0

#6 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 August 2011 - 08:34 AM

I have completed the second set of instructions. GooredFix.exe detected something and generated this report:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:33 on 23/08/2011 (Why)
Firefox version 3.6.18 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Why\Application Data\Mozilla\Firefox\Profiles\nv8y2fej.default\extensions\{42e0a5ec-5115-40c7-be2c-971eedf67b0f}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:29 17/08/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:34 19/09/2010]

C:\Users\Why\Application Data\Mozilla\Firefox\Profiles\nv8y2fej.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files (x86)\AVG\AVG9\Firefox" [14:35 17/08/2010]

-=E.O.F=-

#7 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 August 2011 - 08:35 AM

Firefox is working fine now, are there any other steps I should take to ensure everything is cleaned up?

Thank you so much for your time and knowledge. :)

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 23 August 2011 - 10:18 AM

Great. :thumbup2:

No need to quote my post please.

We have just removed a bad extension on Firefox but we are not done yet. I suspect another infection and the TDSSKiller log confirms it even though it didn't detect it as malware.

Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#9 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 24 August 2011 - 07:00 AM

I've done as requested and hit N followed by enter twice. Here is the contents of the txt file.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP ENVY 14 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 203):
0x02A0E000 \SystemRoot\system32\ntoskrnl.exe
0x02FEA000 \SystemRoot\system32\hal.dll
0x00BAC000 \SystemRoot\system32\kdcom.dll
0x00C28000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6C000 \SystemRoot\system32\PSHED.dll
0x00C80000 \SystemRoot\system32\CLFS.SYS
0x00CDE000 \SystemRoot\system32\CI.dll
0x00E09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EAD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EBC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F13000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F1C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F26000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F59000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F66000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F84000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F90000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FA5000 \SystemRoot\System32\drivers\mountmgr.sys
0x01009000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01211000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0121A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01244000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0124F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0125F000 \SystemRoot\system32\drivers\amdxata.sys
0x0126A000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B6000 \SystemRoot\system32\drivers\fileinfo.sys
0x012CA000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x0140E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012DF000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0133D000 \SystemRoot\System32\Drivers\cng.sys
0x015CA000 \SystemRoot\System32\drivers\pcw.sys
0x015DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01622000 \SystemRoot\system32\drivers\ndis.sys
0x01714000 \SystemRoot\system32\drivers\NETIO.SYS
0x01774000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0179F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x013B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017E9000 \SystemRoot\System32\Drivers\spldr.sys
0x00FBF000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\System32\drivers\hwpolicy.sys
0x017F1000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01A24000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A5E000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A74000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042EF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04319000 \SystemRoot\System32\Drivers\Null.SYS
0x04322000 \SystemRoot\System32\Drivers\Beep.SYS
0x04329000 \SystemRoot\System32\drivers\vga.sys
0x04337000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0435C000 \SystemRoot\System32\drivers\watchdog.sys
0x0436C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04375000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0437E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04387000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04392000 \SystemRoot\System32\Drivers\Npfs.SYS
0x043A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043C1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\System32\Drivers\avgtdia.sys
0x04051000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01AB2000 \SystemRoot\system32\drivers\afd.sys
0x04096000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0409F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043CE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01B3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01B56000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01B6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040C5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01BBB000 \SystemRoot\system32\DRIVERS\dvmio.sys
0x01BC3000 \SystemRoot\System32\drivers\discache.sys
0x01BD2000 \SystemRoot\System32\Drivers\dfsc.sys
0x01A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01A11000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x02EE7000 \SystemRoot\System32\Drivers\avgldx64.sys
0x02F2E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F54000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04AB5000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x05812000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x044E4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04457000 \SystemRoot\system32\drivers\usbehci.sys
0x04468000 \SystemRoot\system32\drivers\USBPORT.SYS
0x044BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06653000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06DB2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06DBF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06DDD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04612000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0476D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0476F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0477E000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x047A5000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x047B1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x047B6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x047BF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x047D5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x047E5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06624000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05124000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0460C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05145000 \SystemRoot\system32\DRIVERS\ks.sys
0x06DEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05188000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04A00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04A5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04A6F000 \SystemRoot\system32\DRIVERS\portcls.sys
0x051BE000 \SystemRoot\system32\DRIVERS\drmk.sys
0x045F3000 \SystemRoot\system32\drivers\ksthunk.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x05800000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F8D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x040D0000 \SystemRoot\System32\Drivers\bthport.sys
0x05FA5000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05FD1000 \SystemRoot\system32\drivers\BthEnum.sys
0x051E0000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0415C000 \SystemRoot\system32\drivers\btwavdt.sys
0x041D7000 \SystemRoot\system32\drivers\btwaudio.sys
0x02E7F000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0460E000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x02E8B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04AAC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02EA4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02F88000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02FB6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02FD3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x022E8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x024F0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02503000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x02511000 \SystemRoot\system32\drivers\luafv.sys
0x02534000 \SystemRoot\system32\drivers\WudfPf.sys
0x02555000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0256A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x025BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x025D0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x025E8000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02200000 \SystemRoot\system32\drivers\HTTP.sys
0x022C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02FE1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0425D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0428A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02EC1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C19000 \SystemRoot\system32\drivers\peauth.sys
0x03CBF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03CCA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03CF7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03D09000 \SystemRoot\System32\DRIVERS\srv2.sys
0x056AA000 \SystemRoot\System32\DRIVERS\srv.sys
0x0573F000 \SystemRoot\system32\drivers\spsys.sys
0x77860000 \Windows\System32\ntdll.dll
0x47A70000 \Windows\System32\smss.exe
0xFFB80000 \Windows\System32\apisetschema.dll
0xFF420000 \Windows\System32\autochk.exe
0xFFA40000 \Windows\System32\wininet.dll
0xFF970000 \Windows\System32\usp10.dll
0xFF7F0000 \Windows\System32\urlmon.dll
0xFEA60000 \Windows\System32\shell32.dll
0xFE980000 \Windows\System32\advapi32.dll
0xFE8A0000 \Windows\System32\oleaut32.dll
0xFE790000 \Windows\System32\msctf.dll
0xFE6F0000 \Windows\System32\clbcatq.dll
0xFE6D0000 \Windows\System32\imagehlp.dll
0xFE470000 \Windows\System32\iertutil.dll
0xFE440000 \Windows\System32\imm32.dll
0xFE430000 \Windows\System32\lpk.dll
0x77A30000 \Windows\System32\normaliz.dll
0xFE250000 \Windows\System32\setupapi.dll
0xFE230000 \Windows\System32\sechost.dll
0xFE190000 \Windows\System32\comdlg32.dll
0xFE060000 \Windows\System32\rpcrt4.dll
0x77A20000 \Windows\System32\psapi.dll
0xFDFF0000 \Windows\System32\gdi32.dll
0xFDF50000 \Windows\System32\msvcrt.dll
0x77740000 \Windows\System32\kernel32.dll
0xFDF00000 \Windows\System32\ws2_32.dll
0x77640000 \Windows\System32\user32.dll
0xFDE80000 \Windows\System32\difxapi.dll
0xFDE00000 \Windows\System32\shlwapi.dll
0xFDDF0000 \Windows\System32\nsi.dll
0xFDDA0000 \Windows\System32\Wldap32.dll
0xFDB90000 \Windows\System32\ole32.dll
0xFDAF0000 \Windows\System32\comctl32.dll
0xFD980000 \Windows\System32\crypt32.dll
0xFD940000 \Windows\System32\cfgmgr32.dll
0xFD900000 \Windows\System32\wintrust.dll
0xFD890000 \Windows\System32\KernelBase.dll
0xFD870000 \Windows\System32\devobj.dll
0xFD860000 \Windows\System32\msasn1.dll
0x77A10000 \Windows\SysWOW64\normaliz.dll

Processes (total 90):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
440 csrss.exe
516 C:\Windows\System32\wininit.exe
536 csrss.exe
544 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
552 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
624 C:\Windows\System32\services.exe
640 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
360 C:\Windows\System32\winlogon.exe
412 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\atiesrxx.exe
1132 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe
1312 C:\Windows\System32\audiodg.exe
1472 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\hpservice.exe
1584 C:\Windows\System32\atieclxx.exe
1664 C:\Windows\System32\svchost.exe
1908 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\svchost.exe
2028 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
1228 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1440 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1432 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
1964 C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
2076 C:\Windows\System32\svchost.exe
2104 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2128 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2164 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2216 C:\Windows\System32\svchost.exe
2272 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2312 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2776 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2832 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3048 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2824 C:\Windows\System32\SearchIndexer.exe
1216 C:\Windows\System32\svchost.exe
3352 C:\Windows\System32\dwm.exe
3376 C:\Windows\explorer.exe
3388 C:\Windows\System32\taskhost.exe
3528 C:\Windows\System32\igfxtray.exe
3536 C:\Windows\System32\hkcmd.exe
3544 C:\Windows\System32\igfxpers.exe
3564 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3588 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3628 C:\Windows\System32\igfxsrvc.exe
3676 C:\Program Files\IDT\WDM\sttray64.exe
3696 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3704 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3736 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
3744 C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
3900 C:\Program Files (x86)\Skype\Phone\Skype.exe
3956 WmiPrvSE.exe
4020 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
1560 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
3348 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
3728 C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
4116 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4124 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4152 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
4164 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
4236 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4596 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
4984 C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
4488 C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
4292 C:\Windows\System32\taskeng.exe
4668 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4344 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4112 C:\Users\Why\AppData\Local\Google\Chrome\Application\chrome.exe
4776 C:\Windows\System32\SearchProtocolHost.exe
4408 C:\Windows\System32\SearchFilterHost.exe
3936 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4996 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
4444 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
2584 C:\Windows\System32\sppsvc.exe
3988 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
1300 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4060 WmiPrvSE.exe
4580 C:\Program Files\Windows Media Player\wmpnetwk.exe
5432 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5616 C:\Users\Why\Downloads\MBRCheck.exe
5624 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`6be00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 35903ECA4E59B5677AB77AF19B0004EA0E6A3115


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 24 August 2011 - 08:31 AM

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: bootrec /FixMbr
    Control:
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Yours is x64 version:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#11 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 25 August 2011 - 06:40 AM

Left my flash drive at home!

I have the files ready to go, I'll hop to when I get home later tonight.

Didn't want you to think I went inactive again! B)

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 25 August 2011 - 10:00 AM

Thanks for letting me know. Please post the result when ready. :thumbup2:

#13 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 28 August 2011 - 06:46 PM

Sorry for the delay, the weekend caught up to me and now I have to clean up after the hurricane, please bear with me, I swear I haven't forgotten about this!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:59 PM

Posted 29 August 2011 - 12:57 AM

No worries, hope the hurricane didn't left a lot of mess behind.

#15 Fixitprz

Fixitprz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 02 September 2011 - 11:25 AM

I have done as requested. Here is the contents of the log. And a tree fell into my neighbors house, we fixed up his wall and he is good now. :)

I will be away this weekend.


Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.1)
Ran by SYSTEM at 2011-09-02 12:12:25 R:1
Running from H:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users