Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove trojan viruses


  • Please log in to reply
21 replies to this topic

#1 Otown

Otown

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 24 August 2011 - 11:08 AM

Issue started with Google search resulting in several browser redirects. Shortly thereafter, numerous virus alerts began popping up displayed by my AVG anti-virus program. However, when I tried to get rid of the viruses a the following message appeared - "object does not exist or inaccessible". There were so many different virus messages that I could not keep track of them all. But here are the last three - 1) location >> "c:\windows\temp\tnkcn\setup.exe (Trojan Horse Downloader.Generic11.CILH); 2) location >> "c:\windows\temp\ratsan\setup.exe (Trojan Horse Sheur4.BG.CILH; location >> 3) WIN32/Cryptor. Also, experienced two blue screen shut downs while running MalwareBytes anti-virus sw. Please advise.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 24 August 2011 - 10:00 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 25 August 2011 - 11:39 AM

Results from running utilities posted below as requested. There is some malware still present.


CHECKUP.TXT
Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG 2011
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 14
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

MiniToolBox by Farbar
Ran by Michael (administrator) on 24-08-2011 at 23:30:10
Windows 7 Professional Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : B4-82-FE-0A-45-E0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a56e:74d8:341d:459c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 24, 2011 11:27:37 PM
Lease Expires . . . . . . . . . . : Thursday, August 25, 2011 11:27:36 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 313819902
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-F7-70-D0-00-26-6C-4C-F3-8A
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FB1DC031-6A86-4FB9-94BE-8391BA949F71}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:891:f66c:bbb5:bccf(Preferred)
Link-local IPv6 Address . . . . . : fe80::891:f66c:bbb5:bccf%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.50
74.125.225.48
74.125.225.49
74.125.225.52
74.125.225.51


Pinging google.com [74.125.225.52] with 32 bytes of data:
Reply from 74.125.225.52: bytes=32 time=51ms TTL=51
Reply from 74.125.225.52: bytes=32 time=55ms TTL=51

Ping statistics for 74.125.225.52:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 55ms, Average = 53ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=145ms TTL=55
Reply from 98.137.149.56: bytes=32 time=110ms TTL=55

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 145ms, Average = 127ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...b4 82 fe 0a 45 e0 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 286
192.168.0.4 255.255.255.255 On-link 192.168.0.4 286
192.168.0.255 255.255.255.255 On-link 192.168.0.4 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:891:f66c:bbb5:bccf/128
On-link
11 286 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::891:f66c:bbb5:bccf/128
On-link
11 286 fe80::a56e:74d8:341d:459c/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2011 10:53:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/24/2011 10:53:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/24/2011 08:57:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00005c00
Faulting process id: 0x1b90
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/24/2011 08:48:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Faulting module name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Exception code: 0xc0000005
Fault offset: 0x0000d30b
Faulting process id: 0x146c
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (08/24/2011 08:46:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Faulting module name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Exception code: 0xc0000005
Fault offset: 0x0000d30b
Faulting process id: 0xb70
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (08/24/2011 08:43:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Faulting module name: OUTLOOK.EXE, version: 12.0.6555.5000, time stamp: 0x4d66ba2c
Exception code: 0xc0000005
Fault offset: 0x0000d30b
Faulting process id: 0xee0
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (08/24/2011 08:36:02 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/24/2011 08:36:02 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/23/2011 06:23:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: jvm.dll, version: 14.0.0.16, time stamp: 0x4a15ac93
Exception code: 0xc0000005
Fault offset: 0x000c5ef2
Faulting process id: 0x664
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/23/2011 05:20:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: Flash10b.ocx, version: 10.0.22.87, time stamp: 0x4987a6c3
Exception code: 0xc0000005
Fault offset: 0x00225c8a
Faulting process id: 0x29a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (08/24/2011 11:27:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:37 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:37 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 11:27:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 10:53:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 10:53:14 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/24/2011 10:53:14 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (08/01/2011 01:18:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52859 seconds with 2820 seconds of active time. This session ended with a crash.

Error: (05/03/2011 07:16:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1141356 seconds with 98220 seconds of active time. This session ended with a crash.

Error: (04/20/2011 02:13:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 218502 seconds with 30060 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.5 (Version: 9.4.5)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AT&T Communication Manager (Version: 7.00.0208.0)
Audacity 1.2.6
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
Bonjour (Version: 3.0.0.2)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Carbonite (Version: 4.0.4 build 806 (Mar-03-2011))
CCleaner (Version: 3.01)
Cisco WebEx Meeting Center for Firefox or Chrome (Version: 8.23.2500)
D3DX10 (Version: 15.4.2368.0902)
doPDF 7.2 printer
Fuze Meeting (Version: 1.9.32055)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.65)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
HijackThis 2.0.2 (Version: 2.0.2)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 10.4.0.80)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Meeting Service
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 6.0 (x86 en-US) (Version: 6.0)
MSVCRT (Version: 15.4.2862.0708)
Norton Internet Security (Version: 17.0.0.136)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Skype Launcher (Version: 2.01)
Stamps.com
Stamps.com (Version: 8.9.2.2162)
Stamps.com Address Book Support for Intuit QuickBooks 2004-2011 (Version: 8.8.0.1508)
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (Version: 8.7.0.1506)
Stamps.com Application Support for Microsoft Outlook 2000-2010 (Version: 8.7.0.1506)
Stamps.com Application Support for Microsoft Word 2000-2010 (Version: 8.7.0.1506)
Stamps.com support for Intuit QuickBooks 2004-2011
Stamps.com support for Microsoft Outlook 2000-2010
Stamps.com support for Microsoft Outlook 97-2010
Stamps.com support for Microsoft Word 2000-2010
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application and Driver Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 2.01.11)
TOSHIBA Bulletin Board (Version: 1.5.06.32)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2)
TOSHIBA DVD PLAYER (Version: 3.01.1.06-A)
TOSHIBA eco Utility (Version: 1.2.4.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.0.32)
TOSHIBA Hardware Setup (Version: 2.00.16)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.4)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.5.1.0)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4)
TOSHIBA ReelTime (Version: 1.5.08.32)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.11)
TOSHIBA Value Added Package (Version: 1.2.25)
TOSHIBA Web Camera Application (Version: 1.1.1.10)
ToshibaRegistration (Version: 1.0.3)
V.92 Modem On Hold (Version: 2.5.66.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1915.99 MB
Available physical RAM: 711.5 MB
Total Pagefile: 3831.98 MB
Available Pagefile: 2041.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.06 MB

========================= Partitions: =====================================

1 Drive c: (TI105758W0C) (Fixed) (Total:224.57 GB) (Free:184.43 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHAEL-LAPTOP

Administrator Guest Michael


**** End of log ****


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7552

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/24/2011 11:41:16 PM
mbam-log-2011-08-24 (23-41-16).txt

Scan type: Quick scan
Objects scanned: 174048
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\temp\jar_cache5044354767943990083.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\jar_cache6586390663267896076.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\0.24171401950040594.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-25 09:02:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925031 rev.0001
Running: xiex9jpo.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kwliqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x97DC87A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x97DC8848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x97DC88E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x97DC8980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C48339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C81D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C89094 4 Bytes [A0, 87, DC, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C89364 8 Bytes [48, 88, DC, 97, E4, 88, DC, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C893D8 4 Bytes [80, 89, DC, 97]
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88D42000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88D87000, 0x3DC, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 777A5F18 5 Bytes JMP 0036000A
.text C:\windows\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 777A6A98 5 Bytes JMP 0058000A
.text C:\windows\system32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 777A7008 5 Bytes JMP 0020000A
.text C:\windows\Explorer.EXE[1972] ntdll.dll!NtProtectVirtualMemory 777A5F18 5 Bytes JMP 0059000A
.text C:\windows\Explorer.EXE[1972] ntdll.dll!NtWriteVirtualMemory 777A6A98 5 Bytes JMP 00AB000A
.text C:\windows\Explorer.EXE[1972] ntdll.dll!KiUserExceptionDispatcher 777A7008 5 Bytes JMP 0051000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2756] ntdll.dll!NtProtectVirtualMemory 777A5F18 5 Bytes JMP 0052000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2756] ntdll.dll!NtWriteVirtualMemory 777A6A98 5 Bytes JMP 0053000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2756] ntdll.dll!KiUserExceptionDispatcher 777A7008 5 Bytes JMP 0044000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C12437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BF5600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BF56BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C124B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C08514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C04CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C0506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C05144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C06671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C0826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C087BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C0901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C0E1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1972] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C04BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 25 August 2011 - 08:35 PM

We have couple of issues there, but let's start with a rootkit infection.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 25 August 2011 - 11:06 PM

Here you go. Thanks for helping out Broni.

2011/08/25 22:52:31.0157 3120 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 22:52:33.0169 3120 ================================================================================
2011/08/25 22:52:33.0169 3120 SystemInfo:
2011/08/25 22:52:33.0169 3120
2011/08/25 22:52:33.0169 3120 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/25 22:52:33.0169 3120 Product type: Workstation
2011/08/25 22:52:33.0169 3120 ComputerName: MICHAEL-LAPTOP
2011/08/25 22:52:33.0169 3120 UserName: Michael
2011/08/25 22:52:33.0169 3120 Windows directory: C:\windows
2011/08/25 22:52:33.0169 3120 System windows directory: C:\windows
2011/08/25 22:52:33.0169 3120 Processor architecture: Intel x86
2011/08/25 22:52:33.0169 3120 Number of processors: 2
2011/08/25 22:52:33.0169 3120 Page size: 0x1000
2011/08/25 22:52:33.0169 3120 Boot type: Normal boot
2011/08/25 22:52:33.0169 3120 ================================================================================
2011/08/25 22:52:34.0932 3120 Initialize success
2011/08/25 22:52:50.0017 1496 ================================================================================
2011/08/25 22:52:50.0017 1496 Scan started
2011/08/25 22:52:50.0017 1496 Mode: Manual;
2011/08/25 22:52:50.0017 1496 ================================================================================
2011/08/25 22:52:54.0635 1496 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/08/25 22:52:54.0916 1496 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/08/25 22:52:55.0025 1496 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/08/25 22:52:55.0212 1496 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/08/25 22:52:55.0415 1496 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/08/25 22:52:55.0696 1496 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/08/25 22:52:56.0039 1496 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
2011/08/25 22:52:56.0226 1496 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/08/25 22:52:56.0413 1496 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/08/25 22:52:56.0507 1496 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/08/25 22:52:56.0741 1496 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/08/25 22:52:56.0866 1496 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/08/25 22:52:56.0913 1496 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/08/25 22:52:57.0100 1496 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/08/25 22:52:57.0209 1496 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/08/25 22:52:57.0349 1496 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
2011/08/25 22:52:57.0459 1496 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/08/25 22:52:57.0521 1496 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
2011/08/25 22:52:57.0630 1496 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/08/25 22:52:57.0817 1496 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/08/25 22:52:57.0911 1496 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/08/25 22:52:58.0161 1496 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/25 22:52:58.0254 1496 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/08/25 22:52:58.0597 1496 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\windows\system32\drivers\atikmdag.sys
2011/08/25 22:52:58.0941 1496 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\windows\system32\DRIVERS\avgfwd6x.sys
2011/08/25 22:52:59.0253 1496 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/25 22:52:59.0377 1496 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/25 22:52:59.0409 1496 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/25 22:52:59.0487 1496 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2011/08/25 22:52:59.0596 1496 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
2011/08/25 22:52:59.0736 1496 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
2011/08/25 22:52:59.0861 1496 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
2011/08/25 22:52:59.0955 1496 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
2011/08/25 22:53:00.0142 1496 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/08/25 22:53:00.0579 1496 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/08/25 22:53:00.0672 1496 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/08/25 22:53:00.0750 1496 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/08/25 22:53:00.0844 1496 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/08/25 22:53:00.0906 1496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/08/25 22:53:00.0969 1496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/08/25 22:53:01.0047 1496 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/08/25 22:53:01.0078 1496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/08/25 22:53:01.0125 1496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/08/25 22:53:01.0171 1496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/08/25 22:53:01.0234 1496 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/08/25 22:53:01.0530 1496 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/25 22:53:01.0608 1496 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/08/25 22:53:01.0749 1496 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/08/25 22:53:01.0811 1496 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/08/25 22:53:01.0983 1496 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/25 22:53:02.0061 1496 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/08/25 22:53:02.0154 1496 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/08/25 22:53:02.0279 1496 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/25 22:53:02.0435 1496 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/08/25 22:53:02.0934 1496 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/08/25 22:53:03.0090 1496 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
2011/08/25 22:53:03.0231 1496 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/08/25 22:53:03.0293 1496 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/08/25 22:53:03.0465 1496 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/08/25 22:53:03.0605 1496 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/08/25 22:53:03.0745 1496 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/25 22:53:03.0917 1496 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/08/25 22:53:04.0182 1496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/08/25 22:53:04.0307 1496 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/08/25 22:53:04.0463 1496 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/08/25 22:53:04.0619 1496 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/08/25 22:53:04.0759 1496 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/08/25 22:53:04.0869 1496 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/08/25 22:53:04.0931 1496 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/08/25 22:53:05.0087 1496 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/25 22:53:05.0149 1496 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/08/25 22:53:05.0196 1496 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/08/25 22:53:05.0243 1496 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/25 22:53:05.0305 1496 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/08/25 22:53:05.0415 1496 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
2011/08/25 22:53:05.0571 1496 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/08/25 22:53:05.0602 1496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/25 22:53:05.0851 1496 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/08/25 22:53:06.0070 1496 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/08/25 22:53:06.0304 1496 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/08/25 22:53:06.0491 1496 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/08/25 22:53:06.0725 1496 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/08/25 22:53:06.0990 1496 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/08/25 22:53:07.0224 1496 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
2011/08/25 22:53:07.0427 1496 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/08/25 22:53:07.0552 1496 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\windows\system32\DRIVERS\HSX_DPV.sys
2011/08/25 22:53:07.0926 1496 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/25 22:53:08.0051 1496 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/08/25 22:53:08.0160 1496 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/08/25 22:53:08.0269 1496 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/08/25 22:53:08.0425 1496 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
2011/08/25 22:53:08.0581 1496 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
2011/08/25 22:53:08.0862 1496 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/08/25 22:53:09.0096 1496 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/08/25 22:53:09.0330 1496 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/08/25 22:53:09.0627 1496 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/08/25 22:53:09.0705 1496 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/25 22:53:09.0767 1496 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/25 22:53:09.0876 1496 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/08/25 22:53:09.0923 1496 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/08/25 22:53:09.0985 1496 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/08/25 22:53:10.0032 1496 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/08/25 22:53:10.0095 1496 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/08/25 22:53:10.0157 1496 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/08/25 22:53:10.0578 1496 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/08/25 22:53:10.0765 1496 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/08/25 22:53:11.0077 1496 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/08/25 22:53:11.0327 1496 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/25 22:53:11.0514 1496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/08/25 22:53:11.0655 1496 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/08/25 22:53:11.0701 1496 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/08/25 22:53:11.0764 1496 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/08/25 22:53:11.0826 1496 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/08/25 22:53:11.0982 1496 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\windows\system32\drivers\mbamswissarmy.sys
2011/08/25 22:53:12.0060 1496 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\windows\system32\DRIVERS\mdmxsdk.sys
2011/08/25 22:53:12.0138 1496 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/08/25 22:53:12.0216 1496 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/08/25 22:53:12.0559 1496 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/08/25 22:53:12.0653 1496 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/08/25 22:53:12.0809 1496 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/08/25 22:53:12.0887 1496 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/25 22:53:12.0934 1496 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/08/25 22:53:12.0996 1496 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/08/25 22:53:13.0074 1496 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/08/25 22:53:13.0137 1496 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/08/25 22:53:13.0199 1496 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/25 22:53:13.0277 1496 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/25 22:53:13.0324 1496 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/25 22:53:13.0386 1496 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/08/25 22:53:13.0433 1496 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/08/25 22:53:13.0511 1496 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/08/25 22:53:13.0558 1496 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/08/25 22:53:13.0605 1496 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/08/25 22:53:13.0683 1496 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/25 22:53:13.0729 1496 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/25 22:53:13.0761 1496 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/08/25 22:53:13.0807 1496 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/08/25 22:53:13.0870 1496 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/08/25 22:53:13.0948 1496 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/08/25 22:53:13.0995 1496 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/08/25 22:53:14.0041 1496 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/08/25 22:53:14.0104 1496 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/25 22:53:14.0213 1496 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/08/25 22:53:14.0338 1496 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/08/25 22:53:14.0369 1496 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/25 22:53:14.0463 1496 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/25 22:53:14.0525 1496 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/25 22:53:14.0587 1496 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/08/25 22:53:14.0665 1496 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/08/25 22:53:14.0728 1496 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/08/25 22:53:14.0806 1496 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/08/25 22:53:14.0899 1496 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/08/25 22:53:14.0962 1496 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/08/25 22:53:15.0133 1496 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
2011/08/25 22:53:15.0367 1496 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/08/25 22:53:15.0508 1496 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
2011/08/25 22:53:15.0586 1496 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
2011/08/25 22:53:15.0773 1496 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/08/25 22:53:15.0976 1496 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/08/25 22:53:16.0147 1496 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/08/25 22:53:16.0631 1496 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/08/25 22:53:16.0943 1496 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/08/25 22:53:17.0130 1496 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/08/25 22:53:17.0286 1496 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/08/25 22:53:17.0395 1496 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/08/25 22:53:17.0505 1496 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\windows\system32\PCTINDIS5.SYS
2011/08/25 22:53:17.0692 1496 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/08/25 22:53:17.0988 1496 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/08/25 22:53:18.0207 1496 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/08/25 22:53:18.0456 1496 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/25 22:53:18.0612 1496 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/08/25 22:53:18.0846 1496 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/08/25 22:53:19.0049 1496 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/08/25 22:53:19.0205 1496 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/08/25 22:53:19.0299 1496 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/08/25 22:53:19.0361 1496 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/25 22:53:19.0470 1496 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/08/25 22:53:19.0626 1496 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/25 22:53:19.0782 1496 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/25 22:53:19.0954 1496 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/25 22:53:20.0281 1496 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/25 22:53:20.0391 1496 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/08/25 22:53:20.0500 1496 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/25 22:53:20.0562 1496 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
2011/08/25 22:53:20.0781 1496 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/08/25 22:53:20.0921 1496 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/08/25 22:53:21.0061 1496 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/08/25 22:53:21.0155 1496 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/08/25 22:53:21.0327 1496 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/08/25 22:53:21.0451 1496 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2011/08/25 22:53:21.0592 1496 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/25 22:53:21.0935 1496 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/08/25 22:53:22.0200 1496 RTL8187Se (8df69ad5f515bc15d5c30666f56288aa) C:\windows\system32\DRIVERS\RTL8187Se.sys
2011/08/25 22:53:22.0980 1496 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/08/25 22:53:23.0183 1496 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
2011/08/25 22:53:23.0292 1496 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/08/25 22:53:23.0370 1496 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/08/25 22:53:23.0495 1496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/08/25 22:53:23.0589 1496 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/08/25 22:53:23.0651 1496 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/08/25 22:53:23.0745 1496 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/08/25 22:53:23.0838 1496 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/08/25 22:53:23.0901 1496 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/08/25 22:53:23.0963 1496 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/08/25 22:53:24.0010 1496 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/08/25 22:53:24.0181 1496 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/08/25 22:53:24.0337 1496 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/08/25 22:53:24.0369 1496 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/08/25 22:53:24.0462 1496 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/08/25 22:53:24.0556 1496 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/08/25 22:53:24.0712 1496 srv (4e636465a8653ba3bf29f929aa578e6f) C:\windows\system32\DRIVERS\srv.sys
2011/08/25 22:53:24.0759 1496 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\windows\system32\DRIVERS\srv2.sys
2011/08/25 22:53:24.0852 1496 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/25 22:53:25.0008 1496 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/25 22:53:25.0258 1496 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/25 22:53:25.0367 1496 srvnet (1346dff5be932939997d373d61a35626) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/25 22:53:25.0461 1496 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/08/25 22:53:25.0539 1496 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
2011/08/25 22:53:25.0726 1496 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
2011/08/25 22:53:25.0851 1496 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/08/25 22:53:25.0944 1496 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\windows\system32\DRIVERS\swmsflt.sys
2011/08/25 22:53:26.0022 1496 SWNC8UA3 (384b7805c856b92bb6662fca26acdb4d) C:\windows\system32\DRIVERS\swnc8ua3.sys
2011/08/25 22:53:26.0287 1496 SWUMXA3 (086f352446a171acd850ccdef6632310) C:\windows\system32\DRIVERS\swumxa3.sys
2011/08/25 22:53:26.0381 1496 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/08/25 22:53:26.0724 1496 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
2011/08/25 22:53:26.0958 1496 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/25 22:53:27.0099 1496 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/08/25 22:53:27.0161 1496 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/08/25 22:53:27.0223 1496 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/08/25 22:53:27.0270 1496 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/08/25 22:53:27.0379 1496 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/08/25 22:53:27.0442 1496 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/08/25 22:53:27.0598 1496 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/08/25 22:53:27.0847 1496 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/25 22:53:27.0941 1496 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/08/25 22:53:28.0035 1496 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/25 22:53:28.0113 1496 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/25 22:53:28.0175 1496 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/08/25 22:53:28.0378 1496 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/08/25 22:53:28.0456 1496 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/08/25 22:53:28.0565 1496 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/08/25 22:53:28.0659 1496 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/08/25 22:53:28.0752 1496 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/08/25 22:53:28.0846 1496 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
2011/08/25 22:53:28.0908 1496 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
2011/08/25 22:53:28.0971 1496 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
2011/08/25 22:53:29.0049 1496 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/08/25 22:53:29.0142 1496 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/25 22:53:29.0220 1496 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
2011/08/25 22:53:29.0283 1496 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/08/25 22:53:29.0330 1496 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/25 22:53:29.0408 1496 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/25 22:53:29.0439 1496 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/25 22:53:29.0579 1496 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/08/25 22:53:29.0720 1496 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/08/25 22:53:29.0954 1496 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/25 22:53:30.0016 1496 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/08/25 22:53:30.0094 1496 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/08/25 22:53:30.0468 1496 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/08/25 22:53:30.0546 1496 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/08/25 22:53:30.0687 1496 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/08/25 22:53:30.0749 1496 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
2011/08/25 22:53:30.0952 1496 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
2011/08/25 22:53:31.0139 1496 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/08/25 22:53:31.0280 1496 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/08/25 22:53:31.0436 1496 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/08/25 22:53:31.0545 1496 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/08/25 22:53:31.0623 1496 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/08/25 22:53:31.0701 1496 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/08/25 22:53:31.0857 1496 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/08/25 22:53:31.0950 1496 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/25 22:53:31.0982 1496 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/25 22:53:32.0091 1496 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/08/25 22:53:32.0153 1496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/08/25 22:53:32.0746 1496 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/08/25 22:53:32.0871 1496 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/08/25 22:53:32.0964 1496 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/25 22:53:33.0183 1496 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
2011/08/25 22:53:33.0276 1496 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/08/25 22:53:33.0432 1496 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/25 22:53:33.0573 1496 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
2011/08/25 22:53:33.0713 1496 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/08/25 22:53:33.0900 1496 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/25 22:53:34.0041 1496 XAudio (894f963be999ba9db5aac3aed55b115d) C:\windows\system32\DRIVERS\XAudio32.sys
2011/08/25 22:53:34.0150 1496 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/08/25 22:53:34.0166 1496 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/25 22:53:34.0181 1496 Boot (0x1200) (3229cee7e45194d06eade1230a271503) \Device\Harddisk0\DR0\Partition0
2011/08/25 22:53:34.0181 1496 ================================================================================
2011/08/25 22:53:34.0181 1496 Scan finished
2011/08/25 22:53:34.0181 1496 ================================================================================
2011/08/25 22:53:34.0197 4980 Detected object count: 1
2011/08/25 22:53:34.0197 4980 Actual detected object count: 1
2011/08/25 22:53:44.0680 4980 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/25 22:53:44.0680 4980 \Device\Harddisk0\DR0 - ok
2011/08/25 22:53:44.0680 4980 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/25 22:53:56.0411 0572 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 25 August 2011 - 11:15 PM

Very well :)

Re-run MBAM quick scan and post new log.

Then....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 26 August 2011 - 07:35 AM

Mbam & Link info below:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7552

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/26/2011 12:04:27 AM
mbam-log-2011-08-26 (00-04-27).txt

Scan type: Quick scan
Objects scanned: 173839
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\temp\jar_cache2916922628810110209.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\temp\jar_cache6406159278154910919.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\temp\jar_cache6724119390038289250.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\temp\0.03953375926238123.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\temp\0.32878274151738807.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\temp\0.34429804153207977.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\temp\0.8918727900101792.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F438000 C:\windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C39000 C:\windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C39000 PnpManager 4268032 bytes
0x82C39000 RAW 4268032 bytes
0x82C39000 WMIxWDM 4268032 bytes
0x90216000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x92D40000 Win32k 2416640 bytes
0x92D40000 C:\windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8901F000 C:\windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x88C14000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8EA2A000 C:\windows\system32\DRIVERS\rtl8192se.sys 1130496 bytes (Realtek Semiconductor Corporation , Realtek RTL81892SE NDIS Driverr)
0x8FE9F000 C:\windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E200000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x88A07000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8FA5F000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88E13000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x90537000 C:\windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x83308000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAC41B000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x91887000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83228000 C:\windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8881B000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB9830000 C:\windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8E750000 C:\windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88D81000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E62C000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAC567000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xAC4F7000 C:\windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92C00000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8FB5A000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8895C000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8889A000 C:\windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88B65000 C:\windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x88F2D000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x9181E000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FE4A000 C:\windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832C6000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E6EF000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x891A3000 C:\windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88ECA000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x904FA000 C:\windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x833C1000 C:\windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x9195A000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FB16000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C02000 ACPI_HAL 225280 bytes
0x82C02000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88B20000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FE08000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8EB6D000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88FA1000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x88BAC000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89169000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x904B2000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88F74000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88D43000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x888F3000 C:\windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x889D2000 C:\windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x88FD3000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88F08000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8FFB8000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x88AEA000 C:\windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91937000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8FBD3000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAC4BC000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E7DA000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E33D000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAC547000 C:\windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8E2F8000 C:\windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FBB4000 C:\windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E68D000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x92FD0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x88BDE000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x91995000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x83200000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9190C000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x904E1000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8E7B4000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EB48000 C:\windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8EA00000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F400000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F418000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E3D0000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E3AD000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8FFA1000 C:\windows\system32\drivers\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x889A7000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x90200000 C:\windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88D6E000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91874000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E6CB000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88800000 00000096 73728 bytes
0x8EBE1000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E60F000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x91925000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88800000 C:\windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8E39C000 C:\windows\system32\DRIVERS\avgfwd6x.sys 69632 bytes (AVG Technologies CZ, s.r.o., AVG Filter Driver)
0x89008000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E2DA000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88B54000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FE8E000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88928000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832AD000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E6DE000 C:\windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8E6AC000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8E3E7000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x891EF000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91864000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8894C000 C:\windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FBA5000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E7CC000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E6BD000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E38E000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x889C4000 C:\windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88DDE000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FE3C000 C:\windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8888C000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x833B3000 C:\windows\System32\drivers\wrjp.sys 57344 bytes
0x8EBBF000 C:\windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8FFEE000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EB60000 C:\windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EBD4000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8EBA2000 C:\windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xAC4DD000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E35E000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E317000 C:\windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8E744000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8E3C4000 C:\windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8E331000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88941000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x905F2000 C:\windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8E2EB000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8FFE3000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8E383000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EA18000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FB4F000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8891D000 C:\windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8FBF5000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88B0D000 C:\windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E73A000 C:\windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E730000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8EBF3000 C:\windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xAC4B2000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EBAF000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x8EB3E000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x88B17000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xB989A000 C:\windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88AE1000 C:\windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB98AC000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88DEC000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x92FA0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8919A000 C:\windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x888E2000 C:\windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832BE000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88939000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8E607000 C:\windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x89000000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB3000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x888EB000 C:\windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E36B000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E373000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E37B000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8EBCC000 C:\windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x891E7000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAC4EA000 C:\windows\system32\DRIVERS\XAudio32.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x88FF8000 C:\windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8E32A000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FFDC000 C:\windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8E323000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x889BD000 C:\windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8EA23000 C:\windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8E600000 C:\windows\system32\DRIVERS\TVALZFL.sys 28672 bytes (TOSHIBA Corporation, TOSHIBA TVALZ Filter Driver)
0x8E686000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8EBB9000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x905EC000 C:\windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)
0xAC4F2000 C:\windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x891E2000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x89019000 C:\windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x919C8000 C:\windows\system32\DRIVERS\AVGIDSShim.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8E621000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x919CC000 C:\windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8EBFD000 C:\windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EBA0000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 26 August 2011 - 03:51 PM

How is computer doing?

You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG, use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

You seem to have "hosts" file missing.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 28 August 2011 - 12:37 AM

Sorry for the slow follow-up...our daughter's last weekend before going off to college. A bit distracted. Used the tool to uninstall Norton. But SystemLook would not run. Error message "Script Required" when I click on Look.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 28 August 2011 - 11:22 AM

That because you didn't paste my script :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 28 August 2011 - 05:49 PM

Dah!!

SystemLook 30.07.11 by jpshortstuff
Log created at 17:48 on 28/08/2011 by Michael
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
lmhosts.sam --a---- 3683 bytes [02:05 14/07/2009] [21:39 10/06/2009]
networks --a---- 407 bytes [02:04 14/07/2009] [21:39 10/06/2009]
protocol --a---- 1358 bytes [02:04 14/07/2009] [21:39 10/06/2009]
services --a---- 17463 bytes [02:04 14/07/2009] [21:39 10/06/2009]

---Folders---
None found.

-= EOF =-

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 28 August 2011 - 05:54 PM

Did you uninstall one of AV programs?

We'll fix your "hosts" file now...

Open Notepad.
Paste the following text into it:

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image


Post new System Look log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 28 August 2011 - 06:35 PM

New SystemLook log:


SystemLook 30.07.11 by jpshortstuff
Log created at 18:32 on 28/08/2011 by Michael
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 760 bytes [23:27 28/08/2011] [23:27 28/08/2011]
lmhosts.sam --a---- 3683 bytes [02:05 14/07/2009] [21:39 10/06/2009]
networks --a---- 407 bytes [02:04 14/07/2009] [21:39 10/06/2009]
protocol --a---- 1358 bytes [02:04 14/07/2009] [21:39 10/06/2009]
services --a---- 17463 bytes [02:04 14/07/2009] [21:39 10/06/2009]

---Folders---
None found.

-= EOF =-

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:48 AM

Posted 28 August 2011 - 06:39 PM

Good :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Otown

Otown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 28 August 2011 - 06:57 PM

Computer seems to be working pretty good. Not getting redirects each time I click on a Google search result. That was happening before your assistance. Also, have not seen a virus warning pop up recently. ESET report in next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users