Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen during boot..


  • This topic is locked This topic is locked
20 replies to this topic

#1 StrandedProgress

StrandedProgress

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 31 August 2011 - 11:52 PM

I have been directed here from this forum.

http://www.bleepingcomputer.com/forums/topic416833.html/page__pid__2391973#entry2391973


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Todd at 0:42:36 on 2011-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2912 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Outpost Security Suite *Enabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
SP: Outpost Security Suite *Enabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
StartupFolder: C:\Users\Todd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1098346F-CAF7-446C-B0F1-F4908B18A9D6} : DhcpNameServer = 209.183.35.23 209.183.33.23
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\0516C6D6564747F6845616C64786 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\24257425 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\C696E6B6379737 : DhcpNameServer = 207.230.75.34 207.230.75.50
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\D41607C656C6561666 : DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun-x64: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\eq5e45dp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Todd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Todd\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SandBox;SandBox;\??\C:\Windows\system32\drivers\SandBox64.sys --> C:\Windows\system32\drivers\SandBox64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2011-6-12 3501696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-7 136176]
S2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdwserv.exe [2011-1-11 33960]
S2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys --> C:\Windows\system32\drivers\afwcore.sys [?]
S3 ASWFilt;ASWFilt;\??\C:\Windows\system32\Filt\ASWFilt64.dll --> C:\Windows\system32\Filt\ASWFilt64.dll [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-7 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-23 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\system32\DRIVERS\swnc8u80.sys --> C:\Windows\system32\DRIVERS\swnc8u80.sys [?]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\system32\DRIVERS\swumx80.sys --> C:\Windows\system32\DRIVERS\swumx80.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBEngNT;VBEngNT;\??\C:\Windows\system32\drivers\VBEngNT.sys --> C:\Windows\system32\drivers\VBEngNT.sys [?]
S3 VBFilt;VBFilt;\??\C:\Windows\system32\Filt\VBFilt64.dll --> C:\Windows\system32\Filt\VBFilt64.dll [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-8-24 81920]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-23 98208]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-23 2320920]
.
=============== Created Last 30 ================
.
2011-09-01 04:33:20 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13FF0607-4190-4F6F-91CE-6A8004E6A222}\mpengine.dll
2011-08-30 16:19:50 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-23 19:51:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 19:51:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-15 15:57:55 -------- d-----w- C:\ProgramData\App4rTemp
2011-08-15 15:10:15 186880 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdwdrpp.dll
2011-08-15 15:08:26 109056 ----a-w- C:\Windows\System32\lxdwvs.dll
2011-08-15 15:06:03 3584 ----a-w- C:\Windows\System32\LXDWPMRC.DLL
2011-08-15 15:04:09 489472 ----a-w- C:\Windows\System32\LXDWwupd.dll
2011-08-15 15:04:09 19112 ----a-w- C:\Windows\System32\LXDWwupd.exe
2011-08-15 15:02:59 983121 ----a-w- C:\Windows\System32\lxdwgf.dll
2011-08-15 15:01:19 -------- d-----w- C:\Program Files\Lexmark 7600 Series
2011-08-11 16:26:15 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 16:26:12 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55757EC1-94D1-496D-955E-D6BAC4CEBB36}\gapaengine.dll
2011-08-09 20:05:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-08 21:49:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-02 18:54:48 -------- d-----w- C:\Users\Todd\AppData\Roaming\Sibelius Software
2011-08-02 18:51:43 -------- d-----w- C:\Program Files (x86)\Sibelius Software
.
==================== Find3M ====================
.
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 20:34:27 47104 ----a-w- C:\Windows\System32\SF0ELMON.DLL
2011-07-13 20:34:23 172128 ----a-w- C:\Windows\_isusr32.dll
2011-07-13 20:34:22 45056 ------w- C:\Windows\SysWow64\_isusr2k.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 19:58:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 06:13:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-04-14 01:57:04 225902 --sha-w- C:\Program Files (x86)\soundit.exe
2011-03-27 12:46:34 34816 --sha-w- C:\Program Files (x86)\nircmdc.exe
.
============= FINISH: 0:45:07.93 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 05 September 2011 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416972 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 06 September 2011 - 09:09 AM

My computer is a HP G72 Notebook with a Windows Home Premium 64-Bit OS. During the boot process, after the windows logo appears, there is a black screen with pointer only. The system then reboots in a continuous cycle with the same results.



.
DDS (Ver_2011-06-02.03) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Todd at 9:59:43 on 2011-09-06
.
============== Running Processes ===============
.
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1098346F-CAF7-446C-B0F1-F4908B18A9D6} : DhcpNameServer = 209.183.35.23 209.183.33.23
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\0516C6D6564747F6845616C64786 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\24257425 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\D41607C656C6561666 : DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun-x64: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\eq5e45dp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Todd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Todd\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? acssrv;Agnitum Client Security Service
R? ACT! Scheduler;ACT! Scheduler
R? AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8
R? AdobeARMservice;Adobe Acrobat Update Service
R? AERTFilters;Andrea RT Filters Service
R? afwcore;afwcore
R? ALSysIO;ALSysIO
R? ASWFilt;ASWFilt
R? ATTRcAppSvc;AT&T RcAppSvc
R? btwl2cap;Bluetooth L2CAP Service
R? CAATT;AT&T Con App Svc
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? clwvd;CyberLink WebCam Virtual Driver
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? HPDrvMntSvc.exe;HP Quick Synchronization Service
R? HPWMISVC;HPWMISVC
R? Impcd;Impcd
R? IntcDAud;Intel® Display Audio
R? lxdw_device;lxdw_device
R? lxdwCATSCustConnectService;lxdwCATSCustConnectService
R? MpFilter;Microsoft Malware Protection Driver
R? MpNWMon;Microsoft Malware Protection Network Driver
R? MSSQL$ACT7;SQL Server (ACT7)
R? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? ose64;Office 64 Source Engine
R? osppsvc;Office Software Protection Platform
R? PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtVOsdService;RtVOsdService Installer
R? SandBox;SandBox
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80)
R? SWUMX80;Sierra Wireless USB MUX Driver (UMTS80)
R? TsUsbFlt;TsUsbFlt
R? UNS;Intel® Management & Security Application User Notification Service
R? VBEngNT;VBEngNT
R? VBFilt;VBFilt
R? WSDPrintDevice;WSD Print Support via UMB
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? !SASCORE;SAS Core Service
S? afw;Agnitum Firewall Driver
S? HECIx64;Intel® Management Engine Interface
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2011-09-03 15:37:06 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEFDAC3B-CB37-4E06-9E2C-C41E846A170C}\gapaengine.dll
2011-09-03 15:36:47 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EC6462C-09FE-4B44-A068-1C9CA5E67C1A}\mpengine.dll
2011-08-30 16:19:50 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-15 15:57:55 -------- d-----w- C:\ProgramData\App4rTemp
2011-08-15 15:10:15 186880 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdwdrpp.dll
2011-08-15 15:08:26 109056 ----a-w- C:\Windows\System32\lxdwvs.dll
2011-08-15 15:06:03 3584 ----a-w- C:\Windows\System32\LXDWPMRC.DLL
2011-08-15 15:04:09 489472 ----a-w- C:\Windows\System32\LXDWwupd.dll
2011-08-15 15:04:09 19112 ----a-w- C:\Windows\System32\LXDWwupd.exe
2011-08-15 15:02:59 983121 ----a-w- C:\Windows\System32\lxdwgf.dll
2011-08-15 15:01:19 -------- d-----w- C:\Program Files\Lexmark 7600 Series
2011-08-11 16:26:15 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-09 20:05:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-08 21:49:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
.
==================== Find3M ====================
.
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 20:34:27 47104 ----a-w- C:\Windows\System32\SF0ELMON.DLL
2011-07-13 20:34:23 172128 ----a-w- C:\Windows\_isusr32.dll
2011-07-13 20:34:22 45056 ------w- C:\Windows\SysWow64\_isusr2k.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 19:58:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 06:13:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-04-14 01:57:04 225902 --sha-w- C:\Program Files (x86)\soundit.exe
2011-03-27 12:46:34 34816 --sha-w- C:\Program Files (x86)\nircmdc.exe
.
============= FINISH: 10:02:19.59 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 06 September 2011 - 04:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

The symptoms you describe are definitely rootkit in origin. If you are in a boot loop how are you managing to produce a DDS log? Did you run it in safe mode?
Posted Image
m0le is a proud member of UNITE

#5 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 06 September 2011 - 07:16 PM

Hi m0le,

Pleasure to meet you and thank you for your help!

Yes, I am able to run my computer in safe mode and that is how I posted the prior responses. At the moment I am on my desktop yet have my laptop(infected one) with me.

Edited by StrandedProgress, 06 September 2011 - 07:16 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 07 September 2011 - 04:12 PM

Okay, we'll stay in safe mode and see if we can find the problem.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 07 September 2011 - 10:51 PM

2011/09/07 23:38:49.0403 1068 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/09/07 23:38:49.0676 1068 ================================================================================
2011/09/07 23:38:49.0676 1068 SystemInfo:
2011/09/07 23:38:49.0676 1068
2011/09/07 23:38:49.0676 1068 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/07 23:38:49.0676 1068 Product type: Workstation
2011/09/07 23:38:49.0677 1068 ComputerName: TODD-PC
2011/09/07 23:38:49.0677 1068 UserName: Todd
2011/09/07 23:38:49.0677 1068 Windows directory: C:\Windows
2011/09/07 23:38:49.0677 1068 System windows directory: C:\Windows
2011/09/07 23:38:49.0677 1068 Running under WOW64
2011/09/07 23:38:49.0677 1068 Processor architecture: Intel x64
2011/09/07 23:38:49.0677 1068 Number of processors: 4
2011/09/07 23:38:49.0677 1068 Page size: 0x1000
2011/09/07 23:38:49.0677 1068 Boot type: Safe boot with network
2011/09/07 23:38:49.0677 1068 ================================================================================
2011/09/07 23:38:50.0043 1068 Initialize success
2011/09/07 23:38:54.0490 1808 ================================================================================
2011/09/07 23:38:54.0490 1808 Scan started
2011/09/07 23:38:54.0490 1808 Mode: Manual;
2011/09/07 23:38:54.0490 1808 ================================================================================
2011/09/07 23:38:55.0145 1808 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/07 23:38:55.0254 1808 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/07 23:38:55.0306 1808 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/07 23:38:55.0520 1808 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/07 23:38:55.0595 1808 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/07 23:38:55.0653 1808 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/07 23:38:55.0778 1808 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/07 23:38:55.0894 1808 afw (cbdd7eb1431086a6d56c6f700d98b644) C:\Windows\system32\DRIVERS\afw.sys
2011/09/07 23:38:56.0072 1808 afwcore (c8c34a00c98322b06bed456b13ee4497) C:\Windows\system32\drivers\afwcore.sys
2011/09/07 23:38:56.0141 1808 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/09/07 23:38:56.0220 1808 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/07 23:38:56.0272 1808 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/07 23:38:56.0460 1808 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/07 23:38:56.0506 1808 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/07 23:38:56.0569 1808 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/07 23:38:56.0631 1808 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/07 23:38:56.0709 1808 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/07 23:38:56.0740 1808 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/07 23:38:56.0912 1808 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/07 23:38:56.0990 1808 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/07 23:38:57.0021 1808 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/07 23:38:57.0204 1808 ASWFilt (f9ade16b57293e3dd55d84879cad2a20) C:\Windows\system32\Filt\ASWFilt64.dll
2011/09/07 23:38:57.0319 1808 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/07 23:38:57.0389 1808 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/07 23:38:57.0483 1808 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/07 23:38:57.0521 1808 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/07 23:38:57.0588 1808 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/07 23:38:57.0705 1808 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/07 23:38:57.0776 1808 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/07 23:38:57.0816 1808 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/07 23:38:57.0836 1808 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/07 23:38:57.0889 1808 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/07 23:38:57.0912 1808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/07 23:38:57.0974 1808 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/07 23:38:58.0007 1808 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/07 23:38:58.0072 1808 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/09/07 23:38:58.0181 1808 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/07 23:38:58.0259 1808 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/07 23:38:58.0322 1808 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/09/07 23:38:58.0415 1808 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/07 23:38:58.0493 1808 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
2011/09/07 23:38:58.0618 1808 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/09/07 23:38:58.0681 1808 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/07 23:38:58.0727 1808 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/07 23:38:58.0837 1808 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/07 23:38:58.0886 1808 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/07 23:38:58.0911 1808 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/07 23:38:59.0008 1808 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/07 23:38:59.0134 1808 clwvd (45379507ecc5e406237bff32c7390675) C:\Windows\system32\DRIVERS\clwvd.sys
2011/09/07 23:38:59.0150 1808 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/07 23:38:59.0200 1808 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/07 23:38:59.0303 1808 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/07 23:38:59.0381 1808 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/07 23:38:59.0440 1808 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/07 23:38:59.0591 1808 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/07 23:38:59.0656 1808 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/07 23:38:59.0756 1808 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/07 23:38:59.0817 1808 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/07 23:38:59.0841 1808 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/07 23:38:59.0934 1808 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/07 23:39:00.0090 1808 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/07 23:39:00.0200 1808 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/07 23:39:00.0278 1808 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/07 23:39:00.0371 1808 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/07 23:39:00.0449 1808 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/07 23:39:00.0480 1808 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/07 23:39:00.0574 1808 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/07 23:39:00.0621 1808 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/07 23:39:00.0839 1808 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/07 23:39:00.0886 1808 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/07 23:39:00.0948 1808 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/07 23:39:00.0980 1808 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/07 23:39:01.0042 1808 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/07 23:39:01.0089 1808 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/07 23:39:01.0292 1808 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/07 23:39:01.0338 1808 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/09/07 23:39:01.0401 1808 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/07 23:39:01.0432 1808 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/09/07 23:39:01.0479 1808 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/07 23:39:01.0619 1808 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/07 23:39:01.0650 1808 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/07 23:39:01.0752 1808 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/07 23:39:01.0852 1808 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/07 23:39:02.0100 1808 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/07 23:39:02.0198 1808 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/07 23:39:02.0222 1808 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/07 23:39:02.0310 1808 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/07 23:39:02.0550 1808 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/07 23:39:02.0982 1808 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/07 23:39:03.0388 1808 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/07 23:39:03.0488 1808 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/09/07 23:39:03.0758 1808 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/07 23:39:03.0998 1808 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/09/07 23:39:04.0065 1808 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/07 23:39:04.0149 1808 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/07 23:39:04.0265 1808 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/07 23:39:04.0306 1808 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/07 23:39:04.0371 1808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/07 23:39:04.0424 1808 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/07 23:39:04.0470 1808 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/07 23:39:04.0501 1808 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/07 23:39:04.0533 1808 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/07 23:39:04.0564 1808 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/07 23:39:04.0642 1808 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/09/07 23:39:04.0689 1808 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/07 23:39:04.0720 1808 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/07 23:39:04.0798 1808 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/07 23:39:04.0938 1808 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/07 23:39:04.0985 1808 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/07 23:39:05.0016 1808 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/07 23:39:05.0047 1808 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/07 23:39:05.0079 1808 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/07 23:39:05.0125 1808 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/07 23:39:05.0219 1808 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/07 23:39:05.0250 1808 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/07 23:39:05.0375 1808 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/07 23:39:05.0406 1808 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/07 23:39:05.0484 1808 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/07 23:39:05.0500 1808 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/07 23:39:05.0562 1808 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/07 23:39:05.0640 1808 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/07 23:39:05.0671 1808 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/07 23:39:05.0781 1808 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/07 23:39:05.0843 1808 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/07 23:39:05.0905 1808 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/07 23:39:05.0968 1808 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/07 23:39:06.0030 1808 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/07 23:39:06.0061 1808 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/07 23:39:06.0093 1808 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/07 23:39:06.0139 1808 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/07 23:39:06.0264 1808 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/07 23:39:06.0295 1808 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/07 23:39:06.0331 1808 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/07 23:39:06.0381 1808 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/07 23:39:06.0443 1808 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/07 23:39:06.0467 1808 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/07 23:39:06.0568 1808 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/07 23:39:06.0611 1808 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/07 23:39:06.0699 1808 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/07 23:39:06.0777 1808 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/07 23:39:06.0823 1808 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/07 23:39:06.0885 1808 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/07 23:39:06.0946 1808 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/07 23:39:06.0985 1808 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/07 23:39:07.0036 1808 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/07 23:39:07.0065 1808 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/07 23:39:07.0088 1808 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/07 23:39:07.0147 1808 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/07 23:39:07.0279 1808 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/07 23:39:07.0332 1808 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/07 23:39:07.0535 1808 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/09/07 23:39:07.0706 1808 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/07 23:39:07.0815 1808 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/09/07 23:39:07.0893 1808 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/07 23:39:07.0940 1808 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/07 23:39:08.0034 1808 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/07 23:39:08.0112 1808 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/07 23:39:08.0252 1808 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/07 23:39:08.0283 1808 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/07 23:39:08.0330 1808 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/07 23:39:08.0361 1808 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/07 23:39:08.0471 1808 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/07 23:39:08.0533 1808 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/07 23:39:08.0580 1808 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/07 23:39:08.0705 1808 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/07 23:39:08.0736 1808 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/07 23:39:08.0814 1808 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/09/07 23:39:08.0876 1808 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
2011/09/07 23:39:09.0110 1808 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/07 23:39:09.0141 1808 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/07 23:39:09.0284 1808 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/07 23:39:09.0326 1808 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/07 23:39:09.0398 1808 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/07 23:39:09.0487 1808 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/07 23:39:09.0536 1808 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/07 23:39:09.0629 1808 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/07 23:39:09.0700 1808 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/07 23:39:09.0730 1808 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/07 23:39:09.0781 1808 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/07 23:39:09.0841 1808 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/07 23:39:09.0872 1808 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/07 23:39:09.0893 1808 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/07 23:39:09.0965 1808 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/07 23:39:10.0054 1808 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/07 23:39:10.0080 1808 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/07 23:39:10.0115 1808 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/07 23:39:10.0129 1808 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/07 23:39:10.0207 1808 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/07 23:39:10.0269 1808 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/07 23:39:10.0347 1808 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/07 23:39:10.0581 1808 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/09/07 23:39:10.0613 1808 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/07 23:39:10.0675 1808 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/07 23:39:10.0722 1808 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/07 23:39:10.0815 1808 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/07 23:39:10.0862 1808 rtl8192se (9d2a069a116289a5c0776488007f62be) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/09/07 23:39:11.0041 1808 SandBox (1c20bc6d990a163c88db015cb5317d7e) C:\Windows\system32\drivers\SandBox64.sys
2011/09/07 23:39:11.0122 1808 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/07 23:39:11.0175 1808 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/07 23:39:11.0203 1808 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/07 23:39:11.0269 1808 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/07 23:39:11.0323 1808 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/09/07 23:39:11.0426 1808 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/07 23:39:11.0497 1808 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/07 23:39:11.0518 1808 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/07 23:39:11.0555 1808 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/07 23:39:11.0604 1808 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/07 23:39:11.0627 1808 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/07 23:39:11.0682 1808 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/07 23:39:11.0708 1808 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/07 23:39:11.0791 1808 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/07 23:39:11.0879 1808 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/07 23:39:11.0911 1808 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/07 23:39:11.0943 1808 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/07 23:39:12.0052 1808 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/07 23:39:12.0083 1808 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/07 23:39:12.0114 1808 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/09/07 23:39:12.0161 1808 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/09/07 23:39:12.0270 1808 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/09/07 23:39:12.0301 1808 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/07 23:39:12.0348 1808 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/07 23:39:12.0411 1808 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/07 23:39:12.0473 1808 swmsflt (c03779ec476f8f30a9cfcde046ba6b28) C:\Windows\system32\DRIVERS\swmsflt.sys
2011/09/07 23:39:12.0551 1808 SWNC8U80 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8u80.sys
2011/09/07 23:39:12.0676 1808 SWUMX80 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumx80.sys
2011/09/07 23:39:12.0794 1808 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/07 23:39:12.0910 1808 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/07 23:39:12.0960 1808 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/07 23:39:13.0044 1808 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/07 23:39:13.0079 1808 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/07 23:39:13.0201 1808 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/07 23:39:13.0266 1808 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/07 23:39:13.0316 1808 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/07 23:39:13.0400 1808 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/07 23:39:13.0468 1808 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/07 23:39:13.0500 1808 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/07 23:39:13.0539 1808 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/07 23:39:13.0686 1808 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/07 23:39:13.0774 1808 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/07 23:39:13.0820 1808 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/07 23:39:13.0867 1808 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/07 23:39:13.0992 1808 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/07 23:39:14.0039 1808 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/07 23:39:14.0086 1808 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/09/07 23:39:14.0148 1808 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/07 23:39:14.0257 1808 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/09/07 23:39:14.0288 1808 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/07 23:39:14.0366 1808 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/07 23:39:14.0429 1808 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/07 23:39:14.0476 1808 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/09/07 23:39:14.0528 1808 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/07 23:39:14.0638 1808 VBEngNT (fddf916a3e1e98c5e1dbee380f7fde52) C:\Windows\system32\drivers\VBEngNT.sys
2011/09/07 23:39:14.0699 1808 VBFilt (af6370f45ba18dba70461dbe8731a24e) C:\Windows\system32\Filt\VBFilt64.dll
2011/09/07 23:39:14.0832 1808 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/07 23:39:14.0914 1808 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/07 23:39:14.0933 1808 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/07 23:39:14.0974 1808 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/07 23:39:15.0002 1808 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/07 23:39:15.0035 1808 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/07 23:39:15.0085 1808 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/07 23:39:15.0141 1808 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/07 23:39:15.0180 1808 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/07 23:39:15.0283 1808 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/07 23:39:15.0385 1808 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/07 23:39:15.0418 1808 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/07 23:39:15.0512 1808 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/07 23:39:15.0574 1808 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/07 23:39:15.0606 1808 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/07 23:39:15.0762 1808 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/07 23:39:15.0793 1808 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/07 23:39:15.0855 1808 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/07 23:39:15.0886 1808 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/07 23:39:16.0058 1808 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/07 23:39:16.0183 1808 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/07 23:39:16.0288 1808 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/07 23:39:16.0360 1808 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/09/07 23:39:16.0423 1808 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/07 23:39:16.0453 1808 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/07 23:39:16.0543 1808 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/09/07 23:39:16.0625 1808 MBR (0x1B8) (08f2ff2b9d5138e4b1cb501d71553e5e) \Device\Harddisk0\DR0
2011/09/07 23:39:16.0666 1808 Boot (0x1200) (0c79b191e154ecfea3215bf153e28da9) \Device\Harddisk0\DR0\Partition0
2011/09/07 23:39:16.0680 1808 Boot (0x1200) (159a70b74cfec41db64ba3fb17c1eefc) \Device\Harddisk0\DR0\Partition1
2011/09/07 23:39:16.0721 1808 Boot (0x1200) (8e20637b67bbf47aaf8896762d7e09c7) \Device\Harddisk0\DR0\Partition2
2011/09/07 23:39:16.0738 1808 Boot (0x1200) (51f694d2c2f74b0777f81c0688401ec2) \Device\Harddisk0\DR0\Partition3
2011/09/07 23:39:16.0742 1808 ================================================================================
2011/09/07 23:39:16.0742 1808 Scan finished
2011/09/07 23:39:16.0742 1808 ================================================================================
2011/09/07 23:39:16.0766 0844 Detected object count: 0
2011/09/07 23:39:16.0766 0844 Actual detected object count: 0

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 08 September 2011 - 12:55 PM

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#9 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 September 2011 - 05:26 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-08 18:19:32
-----------------------------
18:19:32.545 OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:32.545 Number of processors: 4 586 0x2502
18:19:32.546 ComputerName: TODD-PC UserName: Todd
18:19:34.008 Initialize success
18:21:46.067 AVAST engine defs: 11090802
18:22:01.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:22:01.619 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
18:22:01.635 Disk 0 MBR read successfully
18:22:01.650 Disk 0 MBR scan
18:22:01.650 Disk 0 unknown MBR code
18:22:01.650 Service scanning
18:22:03.709 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:22:05.129 Modules scanning
18:22:05.129 Disk 0 trace - called modules:
18:22:05.160 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:22:05.160 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b48060]
18:22:05.160 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800492c050]
18:22:08.358 AVAST engine scan C:\Windows
18:22:11.041 AVAST engine scan C:\Windows\system32
18:23:44.621 AVAST engine scan C:\Windows\system32\drivers
18:23:55.270 AVAST engine scan C:\Users\Todd
18:25:20.427 Disk 0 MBR has been saved successfully to "C:\Users\Todd\Desktop\MBR.dat"
18:25:20.427 The log file has been saved successfully to "C:\Users\Todd\Desktop\aswMBR.txt"

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 08 September 2011 - 05:32 PM

We need to check the MBR against the following tool's database

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#11 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 September 2011 - 06:22 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G72 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 157):
0x02C4C000 \SystemRoot\system32\ntoskrnl.exe
0x02C03000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C92000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE1000 \SystemRoot\system32\PSHED.dll
0x00CF5000 \SystemRoot\system32\CLFS.SYS
0x00E1B000 \SystemRoot\system32\CI.dll
0x00EDB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F8E000 \SystemRoot\system32\drivers\ACPI.sys
0x00FE5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FEE000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D53000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00D86000 \SystemRoot\System32\drivers\partmgr.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00D9B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DA7000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x010C1000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011DD000 \SystemRoot\system32\drivers\atapi.sys
0x01000000 \SystemRoot\system32\drivers\ataport.SYS
0x0102A000 \SystemRoot\system32\drivers\msahci.sys
0x01035000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01045000 \SystemRoot\system32\drivers\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x010B0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01217000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014CE000 \SystemRoot\System32\Drivers\msrpc.sys
0x0152C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01547000 \SystemRoot\System32\Drivers\cng.sys
0x015B9000 \SystemRoot\System32\drivers\pcw.sys
0x015CA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01885000 \SystemRoot\System32\drivers\tcpip.sys
0x01A89000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AD3000 \SystemRoot\system32\drivers\volsnap.sys
0x01B27000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B61000 \SystemRoot\System32\Drivers\mup.sys
0x01B73000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B7C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BB6000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BCC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A13000 \SystemRoot\System32\Drivers\Null.SYS
0x02A1C000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A23000 \SystemRoot\System32\drivers\vga.sys
0x02A31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A56000 \SystemRoot\System32\drivers\watchdog.sys
0x02A66000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A6F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02A7A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A8B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02AAD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0180E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x02ABA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01853000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02AC3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0168B000 \SystemRoot\system32\DRIVERS\afw.sys
0x01698000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02CBA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CC6000 \SystemRoot\System32\Drivers\dfsc.sys
0x02CE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02D1B000 \SystemRoot\system32\drivers\usbehci.sys
0x02D2C000 \SystemRoot\system32\drivers\USBPORT.SYS
0x02D82000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03055000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x0317D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0318A000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03436000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x034A6000 \SystemRoot\system32\drivers\i8042prt.sys
0x034C4000 \SystemRoot\system32\drivers\kbdclass.sys
0x034D3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03526000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03528000 \SystemRoot\system32\drivers\mouclass.sys
0x03537000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03588000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03591000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x035A2000 \SystemRoot\system32\drivers\CompositeBus.sys
0x035B2000 \SystemRoot\system32\drivers\mssmbios.sys
0x035BD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x035D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x031C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0340C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03561000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03000000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0301A000 \SystemRoot\system32\drivers\termdd.sys
0x03582000 \SystemRoot\system32\drivers\swenum.sys
0x02DA6000 \SystemRoot\system32\drivers\ks.sys
0x0302E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03040000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00090000 \SystemRoot\System32\win32k.sys
0x03427000 \SystemRoot\System32\drivers\Dxapi.sys
0x02AD9000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00560000 \SystemRoot\System32\drivers\dxg.sys
0x00760000 \SystemRoot\System32\TSDDD.dll
0x00960000 \SystemRoot\System32\framebuf.dll
0x00B00000 \SystemRoot\System32\ATMFD.DLL
0x02B6A000 \SystemRoot\system32\drivers\WudfPf.sys
0x02B8B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x031EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0484A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04966000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04979000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x049CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x049DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02BA8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B2E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0482D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x77220000 \Windows\System32\ntdll.dll
0x47A60000 \Windows\System32\smss.exe
0xFF540000 \Windows\System32\apisetschema.dll
0xFF590000 \Windows\System32\autochk.exe
0xFF460000 \Windows\System32\usp10.dll
0xFF3F0000 \Windows\System32\gdi32.dll
0xFE660000 \Windows\System32\shell32.dll
0xFE640000 \Windows\System32\sechost.dll
0xFE460000 \Windows\System32\setupapi.dll
0x77120000 \Windows\System32\user32.dll
0xFE380000 \Windows\System32\oleaut32.dll
0xFE350000 \Windows\System32\imm32.dll
0xFE2D0000 \Windows\System32\shlwapi.dll
0xFE1C0000 \Windows\System32\msctf.dll
0xFE170000 \Windows\System32\ws2_32.dll
0xFDF10000 \Windows\System32\iertutil.dll
0xFDEF0000 \Windows\System32\imagehlp.dll
0xFDCE0000 \Windows\System32\ole32.dll
0xFDCD0000 \Windows\System32\lpk.dll
0xFDB50000 \Windows\System32\urlmon.dll
0xFDB40000 \Windows\System32\nsi.dll
0xFDAC0000 \Windows\System32\difxapi.dll
0xFD990000 \Windows\System32\wininet.dll
0x77000000 \Windows\System32\kernel32.dll
0x773F0000 \Windows\System32\normaliz.dll
0xFD930000 \Windows\System32\Wldap32.dll
0xFD850000 \Windows\System32\advapi32.dll
0xFD7B0000 \Windows\System32\msvcrt.dll
0xFD710000 \Windows\System32\clbcatq.dll
0xFD670000 \Windows\System32\comdlg32.dll
0xFD540000 \Windows\System32\rpcrt4.dll
0x773E0000 \Windows\System32\psapi.dll
0xFD4D0000 \Windows\System32\KernelBase.dll
0xFD4B0000 \Windows\System32\devobj.dll
0xFD470000 \Windows\System32\cfgmgr32.dll
0xFD430000 \Windows\System32\wintrust.dll
0xFD390000 \Windows\System32\comctl32.dll
0xFD220000 \Windows\System32\crypt32.dll
0xFD210000 \Windows\System32\msasn1.dll

Processes (total 30):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
408 csrss.exe
444 csrss.exe
452 C:\Windows\System32\wininit.exe
484 C:\Windows\System32\winlogon.exe
540 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
820 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
892 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1092 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
1444 C:\Windows\explorer.exe
1552 C:\Windows\System32\ctfmon.exe
1968 C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
1220 C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
1260 C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
1520 C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
1360 C:\Windows\SysWOW64\rundll32.exe
1372 C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
536 C:\Users\Todd\Desktop\MBRCheck.exe
1676 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`d5800000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH003C

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 17617C9D31F6332FE3B7F1FA051657D0ED58E953


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 08 September 2011 - 06:28 PM

Okay, so this is still a possible infection.

Please do the following:

Run MBRCheck again

When prompted, Enter 'Y' and hit ENTER for more options
When you see: "Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit):"

Enter 0 to dump the MBR to the physical disk.

Name the dumped file as dump0.dat

Enter -1 to exit.

Please then locate the files and visit this site and follow the instructions for uploading the file.
Posted Image
m0le is a proud member of UNITE

#13 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 September 2011 - 07:15 PM

is it the dump0.dat file that I will need to upload..where will I find this file?

#14 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 September 2011 - 07:22 PM

I uploaded the dump0.dat fie

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 09 September 2011 - 05:09 PM

That has come up clean but we now need to check offline, to do that we need to boot the system with a Linux program

Try this please. You will also need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users