Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer after removing Zenton System guard


  • Please log in to reply
9 replies to this topic

#1 gage52

gage52

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 September 2011 - 10:13 PM

Hi I'm looking to get some help solving an issue I'm having with my computer. I had an issue a few days ago when a new program Zenton System Guard appeared. I followed the instructions on this site to get rid of the program. After running Malwarebytes and restarting the computer it looked like all was fixed then phase 2 started.

Phase 2 looks like this. I have2 windows that won't close one called helperMsgListner (it won't allow me to bring the window up)and one that is interactive services dialog detection stating that a program may need information or permission to complete a task. I'm also getting random pop ups in internet explorer for random ads. Right now my computer is running very slow and sometimes needs to be rebooted just to use it again. I'm also getting windows that seem to be attempting to open. They flash on the screen and then disappear again.


Any help would be appreciated.

thanks

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 12 September 2011 - 11:12 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 gage52

gage52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 13 September 2011 - 12:34 AM

Security Check log:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````





Mini Tool box:

MiniToolBox by Farbar
Ran by Richard (administrator) on 13-09-2011 at 00:36:03
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Richard-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1F-3A-D5-18-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-16-44-CB-32-13
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::da6:1d1f:6d4d:12d3%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : September-12-11 10:55:21 PM
Lease Expires . . . . . . . . . . : September-19-11 10:55:22 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201332292
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-0B-D1-0C-00-21-70-72-D9-38
DNS Servers . . . . . . . . . . . : 64.71.255.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cgocable.net
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-70-72-D9-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{83FC9FF9-76D4-4330-9F7C-6161D134E4B8}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c82:13af:3f57:fff5(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c82:13af:3f57:fff5%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{08C6DA3A-9CB9-4A4C-AC63-7E8DA0529CA8}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cgocable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: google.com
Addresses: 74.125.91.103
74.125.91.99
74.125.91.104
74.125.91.147
74.125.91.105
74.125.91.106



Pinging google.com [74.125.91.147] with 32 bytes of data:

Reply from 74.125.91.147: bytes=32 time=45ms TTL=52

Reply from 74.125.91.147: bytes=32 time=45ms TTL=52



Ping statistics for 74.125.91.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 45ms, Average = 45ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=71ms TTL=53

Reply from 209.191.122.70: bytes=32 time=75ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 75ms, Average = 73ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
14 ...00 1f 3a d5 18 b8 ...... Bluetooth Device (Personal Area Network)
12 ...00 16 44 cb 32 13 ...... Dell Wireless 1397 WLAN Mini-Card
11 ...00 21 70 72 d9 38 ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.{83FC9FF9-76D4-4330-9F7C-6161D134E4B8}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{08C6DA3A-9CB9-4A4C-AC63-7E8DA0529CA8}
15 ...00 00 00 00 00 00 00 e0 isatap.cgocable.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 281
192.168.0.10 255.255.255.255 On-link 192.168.0.10 281
192.168.0.255 255.255.255.255 On-link 192.168.0.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:1c82:13af:3f57:fff5/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
12 281 fe80::da6:1d1f:6d4d:12d3/128
On-link
10 266 fe80::1c82:13af:3f57:fff5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2011 00:18:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2011 00:15:35 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc000071b, fault offset 0x00088d15,
process id 0x48c, application start time 0xsvchost.exe0.

Error: (09/12/2011 11:23:40 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19120, time stamp 0x4e2a9406, faulting module YontooIEClient_2.dll, version 1.10.1.0, time stamp 0x4e1fc62d, exception code 0xc0000005, fault offset 0x0001e871,
process id 0x1c8c, application start time 0xiexplore.exe0.

Error: (09/12/2011 10:56:34 PM) (Source: SupportSoft Agent) (User: )
Description: No provider ID specified.

Error: (09/12/2011 10:56:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 09:03:39 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19120, time stamp 0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000374, fault offset 0x000b06fc,
process id 0x17c0, application start time 0xiexplore.exe0.

Error: (09/12/2011 06:33:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 06:30:16 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc000071b, fault offset 0x00088d15,
process id 0x3cc, application start time 0xsvchost.exe0.

Error: (09/12/2011 06:11:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 06:06:40 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc000071b, fault offset 0x00088d15,
process id 0xca4, application start time 0xsvchost.exe0.


System errors:
=============
Error: (09/13/2011 00:18:14 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (09/13/2011 00:18:14 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (09/12/2011 10:56:09 PM) (Source: Service Control Manager) (User: )
Description: 30000Plug Manager

Error: (09/12/2011 10:56:09 PM) (Source: Service Control Manager) (User: )
Description: 30000MouseDriver

Error: (09/12/2011 10:56:09 PM) (Source: Service Control Manager) (User: )
Description: 30000Local Account Authority Service

Error: (09/12/2011 10:54:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:52:57 PM on 12/09/2011 was unexpected.

Error: (09/12/2011 06:20:18 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (09/12/2011 06:13:04 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (09/12/2011 04:46:11 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (09/12/2011 04:24:29 PM) (Source: Service Control Manager) (User: )
Description: 30000Plug Manager


Microsoft Office Sessions:
=========================
Error: (09/13/2011 00:18:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2011 00:15:35 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.183274cb73436c000071b00088d1548c01cc71c082980788

Error: (09/12/2011 11:23:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.191204e2a9406YontooIEClient_2.dll1.10.1.04e1fc62dc00000050001e8711c8c01cc71c467cca3de

Error: (09/12/2011 10:56:34 PM) (Source: SupportSoft Agent)(User: )
Description: No provider ID specified.

Error: (09/12/2011 10:56:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 09:03:39 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.191204e2a9406ntdll.dll6.0.6002.183274cb73436c0000374000b06fc17c001cc71b0f76e6d7b

Error: (09/12/2011 06:33:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 06:30:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.183274cb73436c000071b00088d153cc01cc719888fe9c5b

Error: (09/12/2011 06:11:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2011 06:06:40 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.183274cb73436c000071b00088d15ca401cc718cdd6c4fb5


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe AIR (Version: 2.5.0.16600)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Advanced Audio FX Engine
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
AuthenTec Fingerprint System (Version: 8.0.14.4)
AviSynth 2.5
Bit Che (Version: 1.0)
BitTorrent
BitTorrentBar Toolbar (Version: 6.2.7.3)
BlackBerry App World Browser Plugin (Version: 2.0.0)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
Bonjour (Version: 2.0.3.0)
BufferChm (Version: 130.0.331.000)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conduit Engine (Version: )
D1600 (Version: 130.0.373.000)
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 7.1.104.2)
Dell Video Chat (remove only) (Version: 6.0 (6515))
Dell Webcam Central
Dell Wireless WLAN Card Utility (Version: 4.170.75.0)
DeviceDiscovery (Version: 130.0.372.000)
Digital Line Detect (Version: 1.21)
DigitalPersona Personal 3.0.1 (Version: 3.0.1)
DJ_SF_06_D1600_SW_Min (Version: 130.0.373.000)
DVD Decrypter (Remove Only)
EDocs
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Integrated Webcam Driver (1.00.08.0216)
Intel® Matrix Storage Manager
ITECIR Driver (Version: 1.00.000)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.5.0)
Modem Diagnostics Tool (Version: 1.0.22.0)
Mozilla Firefox 6.0.2 (x86 en-GB) (Version: 6.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.45)
PQ DVD to iPod Video Suite (remove only)
QuickTime (Version: 7.69.80.9)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Samsung PC Studio (Version: 3.0.0.60704)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 4.0 (Version: 4.0.206)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Videora iPod touch Converter 6 (Version: 6)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.7 (Version: 1.1.7)
WebReg (Version: 130.0.132.017)
WIDCOMM Bluetooth Software 6.1.0.4400 (Version: 6.1.0.4400)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 2037.24 MB
Available physical RAM: 421.13 MB
Total Pagefile: 4315.74 MB
Available Pagefile: 2120.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.41 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:20.75 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.87 GB) NTFS

========================= Users: ========================================

User accounts for \\RICHARD-PC

Administrator Guest Mcx1
Richard


**** End of log ****





MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7681

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

13/09/2011 1:02:57 AM
mbam-log-2011-09-13 (01-02-57).txt

Scan type: Quick scan
Objects scanned: 232291
Time elapsed: 25 minute(s), 2 second(s)

Memory Processes Infected: 103
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 19
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 38

Memory Processes Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\begar2x.exe (Trojan.LVBP) -> 2568 -> Unloaded process successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\begar2x.exe (Trojan.LVBP) -> 3228 -> Unloaded process successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\lssas.exe (Backdoor.Bot) -> 3100 -> Unloaded process successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\lssas.exe (Backdoor.Bot) -> 3348 -> Unloaded process successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\manager.exe (Backdoor.Bot) -> 3360 -> Unloaded process successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\manager.exe (Backdoor.Bot) -> 3816 -> Unloaded process successfully.
c:\program files\iTunes\ituneshelper.exe (Trojan.LVBP) -> 3632 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3624 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4700 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5028 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5652 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3132 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5256 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5376 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5156 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5664 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 2116 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5908 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3184 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4228 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 1240 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3084 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 156 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5520 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5488 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5480 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 276 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 2640 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3000 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6128 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5192 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4976 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3828 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5764 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5036 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6636 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7732 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3424 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6408 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7688 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4140 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 2600 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6148 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6940 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4120 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7876 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5956 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3160 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7676 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6616 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6768 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7036 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 2800 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3644 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7044 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6072 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7400 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6924 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4256 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3340 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6528 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5672 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7648 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7028 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 8020 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3860 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 4928 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7468 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 1280 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6568 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6956 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5500 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6792 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6652 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6376 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6256 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7512 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 8040 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7436 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 8024 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7156 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 2696 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6992 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 8168 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 3764 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7548 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7216 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7872 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6692 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7024 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 1224 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 6920 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 5916 -> Unloaded process successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> 7452 -> Unloaded process successfully.
c:\program files\digitalpersona\Bin\dpagent.exe (Trojan.LVBP) -> 2148 -> Unloaded process successfully.
c:\program files\common files\research in motion\usb drivers\rimbblaunchagent.exe (Trojan.LVBP) -> 680 -> Unloaded process successfully.
c:\program files\spybot - search & destroy\TeaTimer.exe (Trojan.LVBP) -> 2184 -> Unloaded process successfully.
c:\program files\dell support center\bin\sprtcmd.exe (Trojan.LVBP) -> 2168 -> Unloaded process successfully.
c:\program files\common files\Apple\mobile device support\applesyncnotifier.exe (Trojan.LVBP) -> 1628 -> Unloaded process successfully.
c:\program files\common files\Adobe\ARM\1.0\AdobeARM.exe (Trojan.LVBP) -> 2552 -> Unloaded process successfully.
c:\program files\DellTPad\Apoint.exe (Trojan.LVBP) -> 900 -> Unloaded process successfully.
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe (Trojan.LVBP) -> 364 -> Unloaded process successfully.
c:\program files\quicktime\QTTask .exe (Trojan.LVBP) -> 4212 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCAL ACCOUNT AUTHORITY SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\27s1 (Trojan.LVBP) -> Value: 27s1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Account Service (Backdoor.Bot) -> Value: Local Account Service -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Plug Manager (Backdoor.Bot) -> Value: Plug Manager -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper (Trojan.LVBP) -> Value: iTunesHelper -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DpAgent (Trojan.LVBP) -> Value: DpAgent -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\RESEARCH IN MOTION\USB DRIVERS\RIMBBLAUNCHAGENT.EXE (Trojan.LVBP) -> Value: RIMBBLAUNCHAGENT.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RIMBBLaunchAgent.exe (Trojan.LVBP) -> Value: RIMBBLaunchAgent.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer (Trojan.LVBP) -> Value: SpybotSD TeaTimer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dellsupportcenter (Trojan.LVBP) -> Value: dellsupportcenter -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppleSyncNotifier (Trojan.LVBP) -> Value: AppleSyncNotifier -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe ARM (Trojan.LVBP) -> Value: Adobe ARM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Apoint (Trojan.LVBP) -> Value: Apoint -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher (Trojan.LVBP) -> Value: Adobe Reader Speed Launcher -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTime Task (Trojan.LVBP) -> Value: QuickTime Task -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Value: win -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Value: init -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\begar2x.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\iTunes\ituneshelper.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\quicktime\QTTask.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\digitalpersona\Bin\dpagent.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\common files\research in motion\usb drivers\rimbblaunchagent.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\TeaTimer.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\dell support center\bin\sprtcmd.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\common files\Apple\mobile device support\applesyncnotifier.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\common files\Adobe\ARM\1.0\AdobeARM.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\DellTPad\Apoint.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\program files\quicktime\QTTask .exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\System32\nwsapagents.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0c25nfd9.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0z3sx2dwv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\2w6d11si1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\5b3pvwvye.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\aqp8v7y0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\j9diuccn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\m7iv9mib.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\ouvuxnin8.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\qalycqme0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\t9y596eqr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\vfq3huqj5.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\wd9tvhvz.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\wygz62fdt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\xbfkdz56.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\temp\5608.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\amxwrocsne.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\temp\pypowy\setup.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\temp\reyrle\setup.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\temp\uuamlr\setup.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\Fonts\cyc4invd2.com (Malware.Generic) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\localaccountauthority.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Plug.bat (Trojan.Agent) -> Quarantined and deleted successfully.




GMER:

Whenever I run this program it crashes.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 13 September 2011 - 02:16 PM

I don't see any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
Update, run full scan, report on any findings.

====================================================================

Instead of GMER...
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=============================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 gage52

gage52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 17 September 2011 - 09:42 AM

I ran an avast scan
there was approx 21 threats that were found and deleted (couldn't find a way to post the log on here)




RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8BC06000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82850000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82850000 PnpManager 3907584 bytes
0x82850000 RAW 3907584 bytes
0x82850000 WMIxWDM 3907584 bytes
0x96AB0000 Win32k 2113536 bytes
0x96AB0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C60A000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1216512 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x88804000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8300A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83209000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB7403000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D31D000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x82E06000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAAE44000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C2C1000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8330E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CD5A000 C:\Windows\System32\Drivers\ATSwpWDF.sys 544768 bytes (AuthenTec, Inc., AuthenTec Swipe Sensor WDF USB Driver Prototype)
0xB74F8000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0xB7800000 C:\Windows\system32\drivers\btwaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB4D66000 C:\Windows\system32\drivers\btwavdt.sys 462848 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x82F18000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80603000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8CE0E000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x80403000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAAF4B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8CC52000 C:\Windows\system32\DRIVERS\stwrt.sys 401408 bytes (IDT, Inc., IDT PC Audio)
0x8317B000 C:\Windows\system32\DRIVERS\itecir.sys 360448 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0x8339B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB4CD7000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8D25D000 C:\Windows\System32\Drivers\aswSP.SYS 315392 bytes (AVAST Software, avast! self protection module)
0x8072B000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CF7D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80682000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D2AA000 C:\Windows\system32\DRIVERS\OA001Vid.sys 274432 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x8048C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x82FB8000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C378000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D200000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x83140000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB4C5E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88914000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAAE09000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8C733000 C:\Windows\system32\DRIVERS\k57nd60x.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x8CC0C000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8281D000 ACPI_HAL 208896 bytes
0x8281D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB78A4000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82ECD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CF37000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x82F89000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8CCB4000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C3C5000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x83115000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x805AD000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAAF04000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xB7584000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xB4D3E000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB4CAF000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88964000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806D9000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CCE1000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x80785000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D2ED000 C:\Windows\system32\DRIVERS\OA001Ufd.sys 143360 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x8899C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8CD06000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xB4C1E000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8CEC3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB4C3F000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAAFB8000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x805E4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xB75B7000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8C786000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAAFD5000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x889DA000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB4C97000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D246000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x831D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CE89000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB78DF000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8CFCC000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8CF16000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xB4C09000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807CB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807B7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C7B1000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8CF69000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C7C5000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAAF38000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CDDF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8898B000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CC41000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80473000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C7A0000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x82EFF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CD32000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAAEF4000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80775000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C768000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x807E0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0xB75D1000 C:\Windows\system32\DRIVERS\bthmodem.sys 61440 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x8C3F1000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D3EE000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88955000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80700000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x807A8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C3B6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C778000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96CF0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x807F0000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8CFE2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CEFF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80674000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB74EB000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8D310000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x833ED000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x805D7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB7578000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xB7898000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8CEB7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C361000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8CF2C000 C:\Windows\System32\Drivers\aswTdi.SYS 45056 bytes (AVAST Software, avast! TDI Filter Driver)
0x8CD27000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8C7E3000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C7D8000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CEF4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x831EA000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x889F2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xB788D000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x889C6000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C36D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80712000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0xB75AD000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0xB7880000 C:\Windows\system32\DRIVERS\btwl2cap.sys 40960 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x8D3E4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x831F5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAAF2E000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D23C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB74E1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB78F5000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x889BD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CEA0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8CE7E000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8CD49000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82F0F000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8CF0D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96CD0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x889D1000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C600000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806C8000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB78D7000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver)
0x80484000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8CD52000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CEE4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CEEC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C7F8000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8894D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8CFC5000 C:\Windows\System32\Drivers\aswRdr.SYS 28672 bytes (AVAST Software, avast! TDI RDR Driver)
0x8CEB0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CD42000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8CEA9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83200000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8C7EE000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8CFF0000 C:\Windows\System32\Drivers\StarOpen.SYS 24576 bytes
0x8C7F4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAAE41000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB788A000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8070F000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x87346000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8BC00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CE87000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x8731835B Unknown page with executable code, 3237 bytes
0x87314162 Unknown page with executable code, 3742 bytes
0x873140F9 Unknown thread object [ ETHREAD 0x877A8D78 ] TID: 316, 600 bytes
0x87B31B90 Unknown thread object [ ETHREAD 0x87A53D78 ] TID: 388, 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/16/2011 at 01:32 AM

Application Version : 5.0.1118

Core Rules Database Version : 7699
Trace Rules Database Version: 5511

Scan type : Complete Scan
Total Scan Time : 01:41:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 277
Memory threats detected : 0
Registry items scanned : 37131
Registry threats detected : 0
File items scanned : 181952
File threats detected : 9

Rogue.AntiMalwareDoctor
C:\Users\Richard\AppData\Roaming\96F333378365B9A71ED5A124B4C551D1

Trojan.Agent/Gen
C:\PROGRAMDATA\LAGPHT7O.EXE
C:\USERS\RICHARD\APPDATA\LOCAL\TEMP\HKI411.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\CYC4INVD2.COM_
C:\WINDOWS\SYSTEM32\CYC4INVD2.COM_
C:\WINDOWS\TEMP\HKI16715.EXE
C:\WINDOWS\TEMP\HKI20549.EXE
C:\WINDOWS\TEMP\HKI5531.EXE
C:\WINDOWS\TEMP\HKI9273.EXE

Edited by gage52, 17 September 2011 - 09:43 AM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 17 September 2011 - 11:11 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 gage52

gage52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 17 September 2011 - 05:33 PM

2011/09/17 18:19:41.0966 5272 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/17 18:19:42.0302 5272 ================================================================================
2011/09/17 18:19:42.0302 5272 SystemInfo:
2011/09/17 18:19:42.0302 5272
2011/09/17 18:19:42.0302 5272 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/17 18:19:42.0302 5272 Product type: Workstation
2011/09/17 18:19:42.0302 5272 ComputerName: RICHARD-PC
2011/09/17 18:19:42.0303 5272 UserName: Richard
2011/09/17 18:19:42.0303 5272 Windows directory: C:\Windows
2011/09/17 18:19:42.0303 5272 System windows directory: C:\Windows
2011/09/17 18:19:42.0303 5272 Processor architecture: Intel x86
2011/09/17 18:19:42.0303 5272 Number of processors: 2
2011/09/17 18:19:42.0303 5272 Page size: 0x1000
2011/09/17 18:19:42.0303 5272 Boot type: Normal boot
2011/09/17 18:19:42.0303 5272 ================================================================================
2011/09/17 18:19:42.0909 5272 Initialize success
2011/09/17 18:20:48.0891 6224 ================================================================================
2011/09/17 18:20:48.0891 6224 Scan started
2011/09/17 18:20:48.0891 6224 Mode: Manual;
2011/09/17 18:20:48.0891 6224 ================================================================================
2011/09/17 18:20:49.0497 6224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/17 18:20:49.0641 6224 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/17 18:20:49.0705 6224 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/17 18:20:49.0761 6224 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/17 18:20:49.0812 6224 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/17 18:20:49.0942 6224 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/17 18:20:50.0023 6224 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/17 18:20:50.0078 6224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/17 18:20:50.0128 6224 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/17 18:20:50.0183 6224 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/17 18:20:50.0232 6224 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/17 18:20:50.0264 6224 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/17 18:20:50.0300 6224 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/17 18:20:50.0367 6224 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/17 18:20:50.0501 6224 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/17 18:20:50.0553 6224 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/17 18:20:50.0640 6224 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
2011/09/17 18:20:50.0708 6224 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
2011/09/17 18:20:50.0751 6224 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
2011/09/17 18:20:50.0823 6224 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
2011/09/17 18:20:50.0875 6224 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
2011/09/17 18:20:50.0914 6224 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
2011/09/17 18:20:50.0959 6224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/17 18:20:51.0007 6224 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/09/17 18:20:51.0103 6224 ATSwpWDF (6d4bf9538e449d64c5413bc46afcd8ff) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/09/17 18:20:51.0246 6224 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
2011/09/17 18:20:51.0317 6224 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/09/17 18:20:51.0429 6224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/17 18:20:51.0503 6224 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/17 18:20:51.0633 6224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/17 18:20:51.0682 6224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/17 18:20:51.0723 6224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/17 18:20:51.0769 6224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/17 18:20:51.0806 6224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/17 18:20:51.0847 6224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/17 18:20:51.0882 6224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/17 18:20:51.0953 6224 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/17 18:20:51.0994 6224 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/17 18:20:52.0065 6224 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/17 18:20:52.0171 6224 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/17 18:20:52.0267 6224 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/17 18:20:52.0306 6224 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
2011/09/17 18:20:52.0362 6224 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
2011/09/17 18:20:52.0416 6224 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/17 18:20:52.0473 6224 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/17 18:20:52.0537 6224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/17 18:20:52.0603 6224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/17 18:20:52.0651 6224 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/17 18:20:52.0711 6224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/17 18:20:52.0821 6224 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/17 18:20:52.0864 6224 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/17 18:20:52.0893 6224 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/17 18:20:52.0934 6224 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/17 18:20:52.0992 6224 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/17 18:20:53.0080 6224 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/17 18:20:53.0184 6224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/17 18:20:53.0305 6224 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/17 18:20:53.0349 6224 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/17 18:20:53.0449 6224 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/17 18:20:53.0543 6224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/17 18:20:53.0605 6224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/17 18:20:53.0689 6224 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/17 18:20:53.0753 6224 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/17 18:20:53.0840 6224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/17 18:20:53.0928 6224 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/17 18:20:53.0997 6224 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/17 18:20:54.0090 6224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/17 18:20:54.0145 6224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/17 18:20:54.0187 6224 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/17 18:20:54.0254 6224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/17 18:20:54.0282 6224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/17 18:20:54.0316 6224 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/17 18:20:54.0384 6224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/17 18:20:54.0440 6224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/17 18:20:54.0490 6224 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/17 18:20:54.0574 6224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/09/17 18:20:54.0670 6224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/17 18:20:54.0737 6224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/17 18:20:54.0785 6224 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/17 18:20:54.0855 6224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/17 18:20:54.0906 6224 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/17 18:20:54.0985 6224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/17 18:20:55.0041 6224 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/17 18:20:55.0098 6224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/17 18:20:55.0169 6224 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/09/17 18:20:55.0226 6224 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/17 18:20:55.0389 6224 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/17 18:20:55.0503 6224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/17 18:20:55.0581 6224 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/09/17 18:20:55.0632 6224 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/17 18:20:55.0671 6224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/17 18:20:55.0729 6224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/17 18:20:55.0833 6224 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/17 18:20:55.0890 6224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/17 18:20:55.0967 6224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/17 18:20:56.0056 6224 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/17 18:20:56.0130 6224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/17 18:20:56.0177 6224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/17 18:20:56.0233 6224 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/09/17 18:20:56.0281 6224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/17 18:20:56.0342 6224 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/09/17 18:20:56.0400 6224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/17 18:20:56.0450 6224 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/17 18:20:56.0529 6224 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/17 18:20:56.0680 6224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/17 18:20:56.0760 6224 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/17 18:20:56.0813 6224 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/17 18:20:56.0873 6224 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/17 18:20:56.0916 6224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/17 18:20:56.0984 6224 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/17 18:20:57.0050 6224 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/17 18:20:57.0100 6224 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/17 18:20:57.0156 6224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/17 18:20:57.0204 6224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/17 18:20:57.0243 6224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/17 18:20:57.0287 6224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/17 18:20:57.0326 6224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/17 18:20:57.0400 6224 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/17 18:20:57.0454 6224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/17 18:20:57.0503 6224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/17 18:20:57.0558 6224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/17 18:20:57.0624 6224 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/17 18:20:57.0686 6224 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/17 18:20:57.0722 6224 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/17 18:20:57.0769 6224 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/17 18:20:57.0813 6224 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/17 18:20:57.0903 6224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/17 18:20:57.0966 6224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/17 18:20:58.0028 6224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/17 18:20:58.0086 6224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/17 18:20:58.0119 6224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/17 18:20:58.0185 6224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/17 18:20:58.0239 6224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/17 18:20:58.0281 6224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/17 18:20:58.0325 6224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/17 18:20:58.0413 6224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/17 18:20:58.0497 6224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/17 18:20:58.0548 6224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/17 18:20:58.0587 6224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/17 18:20:58.0666 6224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/17 18:20:58.0712 6224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/17 18:20:58.0777 6224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/17 18:20:58.0835 6224 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/17 18:20:58.0919 6224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/17 18:20:58.0969 6224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/17 18:20:59.0020 6224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/17 18:20:59.0113 6224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/17 18:20:59.0179 6224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/17 18:20:59.0227 6224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/17 18:20:59.0267 6224 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/17 18:20:59.0310 6224 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/17 18:20:59.0359 6224 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/17 18:20:59.0500 6224 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2011/09/17 18:20:59.0551 6224 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
2011/09/17 18:20:59.0633 6224 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/17 18:20:59.0739 6224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/17 18:20:59.0796 6224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/17 18:20:59.0840 6224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/17 18:20:59.0908 6224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/17 18:20:59.0957 6224 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/17 18:21:00.0005 6224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/17 18:21:00.0085 6224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/17 18:21:00.0278 6224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/17 18:21:00.0320 6224 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/17 18:21:00.0410 6224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/17 18:21:00.0481 6224 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/17 18:21:00.0572 6224 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/17 18:21:00.0658 6224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/17 18:21:00.0710 6224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/17 18:21:00.0835 6224 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/17 18:21:00.0936 6224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/17 18:21:00.0979 6224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/17 18:21:01.0073 6224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/17 18:21:01.0140 6224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/17 18:21:01.0204 6224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/17 18:21:01.0238 6224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/17 18:21:01.0302 6224 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/17 18:21:01.0335 6224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/17 18:21:01.0416 6224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/17 18:21:01.0503 6224 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/17 18:21:01.0562 6224 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/09/17 18:21:01.0606 6224 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/09/17 18:21:01.0682 6224 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
2011/09/17 18:21:01.0758 6224 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/09/17 18:21:01.0795 6224 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/09/17 18:21:01.0856 6224 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/17 18:21:01.0938 6224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/17 18:21:02.0104 6224 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/17 18:21:02.0146 6224 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/17 18:21:02.0191 6224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/17 18:21:02.0281 6224 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/17 18:21:02.0333 6224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/17 18:21:02.0401 6224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/17 18:21:02.0447 6224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/17 18:21:02.0498 6224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/17 18:21:02.0572 6224 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/17 18:21:02.0612 6224 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/17 18:21:02.0656 6224 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/17 18:21:02.0696 6224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/17 18:21:02.0769 6224 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/17 18:21:02.0808 6224 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/17 18:21:02.0853 6224 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/17 18:21:02.0927 6224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/17 18:21:03.0002 6224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/17 18:21:03.0123 6224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/17 18:21:03.0181 6224 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/17 18:21:03.0249 6224 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/17 18:21:03.0362 6224 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/09/17 18:21:03.0429 6224 STHDA (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
2011/09/17 18:21:03.0529 6224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/17 18:21:03.0591 6224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/17 18:21:03.0644 6224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/17 18:21:03.0700 6224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/17 18:21:03.0839 6224 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/17 18:21:03.0923 6224 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/17 18:21:03.0984 6224 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/17 18:21:04.0022 6224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/17 18:21:04.0063 6224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/17 18:21:04.0108 6224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/17 18:21:04.0163 6224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/17 18:21:04.0264 6224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/17 18:21:04.0305 6224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/17 18:21:04.0383 6224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/17 18:21:04.0433 6224 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/17 18:21:04.0496 6224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/17 18:21:04.0573 6224 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/17 18:21:04.0623 6224 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/17 18:21:04.0678 6224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/17 18:21:04.0728 6224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/17 18:21:04.0772 6224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/17 18:21:04.0819 6224 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/17 18:21:04.0926 6224 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/17 18:21:04.0975 6224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/17 18:21:05.0025 6224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/17 18:21:05.0086 6224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/17 18:21:05.0149 6224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/17 18:21:05.0196 6224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/17 18:21:05.0259 6224 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/17 18:21:05.0305 6224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/17 18:21:05.0360 6224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/17 18:21:05.0451 6224 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/17 18:21:05.0519 6224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/17 18:21:05.0561 6224 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/17 18:21:05.0636 6224 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/17 18:21:05.0676 6224 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/17 18:21:05.0723 6224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/17 18:21:05.0793 6224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/17 18:21:05.0851 6224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/17 18:21:05.0901 6224 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/17 18:21:05.0980 6224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/17 18:21:06.0023 6224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 18:21:06.0058 6224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 18:21:06.0134 6224 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/17 18:21:06.0193 6224 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/17 18:21:06.0199 6224 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
2011/09/17 18:21:06.0211 6224 Wdf01000 - detected Virus.Win32.Rloader.a (0)
2011/09/17 18:21:06.0423 6224 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/17 18:21:06.0550 6224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/17 18:21:06.0617 6224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/17 18:21:06.0705 6224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/17 18:21:06.0839 6224 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/09/17 18:21:06.0852 6224 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/17 18:21:06.0891 6224 Boot (0x1200) (6af87d68435f0ded5254e6b695b199b8) \Device\Harddisk0\DR0\Partition0
2011/09/17 18:21:06.0926 6224 Boot (0x1200) (9da0aea15b1e8358d1386f0ae09d707c) \Device\Harddisk0\DR0\Partition1
2011/09/17 18:21:06.0936 6224 ================================================================================
2011/09/17 18:21:06.0936 6224 Scan finished
2011/09/17 18:21:06.0936 6224 ================================================================================
2011/09/17 18:21:06.0963 5032 Detected object count: 2
2011/09/17 18:21:06.0963 5032 Actual detected object count: 2
2011/09/17 18:21:32.0506 5032 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/17 18:21:32.0510 5032 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
2011/09/17 18:21:38.0456 5032 Backup copy not found, trying to cure infected file..
2011/09/17 18:21:38.0464 5032 Cure success, using it..
2011/09/17 18:21:38.0514 5032 C:\Windows\system32\drivers\Wdf01000.sys - will be cured after reboot
2011/09/17 18:21:38.0514 5032 Virus.Win32.Rloader.a(Wdf01000) - User select action: Cure
2011/09/17 18:21:38.0689 5032 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/17 18:21:38.0690 5032 \Device\Harddisk0\DR0 - ok
2011/09/17 18:21:38.0729 5032 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/17 18:25:59.0893 5568 Deinitialize success

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 17 September 2011 - 05:51 PM

Good :)

Re-run RKUnhooker and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 gage52

gage52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 17 September 2011 - 05:56 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C60B000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8284D000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8284D000 PnpManager 3907584 bytes
0x8284D000 RAW 3907584 bytes
0x8284D000 WMIxWDM 3907584 bytes
0x96200000 Win32k 2113536 bytes
0x96200000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C292000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1216512 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x88809000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8840E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8860D000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB620C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E263000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x82E0F000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x88712000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CCC6000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C205000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D05F000 C:\Windows\System32\Drivers\ATSwpWDF.sys 544768 bytes (AuthenTec, Inc., AuthenTec Swipe Sensor WDF USB Driver Prototype)
0xB6335000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0xB727B000 C:\Windows\system32\drivers\btwaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB720A000 C:\Windows\system32\drivers\btwavdt.sys 462848 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x82F21000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80601000 C:\Windows\system32\drivers\tskB05.tmp 462848 bytes
0x8D16C000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB1604000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8CF8D000 C:\Windows\system32\DRIVERS\stwrt.sys 401408 bytes (IDT, Inc., IDT PC Audio)
0x82F92000 C:\Windows\system32\DRIVERS\itecir.sys 360448 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0x8857F000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB1775000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8E209000 C:\Windows\System32\Drivers\aswSP.SYS 315392 bytes (AVAST Software, avast! self protection module)
0x80729000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DCC1000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80680000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D106000 C:\Windows\system32\DRIVERS\OA001Vid.sys 274432 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80492000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CE01000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CD7D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8DD75000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88544000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB16FC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88919000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E35E000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8C3BB000 C:\Windows\system32\DRIVERS\k57nd60x.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x8CF47000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8281A000 ACPI_HAL 208896 bytes
0x8281A000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7327000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82ED6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DC7B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8079B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x807CA000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x885D1000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x88519000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CEF8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8E3A9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xB63B5000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xB62F4000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB174D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88969000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806D7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x805C9000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CE84000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D149000 C:\Windows\system32\DRIVERS\OA001Ufd.sys 143360 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x8DD4D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x889A1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D00B000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xB16BC000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8DC07000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB16DD000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB1671000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x886F7000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E343000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xB17DC000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8CDD8000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB168E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x80783000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB1735000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DDBB000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CE62000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D0E4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x805B3000 C:\Windows\system32\drivers\31369229.sys 90112 bytes
0xB735A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DD10000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8DC5A000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xB16A7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CECA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CEB6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x887D9000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8DCAD000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x887ED000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8E3DD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DD3A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88990000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CF7C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80479000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x889EC000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x82F08000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D037000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8E399000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80773000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C3F0000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CEE6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0xB63E8000 C:\Windows\system32\DRIVERS\bthmodem.sys 61440 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x82FEA000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8E334000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8895A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x806FE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CEA7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CDBB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CDCA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96440000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8CF22000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8DD26000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8DC43000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80672000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB6328000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8E256000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CE55000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CF3A000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB631C000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xB731B000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8D1F3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CD66000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DC70000 C:\Windows\System32\Drivers\aswTdi.SYS 45056 bytes (AVAST Software, avast! TDI Filter Driver)
0x8D02C000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8C600000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CDF2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8DC38000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CE79000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CE42000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xB7310000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x889D8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CD72000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80710000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0xB63DE000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0xB72FB000 C:\Windows\system32\DRIVERS\btwl2cap.sys 40960 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x8E32A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CF30000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E3D3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8DDB1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB62EA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB7370000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x889C2000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D1DC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D0FD000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D04E000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82F18000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8DC51000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96420000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x889E3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88600000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806C6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB7308000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver)
0x8048A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D057000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806CF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8DC28000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8DC30000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CE4D000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x88952000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8DD09000 C:\Windows\System32\Drivers\aswRdr.SYS 28672 bytes (AVAST Software, avast! TDI RDR Driver)
0x8D1EC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D047000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D1E5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8CEDF000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x88800000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DD6F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8DD34000 C:\Windows\System32\Drivers\StarOpen.SYS 24576 bytes
0x8C200000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8E396000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB7305000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8070D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CEF6000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D0FB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 17 September 2011 - 06:33 PM

Very well :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users