Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop icons and programs missing


  • This topic is locked This topic is locked
9 replies to this topic

#1 JamieLee7

JamieLee7

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 September 2011 - 01:38 AM

Earlier this evening, a message popped up on my laptop saying that a program needed my permission to continue, I can't remember exactly what program it was now but I believe it said Microsoft something. I tried clicking cancel once and it popped up again, and just thinking it was an update or something I clicked continue. Everything seemed fine, and then I noticed firefox just randomly closed, so I clicked on it again and the tabs I had opened restored themselves and again it was fine for awhile, then firefox closed again and I noticed a majority of my desktop icons had suddenly disappeared, and also the start-up menu program list was empty. I can still get on the internet but if I click on a link on google it redirects to an ad. When I first saw that my desktop icons had disappeared, I ran malwarebytes and it came up showing I was infected with 17 things so I had them removed and restarted my laptop, however after it restarted nothing was back to normal, I've also tried to do 2 system restores, and got an error afterwards saying it didn't work, I also tried loading to my last good configuration which didn't work either. I've tried malwarebytes again but it won't open and if it does it only runs for a few seconds before closing again. If this is a virus I would love to get rid of so any advice would be great, thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:36 AM

Posted 24 September 2011 - 11:20 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JamieLee7

JamieLee7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 September 2011 - 02:24 PM

Thank you for the help.

Here are the results from Security Check:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 22
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````


=================
Here are the results from MiniToolBox:

MiniToolBox by Farbar
Ran by Jamie (administrator) on 24-09-2011 at 15:03:35
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jamie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-5F-26-98-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::395f:dd53:407e:e44c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.33(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 24, 2011 2:58:06 PM
Lease Expires . . . . . . . . . . : Sunday, September 25, 2011 2:58:06 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335391
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-C6-C5-4B-00-22-19-F2-2E-88
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-F2-2E-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.domain.invalid
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:425:38e6:3f57:fede(Preferred)
Link-local IPv6 Address . . . . . : fe80::425:38e6:3f57:fede%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : isatap.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [72.14.204.104] with 32 bytes of data:

Reply from 72.14.204.104: bytes=32 time=66ms TTL=55

Reply from 72.14.204.104: bytes=32 time=66ms TTL=55



Ping statistics for 72.14.204.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 66ms, Maximum = 66ms, Average = 66ms



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=277ms TTL=51

Reply from 98.137.149.56: bytes=32 time=132ms TTL=51



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 132ms, Maximum = 277ms, Average = 204ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 22 5f 26 98 1f ...... Dell Wireless 1397 WLAN Mini-Card
11 ...00 22 19 f2 2e 88 ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.domain.invalid
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.westell.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.33 281
192.168.1.33 255.255.255.255 On-link 192.168.1.33 281
192.168.1.255 255.255.255.255 On-link 192.168.1.33 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.33 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.33 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:425:38e6:3f57:fede/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::425:38e6:3f57:fede/128
On-link
12 281 fe80::395f:dd53:407e:e44c/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2011 03:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x858, application start time 0xnslookup.exe0.

Error: (09/24/2011 03:05:24 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x9e0, application start time 0xnslookup.exe0.

Error: (09/24/2011 02:56:04 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 02:56:04 PM) (Source: LoadPerf) (User: )
Description: 0098

Error: (09/24/2011 02:47:42 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 02:47:42 PM) (Source: LoadPerf) (User: )
Description: 0098

Error: (09/24/2011 02:44:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2011 11:36:39 AM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 11:36:39 AM) (Source: LoadPerf) (User: )
Description: 0098

Error: (09/24/2011 11:24:58 AM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8


System errors:
=============
Error: (09/24/2011 02:44:18 PM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus%%5

Error: (09/24/2011 02:34:33 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:43:35 AM on 9/24/2011 was unexpected.

Error: (09/24/2011 11:14:51 AM) (Source: Service Control Manager) (User: )
Description: Windows FirewallWindows Firewall Authorization Driver%%183

Error: (09/24/2011 11:14:51 AM) (Source: Service Control Manager) (User: )
Description: Windows Firewall Authorization Driver%%183

Error: (09/24/2011 11:14:51 AM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus%%5

Error: (09/24/2011 03:27:17 AM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus%%5

Error: (09/24/2011 02:02:01 AM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus%%5

Error: (09/24/2011 01:58:38 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/24/2011 01:58:38 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/24/2011 01:58:05 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (09/24/2011 03:05:50 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d85801cc7aecf79d1083

Error: (09/24/2011 03:05:24 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d9e001cc7aeca9df0e73

Error: (09/24/2011 02:56:04 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 02:56:04 PM) (Source: LoadPerf)(User: )
Description: 0098

Error: (09/24/2011 02:47:42 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 02:47:42 PM) (Source: LoadPerf)(User: )
Description: 0098

Error: (09/24/2011 02:44:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2011 11:36:39 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (09/24/2011 11:36:39 AM) (Source: LoadPerf)(User: )
Description: 0098

Error: (09/24/2011 11:24:58 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Advanced Audio FX Engine
AIM 7
ATI Catalyst Install Manager (Version: 3.0.715.0)
Banctec Service Agreement (Version: 2.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Full Existing (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Full New (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Light (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Previews Common (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0213.2138.38808)
Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526)
Catalyst Control Center InstallProxy (Version: 2009.0213.2138.38808)
Catalyst Control Center Localization All (Version: 2009.0213.2138.38808)
ccc-core-static (Version: 2009.0213.2138.38808)
ccc-utility (Version: 2009.0213.2138.38808)
CCC Help Chinese Standard (Version: 2009.0213.2137.38808)
CCC Help Chinese Traditional (Version: 2009.0213.2137.38808)
CCC Help Danish (Version: 2009.0213.2137.38808)
CCC Help Dutch (Version: 2009.0213.2137.38808)
CCC Help English (Version: 2009.0213.2137.38808)
CCC Help Finnish (Version: 2009.0213.2137.38808)
CCC Help French (Version: 2009.0213.2137.38808)
CCC Help German (Version: 2009.0213.2137.38808)
CCC Help Italian (Version: 2009.0213.2137.38808)
CCC Help Japanese (Version: 2009.0213.2137.38808)
CCC Help Korean (Version: 2009.0213.2137.38808)
CCC Help Norwegian (Version: 2009.0213.2137.38808)
CCC Help Portuguese (Version: 2009.0213.2137.38808)
CCC Help Russian (Version: 2009.0213.2137.38808)
CCC Help Spanish (Version: 2009.0213.2137.38808)
CCC Help Swedish (Version: 2009.0213.2137.38808)
CCleaner (Version: 3.00)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Dell Edoc Viewer (Version: 1.0.0)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.2.101.209)
Dell Webcam Central
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
DivX Setup (Version: 1.0.1.5)
Download Updater (AOL LLC)
ITECIR Driver (Version: 1.00.000)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 7 (Version: 1.6.0.70)
Live! Cam Avatar Creator (Version: 4.6.1419.1)
Malwarebytes' Anti-Malware
MediaDirect (Version: 4.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 6.0.2 (x86 en-GB) (Version: 6.0.2)
Nancy Drew: Ghost Dogs of Moon Lake
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
Origin (Version: 8.2.1.458)
PowerDVD (Version: 7.0)
QuickSet (Version: 9.2.6)
Skins (Version: 2009.0213.2138.38808)
System Requirements Lab (Version: 4.1.71.0)
The Sims™ 3 (Version: 1.24.3)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.5)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3066.13 MB
Available physical RAM: 2227.83 MB
Total Pagefile: 6334.52 MB
Available Pagefile: 5276.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.61 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:193.25 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.99 GB) NTFS
4 Drive f: (My Passport) (Fixed) (Total:298.02 GB) (Free:164.64 GB) FAT32

========================= Users: ========================================

User accounts for \\JAMIE-PC

Administrator Guest Jamie


**** End of log ****

==========================
I tried running GMER, and it opened just fine but after a couple seconds it just closed, and when I tried to open it again I got the error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions, to access the item. I tried running it in safe mode and got the same error message.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:36 AM

Posted 24 September 2011 - 05:02 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 JamieLee7

JamieLee7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 September 2011 - 06:16 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E40A000 C:\Windows\system32\DRIVERS\atikmdag.sys 4726784 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8260A000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8260A000 PnpManager 3907584 bytes
0x8260A000 RAW 3907584 bytes
0x8260A000 WMIxWDM 3907584 bytes
0x99EB0000 Win32k 2113536 bytes
0x99EB0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E205000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8AC07000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E05000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x80690000 PCI_PNP9818 995328 bytes
0x80690000 C:\Windows\System32\Drivers\span.sys 995328 bytes
0x80690000 sptd 995328 bytes
0x8AA08000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9D601000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x92AA5000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E88C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E938000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80607000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82CEA000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9D20A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F137000 C:\Windows\system32\DRIVERS\stwrt.sys 409600 bytes (IDT, Inc., IDT PC Audio)
0x8AB9D000 C:\Windows\system32\DRIVERS\itecir.sys 360448 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0x8AB4B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x9D37B000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x9A100000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x82C10000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F4D5000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x807B2000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x82D5B000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AB0D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F58B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82F3B000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9D302000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AD17000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes
0x8E34D000 C:\Windows\system32\DRIVERS\k57nd60x.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x8F085000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829C4000 ACPI_HAL 208896 bytes
0x829C4000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82CA8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F522000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x82FBB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x82F76000 C:\Windows\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8F0E5000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F10000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F036000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x92B65000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9D6DF000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x9D353000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92A0E000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0x8AD67000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x805B5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8078C000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8F112000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82DB3000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8AD9F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9D2C2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F4B4000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8F406000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D2E3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82C72000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D277000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AAF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92A70000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8F0CB000 C:\Windows\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0x8E3A0000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9D294000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82FA3000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9D33B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x92A8B000 C:\Windows\system32\drivers\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)
0x8F5D1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82D9C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F467000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9D725000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F554000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F480000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D2AD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F00F000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9D73B000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x82DE5000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E3CB000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8F4A0000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8E3DF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x92B99000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F578000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8AD8E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F0BA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E3BA000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x82CDA000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F1A6000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x92B55000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82C5A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E382000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8F024000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E9EA000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x92A61000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AD58000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x805DC000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82DD6000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E9D0000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82C01000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E392000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9A0F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F060000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8F56A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F442000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82C9A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x92A35000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F078000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80683000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9D711000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F1E5000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E92C000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x92A42000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8F19B000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8E3F2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E9DF000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F437000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82FEA000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8ABF5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8ADEB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E9C5000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8F496000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0x805EB000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x92A4D000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x92A57000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82C90000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8F06E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92B8F000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F5C7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9D707000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9D750000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8ADC0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F1CE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F1BD000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8F450000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9A0D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ADF6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E400000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80783000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82C6A000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9D71D000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F1C6000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807F8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F427000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F42F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AD50000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F1DE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F1B6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8F1D7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8F51D000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0x8E200000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x92AA2000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0x80600000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8703E000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F034000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F47E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x879F8190 00002663 3696 bytes
0x879F8190 unknown_irp_handler 3696 bytes
0x85D221F8 unknown_irp_handler 3592 bytes
0x8718C1F8 unknown_irp_handler 3592 bytes
0x85D201F8 unknown_irp_handler 3592 bytes
0x879BF1F8 unknown_irp_handler 3592 bytes
0x87A321F8 unknown_irp_handler 3592 bytes
0x870391F8 unknown_irp_handler 3592 bytes
0x86FF81F8 unknown_irp_handler 3592 bytes
0x8538F1F8 unknown_irp_handler 3592 bytes
0x870011F8 unknown_irp_handler 3592 bytes
0x85D211F8 unknown_irp_handler 3592 bytes
0x8519A500 unknown_irp_handler 2816 bytes
0x86FBC500 unknown_irp_handler 2816 bytes
0x87A73500 unknown_irp_handler 2816 bytes
0x87D37500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x8AD17000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:36 AM

Posted 24 September 2011 - 08:16 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 JamieLee7

JamieLee7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 September 2011 - 09:04 PM

21:57:16.0776 2864 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
21:57:16.0791 2864 ============================================================
21:57:16.0791 2864 Current date / time: 2011/09/24 21:57:16.0791
21:57:16.0791 2864 SystemInfo:
21:57:16.0791 2864
21:57:16.0791 2864 OS Version: 6.0.6002 ServicePack: 2.0
21:57:16.0791 2864 Product type: Workstation
21:57:16.0791 2864 ComputerName: JAMIE-PC
21:57:16.0807 2864 UserName: Jamie
21:57:16.0807 2864 Windows directory: C:\Windows
21:57:16.0807 2864 System windows directory: C:\Windows
21:57:16.0807 2864 Processor architecture: Intel x86
21:57:16.0807 2864 Number of processors: 2
21:57:16.0807 2864 Page size: 0x1000
21:57:16.0807 2864 Boot type: Normal boot
21:57:16.0807 2864 ============================================================
21:57:18.0554 2864 Initialize success
21:57:22.0329 3992 ============================================================
21:57:22.0329 3992 Scan started
21:57:22.0329 3992 Mode: Manual;
21:57:22.0329 3992 ============================================================
21:57:23.0375 3992 8c2aeb (0e832bf5bc0ce621a188b0fe8282443e) C:\Windows\3945434112:4285781268.exe
21:57:23.0375 3992 Suspicious file (Hidden): C:\Windows\3945434112:4285781268.exe. md5: 0e832bf5bc0ce621a188b0fe8282443e
21:57:23.0375 3992 8c2aeb ( HiddenFile.Multi.Generic ) - warning
21:57:23.0375 3992 8c2aeb - detected HiddenFile.Multi.Generic (1)
21:57:23.0577 3992 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:57:23.0593 3992 ACPI - ok
21:57:23.0952 3992 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:57:23.0999 3992 adp94xx - ok
21:57:24.0264 3992 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:57:24.0264 3992 adpahci - ok
21:57:24.0638 3992 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:57:24.0669 3992 adpu160m - ok
21:57:24.0950 3992 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:57:24.0966 3992 adpu320 - ok
21:57:25.0184 3992 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:57:25.0215 3992 AFD - ok
21:57:25.0309 3992 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:57:25.0325 3992 agp440 - ok
21:57:25.0527 3992 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:57:25.0543 3992 aic78xx - ok
21:57:25.0699 3992 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:57:25.0699 3992 aliide - ok
21:57:25.0886 3992 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:57:25.0902 3992 amdagp - ok
21:57:26.0105 3992 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:57:26.0105 3992 amdide - ok
21:57:26.0339 3992 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:57:26.0339 3992 AmdK7 - ok
21:57:26.0604 3992 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:57:26.0604 3992 AmdK8 - ok
21:57:26.0807 3992 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:57:26.0807 3992 ApfiltrService - ok
21:57:27.0025 3992 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:57:27.0041 3992 arc - ok
21:57:27.0212 3992 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:57:27.0228 3992 arcsas - ok
21:57:27.0321 3992 aswFsBlk (fb6a381c32a87ee6588eed61d22dc03b) C:\Windows\system32\drivers\aswFsBlk.sys
21:57:27.0337 3992 aswFsBlk - ok
21:57:27.0368 3992 aswMonFlt (0fa9908262d640a80813dba3fffcf688) C:\Windows\system32\drivers\aswMonFlt.sys
21:57:27.0368 3992 aswMonFlt - ok
21:57:27.0602 3992 aswRdr (7827f70b86b29fbf112cbce547205acc) C:\Windows\system32\drivers\aswRdr.sys
21:57:27.0602 3992 aswRdr - ok
21:57:27.0805 3992 aswSP (39bf48164a958f4bf0c0ec6cdc447db5) C:\Windows\system32\drivers\aswSP.sys
21:57:27.0805 3992 aswSP - ok
21:57:28.0023 3992 aswTdi (755e4afb683e3306886a0f4df02a1575) C:\Windows\system32\drivers\aswTdi.sys
21:57:28.0023 3992 aswTdi - ok
21:57:28.0304 3992 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:57:28.0320 3992 AsyncMac - ok
21:57:28.0460 3992 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:57:28.0460 3992 atapi - ok
21:57:28.0772 3992 AtiHdmiService (d7672d90ef03d0e2efdb02df5045a359) C:\Windows\system32\drivers\AtiHdmi.sys
21:57:28.0772 3992 AtiHdmiService - ok
21:57:29.0396 3992 atikmdag (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atikmdag.sys
21:57:29.0568 3992 atikmdag - ok
21:57:30.0005 3992 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
21:57:30.0005 3992 BCM42RLY - ok
21:57:30.0363 3992 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:57:30.0379 3992 BCM43XX - ok
21:57:30.0691 3992 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:57:30.0707 3992 Beep - ok
21:57:30.0847 3992 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:57:30.0863 3992 blbdrive - ok
21:57:30.0956 3992 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:57:30.0956 3992 bowser - ok
21:57:31.0019 3992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:57:31.0050 3992 BrFiltLo - ok
21:57:31.0175 3992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:57:31.0175 3992 BrFiltUp - ok
21:57:31.0393 3992 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:57:31.0393 3992 Brserid - ok
21:57:31.0767 3992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:57:31.0799 3992 BrSerWdm - ok
21:57:31.0939 3992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:57:31.0955 3992 BrUsbMdm - ok
21:57:32.0033 3992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:57:32.0064 3992 BrUsbSer - ok
21:57:32.0345 3992 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:57:32.0360 3992 BTHMODEM - ok
21:57:32.0828 3992 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:57:32.0828 3992 cdfs - ok
21:57:33.0093 3992 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:57:33.0125 3992 cdrom - ok
21:57:33.0390 3992 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:57:33.0390 3992 circlass - ok
21:57:33.0655 3992 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:57:33.0702 3992 CLFS - ok
21:57:33.0795 3992 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:57:33.0795 3992 CmBatt - ok
21:57:34.0029 3992 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:57:34.0045 3992 cmdide - ok
21:57:34.0154 3992 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:57:34.0154 3992 Compbatt - ok
21:57:34.0279 3992 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:57:34.0279 3992 crcdisk - ok
21:57:34.0419 3992 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:57:34.0419 3992 Crusoe - ok
21:57:34.0622 3992 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:57:34.0638 3992 DfsC - ok
21:57:35.0028 3992 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:57:35.0028 3992 disk - ok
21:57:35.0340 3992 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:57:35.0387 3992 drmkaud - ok
21:57:35.0855 3992 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:57:35.0870 3992 DXGKrnl - ok
21:57:36.0198 3992 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:57:36.0213 3992 e1express - ok
21:57:36.0463 3992 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:57:36.0510 3992 E1G60 - ok
21:57:36.0681 3992 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:57:36.0728 3992 Ecache - ok
21:57:37.0430 3992 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:57:37.0461 3992 elxstor - ok
21:57:37.0633 3992 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
21:57:37.0633 3992 ErrDev - ok
21:57:38.0023 3992 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:57:38.0039 3992 exfat - ok
21:57:38.0241 3992 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:57:38.0257 3992 fastfat - ok
21:57:38.0491 3992 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:57:38.0491 3992 fdc - ok
21:57:38.0772 3992 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:57:38.0787 3992 FileInfo - ok
21:57:38.0990 3992 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:57:39.0006 3992 Filetrace - ok
21:57:39.0302 3992 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:57:39.0302 3992 flpydisk - ok
21:57:39.0505 3992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:57:39.0630 3992 FltMgr - ok
21:57:40.0285 3992 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:57:40.0301 3992 Fs_Rec - ok
21:57:40.0644 3992 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:57:40.0644 3992 gagp30kx - ok
21:57:40.0847 3992 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:57:40.0878 3992 HdAudAddService - ok
21:57:41.0034 3992 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:57:41.0065 3992 HDAudBus - ok
21:57:41.0221 3992 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:57:41.0221 3992 HidBth - ok
21:57:41.0361 3992 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:57:41.0361 3992 HidIr - ok
21:57:41.0455 3992 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:57:41.0455 3992 HidUsb - ok
21:57:41.0549 3992 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:57:41.0549 3992 HpCISSs - ok
21:57:41.0673 3992 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:57:41.0705 3992 HTTP - ok
21:57:41.0829 3992 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:57:41.0845 3992 i2omp - ok
21:57:42.0219 3992 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:57:42.0251 3992 i8042prt - ok
21:57:42.0641 3992 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:57:42.0687 3992 iaStorV - ok
21:57:42.0968 3992 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:57:42.0984 3992 iirsp - ok
21:57:43.0374 3992 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:57:43.0389 3992 intelide - ok
21:57:43.0499 3992 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:57:43.0514 3992 intelppm - ok
21:57:43.0811 3992 IpInIp - ok
21:57:43.0998 3992 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:57:43.0998 3992 IPMIDRV - ok
21:57:44.0091 3992 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:57:44.0138 3992 IPNAT - ok
21:57:44.0715 3992 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:57:44.0762 3992 IRENUM - ok
21:57:44.0934 3992 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:57:44.0934 3992 isapnp - ok
21:57:45.0261 3992 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:57:45.0261 3992 iScsiPrt - ok
21:57:45.0527 3992 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:57:45.0620 3992 iteatapi - ok
21:57:45.0745 3992 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
21:57:45.0776 3992 itecir - ok
21:57:45.0948 3992 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:57:45.0995 3992 iteraid - ok
21:57:46.0291 3992 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:57:46.0307 3992 k57nd60x - ok
21:57:46.0447 3992 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:57:46.0447 3992 kbdclass - ok
21:57:46.0634 3992 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:57:46.0634 3992 kbdhid - ok
21:57:46.0821 3992 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:57:46.0837 3992 KSecDD - ok
21:57:47.0133 3992 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:57:47.0133 3992 lltdio - ok
21:57:47.0633 3992 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:57:47.0633 3992 LSI_FC - ok
21:57:48.0459 3992 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:57:48.0475 3992 LSI_SAS - ok
21:57:48.0725 3992 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:57:48.0725 3992 LSI_SCSI - ok
21:57:49.0193 3992 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:57:49.0193 3992 luafv - ok
21:57:49.0458 3992 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:57:49.0458 3992 megasas - ok
21:57:49.0801 3992 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:57:49.0895 3992 MegaSR - ok
21:57:50.0222 3992 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:57:50.0238 3992 Modem - ok
21:57:50.0659 3992 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:57:50.0659 3992 monitor - ok
21:57:51.0143 3992 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:57:51.0143 3992 mouclass - ok
21:57:51.0626 3992 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:57:51.0626 3992 mouhid - ok
21:57:51.0938 3992 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:57:51.0985 3992 MountMgr - ok
21:57:52.0266 3992 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:57:52.0281 3992 mpio - ok
21:57:52.0578 3992 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:57:52.0578 3992 mpsdrv - ok
21:57:52.0671 3992 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:57:52.0703 3992 Mraid35x - ok
21:57:52.0796 3992 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:57:52.0796 3992 MRxDAV - ok
21:57:53.0046 3992 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:57:53.0061 3992 mrxsmb - ok
21:57:53.0202 3992 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:57:53.0202 3992 mrxsmb10 - ok
21:57:53.0389 3992 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:57:53.0420 3992 mrxsmb20 - ok
21:57:53.0951 3992 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:57:53.0951 3992 msahci - ok
21:57:54.0122 3992 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:57:54.0153 3992 msdsm - ok
21:57:54.0481 3992 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:57:54.0481 3992 Msfs - ok
21:57:54.0731 3992 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:57:54.0746 3992 msisadrv - ok
21:57:55.0105 3992 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:57:55.0105 3992 MSKSSRV - ok
21:57:55.0214 3992 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:57:55.0230 3992 MSPCLOCK - ok
21:57:55.0511 3992 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:57:55.0511 3992 MSPQM - ok
21:57:55.0682 3992 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:57:55.0698 3992 MsRPC - ok
21:57:55.0854 3992 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:57:55.0854 3992 mssmbios - ok
21:57:55.0979 3992 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:57:55.0979 3992 MSTEE - ok
21:57:56.0181 3992 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:57:56.0181 3992 Mup - ok
21:57:56.0322 3992 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:57:56.0322 3992 NativeWifiP - ok
21:57:56.0525 3992 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:57:56.0540 3992 NDIS - ok
21:57:56.0696 3992 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:57:57.0039 3992 NdisTapi - ok
21:57:57.0133 3992 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:57:57.0133 3992 Ndisuio - ok
21:57:57.0180 3992 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:57:57.0211 3992 NdisWan - ok
21:57:57.0320 3992 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:57:57.0320 3992 NDProxy - ok
21:57:57.0429 3992 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:57:57.0461 3992 NetBIOS - ok
21:57:57.0601 3992 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:57:57.0617 3992 netbt - ok
21:57:57.0757 3992 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:57:57.0773 3992 nfrd960 - ok
21:57:58.0022 3992 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:57:58.0053 3992 Npfs - ok
21:57:58.0365 3992 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:57:58.0412 3992 nsiproxy - ok
21:57:58.0677 3992 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:57:58.0724 3992 Ntfs - ok
21:57:58.0943 3992 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:57:58.0943 3992 ntrigdigi - ok
21:57:59.0208 3992 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:57:59.0208 3992 Null - ok
21:57:59.0270 3992 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:57:59.0301 3992 nvraid - ok
21:57:59.0426 3992 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:57:59.0457 3992 nvstor - ok
21:57:59.0676 3992 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:57:59.0691 3992 nv_agp - ok
21:57:59.0801 3992 NwlnkFlt - ok
21:57:59.0925 3992 NwlnkFwd - ok
21:58:00.0050 3992 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:58:00.0050 3992 ohci1394 - ok
21:58:00.0206 3992 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:58:00.0206 3992 Parport - ok
21:58:00.0300 3992 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:58:00.0300 3992 partmgr - ok
21:58:00.0440 3992 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:58:00.0440 3992 Parvdm - ok
21:58:00.0643 3992 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:58:00.0643 3992 pci - ok
21:58:00.0877 3992 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:58:00.0893 3992 pciide - ok
21:58:01.0111 3992 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:58:01.0111 3992 pcmcia - ok
21:58:01.0423 3992 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:58:01.0470 3992 PEAUTH - ok
21:58:01.0969 3992 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:58:02.0000 3992 PptpMiniport - ok
21:58:02.0312 3992 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:58:02.0328 3992 Processor - ok
21:58:02.0609 3992 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:58:02.0655 3992 PSched - ok
21:58:03.0014 3992 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:58:03.0061 3992 ql2300 - ok
21:58:03.0513 3992 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:58:03.0545 3992 ql40xx - ok
21:58:03.0841 3992 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:58:03.0841 3992 QWAVEdrv - ok
21:58:04.0808 3992 R300 (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atikmdag.sys
21:58:04.0871 3992 R300 - ok
21:58:05.0339 3992 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:58:05.0370 3992 RasAcd - ok
21:58:05.0744 3992 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:05.0775 3992 Rasl2tp - ok
21:58:05.0931 3992 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:05.0931 3992 RasPppoe - ok
21:58:06.0150 3992 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:58:06.0181 3992 RasSstp - ok
21:58:06.0540 3992 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:58:06.0555 3992 rdbss - ok
21:58:06.0649 3992 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:06.0649 3992 RDPCDD - ok
21:58:06.0930 3992 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:58:06.0961 3992 rdpdr - ok
21:58:07.0382 3992 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:58:07.0398 3992 RDPENCDD - ok
21:58:08.0022 3992 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:58:08.0037 3992 RDPWD - ok
21:58:08.0521 3992 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:58:08.0521 3992 rimmptsk - ok
21:58:08.0583 3992 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:58:08.0583 3992 rimsptsk - ok
21:58:08.0693 3992 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:58:08.0693 3992 rismxdp - ok
21:58:08.0927 3992 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:58:08.0942 3992 rspndr - ok
21:58:09.0473 3992 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:58:09.0488 3992 sbp2port - ok
21:58:09.0925 3992 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:58:09.0925 3992 sdbus - ok
21:58:10.0377 3992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:58:10.0409 3992 secdrv - ok
21:58:10.0939 3992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:58:10.0939 3992 Serenum - ok
21:58:11.0345 3992 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:58:11.0345 3992 Serial - ok
21:58:11.0594 3992 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:58:11.0625 3992 sermouse - ok
21:58:11.0813 3992 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:58:11.0844 3992 sffdisk - ok
21:58:12.0265 3992 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:58:12.0265 3992 sffp_mmc - ok
21:58:12.0811 3992 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:58:12.0842 3992 sffp_sd - ok
21:58:12.0951 3992 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:58:12.0951 3992 sfloppy - ok
21:58:13.0185 3992 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:58:13.0201 3992 sisagp - ok
21:58:13.0373 3992 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:58:13.0388 3992 SiSRaid2 - ok
21:58:13.0622 3992 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:58:13.0638 3992 SiSRaid4 - ok
21:58:13.0965 3992 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:58:13.0965 3992 Smb - ok
21:58:14.0371 3992 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:58:14.0387 3992 spldr - ok
21:58:14.0933 3992 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
21:58:14.0933 3992 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:58:14.0948 3992 sptd ( LockedFile.Multi.Generic ) - warning
21:58:14.0948 3992 sptd - detected LockedFile.Multi.Generic (1)
21:58:15.0167 3992 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:58:15.0182 3992 srv - ok
21:58:15.0276 3992 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:58:15.0276 3992 srv2 - ok
21:58:15.0307 3992 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:58:15.0385 3992 srvnet - ok
21:58:15.0697 3992 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
21:58:15.0728 3992 STHDA - ok
21:58:16.0056 3992 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:58:16.0056 3992 swenum - ok
21:58:16.0290 3992 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:58:16.0321 3992 Symc8xx - ok
21:58:16.0493 3992 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:58:16.0493 3992 Sym_hi - ok
21:58:16.0742 3992 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:58:16.0742 3992 Sym_u3 - ok
21:58:17.0132 3992 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
21:58:17.0195 3992 Tcpip - ok
21:58:17.0444 3992 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
21:58:17.0460 3992 Tcpip6 - ok
21:58:17.0694 3992 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:58:17.0741 3992 tcpipreg - ok
21:58:17.0850 3992 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:58:17.0850 3992 TDPIPE - ok
21:58:17.0975 3992 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:58:17.0975 3992 TDTCP - ok
21:58:18.0099 3992 tdx (5077ca83cace262e87bef28cc276e220) C:\Windows\system32\DRIVERS\tdx.sys
21:58:18.0099 3992 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 5077ca83cace262e87bef28cc276e220, Fake md5: 76b06eb8a01fc8624d699e7045303e54
21:58:18.0115 3992 tdx ( ForgedFile.Multi.Generic ) - warning
21:58:18.0115 3992 tdx - detected ForgedFile.Multi.Generic (1)
21:58:18.0193 3992 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:58:18.0193 3992 TermDD - ok
21:58:18.0349 3992 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:58:18.0349 3992 tssecsrv - ok
21:58:18.0458 3992 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:58:18.0458 3992 tunmp - ok
21:58:18.0536 3992 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:58:18.0552 3992 tunnel - ok
21:58:18.0661 3992 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:58:18.0661 3992 uagp35 - ok
21:58:18.0786 3992 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:58:18.0801 3992 udfs - ok
21:58:18.0942 3992 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:58:18.0942 3992 uliagpkx - ok
21:58:19.0223 3992 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:58:19.0254 3992 uliahci - ok
21:58:19.0425 3992 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:58:19.0472 3992 UlSata - ok
21:58:19.0675 3992 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:58:19.0691 3992 ulsata2 - ok
21:58:19.0800 3992 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:58:19.0800 3992 umbus - ok
21:58:20.0003 3992 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:58:20.0003 3992 usbccgp - ok
21:58:20.0143 3992 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:58:20.0174 3992 usbcir - ok
21:58:20.0283 3992 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
21:58:20.0283 3992 usbehci - ok
21:58:20.0424 3992 usbhub (7ae1e0745b06e9dd5df66ede062bacfa) C:\Windows\system32\DRIVERS\usbhub.sys
21:58:20.0455 3992 usbhub - ok
21:58:20.0767 3992 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:58:20.0767 3992 usbohci - ok
21:58:21.0048 3992 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:58:21.0048 3992 usbprint - ok
21:58:21.0188 3992 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:58:21.0188 3992 USBSTOR - ok
21:58:21.0531 3992 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
21:58:21.0563 3992 usbuhci - ok
21:58:21.0890 3992 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:58:21.0921 3992 usbvideo - ok
21:58:22.0046 3992 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:58:22.0046 3992 vga - ok
21:58:22.0436 3992 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:58:22.0467 3992 VgaSave - ok
21:58:22.0733 3992 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:58:22.0764 3992 viaagp - ok
21:58:23.0154 3992 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:58:23.0185 3992 ViaC7 - ok
21:58:23.0310 3992 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:58:23.0325 3992 viaide - ok
21:58:23.0747 3992 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:58:23.0747 3992 volmgr - ok
21:58:24.0090 3992 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:58:24.0090 3992 volmgrx - ok
21:58:24.0573 3992 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
21:58:24.0589 3992 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
21:58:24.0589 3992 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
21:58:24.0698 3992 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:58:24.0729 3992 vsmraid - ok
21:58:24.0885 3992 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:58:24.0901 3992 WacomPen - ok
21:58:25.0119 3992 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:58:25.0119 3992 Wanarp - ok
21:58:25.0135 3992 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:58:25.0135 3992 Wanarpv6 - ok
21:58:25.0572 3992 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:58:25.0587 3992 Wd - ok
21:58:25.0821 3992 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:58:25.0899 3992 Wdf01000 - ok
21:58:26.0165 3992 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:58:26.0165 3992 WmiAcpi - ok
21:58:26.0648 3992 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:58:26.0695 3992 ws2ifsl - ok
21:58:26.0913 3992 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:58:26.0929 3992 WUDFRd - ok
21:58:26.0976 3992 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
21:58:26.0976 3992 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
21:58:26.0976 3992 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
21:58:26.0991 3992 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
21:58:27.0007 3992 \Device\Harddisk1\DR1 - ok
21:58:27.0038 3992 Boot (0x1200) (1b742d9f2391ff6ce6ba5be87cf3ea2d) \Device\Harddisk0\DR0\Partition0
21:58:27.0038 3992 \Device\Harddisk0\DR0\Partition0 - ok
21:58:27.0069 3992 Boot (0x1200) (bd16c8c4297ada7d7f79536e0d90a2e9) \Device\Harddisk0\DR0\Partition1
21:58:27.0085 3992 \Device\Harddisk0\DR0\Partition1 - ok
21:58:27.0085 3992 Boot (0x1200) (b8527e6b4d52ffb8be7a7515e562ec6c) \Device\Harddisk1\DR1\Partition0
21:58:27.0085 3992 \Device\Harddisk1\DR1\Partition0 - ok
21:58:27.0085 3992 ============================================================
21:58:27.0085 3992 Scan finished
21:58:27.0085 3992 ============================================================
21:58:27.0116 2148 Detected object count: 5
21:58:27.0116 2148 Actual detected object count: 5
21:58:52.0326 2148 8c2aeb ( HiddenFile.Multi.Generic ) - skipped by user
21:58:52.0326 2148 8c2aeb ( HiddenFile.Multi.Generic ) - User select action: Skip
21:58:52.0326 2148 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:58:52.0326 2148 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:58:52.0326 2148 tdx ( ForgedFile.Multi.Generic ) - skipped by user
21:58:52.0326 2148 tdx ( ForgedFile.Multi.Generic ) - User select action: Skip
21:58:52.0435 2148 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\volsnap.sys) error 1813
21:58:58.0659 2148 Backup copy found, using it..
21:58:58.0722 2148 C:\Windows\system32\drivers\volsnap.sys - will be cured on reboot
21:58:58.0722 2148 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
21:58:58.0753 2148 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
21:58:58.0753 2148 \Device\Harddisk0\DR0 - ok
21:58:58.0769 2148 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
21:59:12.0949 3608 Deinitialize success

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:36 AM

Posted 24 September 2011 - 09:09 PM

It looks like you have some issues which will require more advanced tools.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 JamieLee7

JamieLee7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 September 2011 - 10:02 PM

Alright, I followed the steps in the preparation guide and made a thread there. Thank you again for the help.

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:36 AM

Posted 24 September 2011 - 10:04 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic420362.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users