Solved 8 Steps and stuck on step 2

[crunchie]

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[misschievous]

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[crunchie]

Open Notepad
Copy and paste following text into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

 

[misschievous]

remover.exe not found

was it supposed to be "bootkit_remover.exe"?

 

[misschievous]

I just renamed it ....

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Restoring boot code at \\.\PhysicalDrive0...
ERROR: No standard boot code found for your OS.
You can restore boot code only for Windows XP, Server 2003, Vista, Server 2008 a
nd Windows 7

Done;
Press any key to quit...

 

[crunchie]

No, but had this problem before.

Try this one instead.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[misschievous]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 161):
0x82435000 \SystemRoot\system32\ntkrnlpa.exe
0x82402000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F9000 \SystemRoot\system32\drivers\pciide.sys
0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071E000 \SystemRoot\system32\drivers\atapi.sys
0x80726000 \SystemRoot\system32\drivers\ataport.SYS
0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
0x80786000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A204000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A400000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A510000 \SystemRoot\system32\drivers\wd.sys
0x8A518000 \SystemRoot\system32\drivers\volsnap.sys
0x8A551000 \SystemRoot\System32\Drivers\spldr.sys
0x8A559000 \SystemRoot\System32\Drivers\mup.sys
0x8A568000 \SystemRoot\System32\drivers\ecache.sys
0x8A58F000 \SystemRoot\system32\drivers\disk.sys
0x8A5A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A309000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A319000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A5FE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8A31D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A32D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A334000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A33D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A340000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A34A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A397000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A3AF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8DE01000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DE8E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DE9E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DEAC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DEC6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8DED5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DEE9000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E40F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E20F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E602000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED44000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDE5000 \SystemRoot\System32\drivers\watchdog.sys
0x8E311000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EDF1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8E324000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E32F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EDF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E35D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E368000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E397000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E3E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E510000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E533000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E542000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E556000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E56B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E57B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E5A5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E5AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E5BC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E5C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DF3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DF4B000 \SystemRoot\system32\drivers\CHDART.sys
0x8DF7B000 \SystemRoot\system32\drivers\portcls.sys
0x8DFA8000 \SystemRoot\system32\drivers\drmk.sys
0x8A3B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F80A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F90D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F9C2000 \SystemRoot\system32\drivers\modem.sys
0x8F9D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E400000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8F800000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8DFCD000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x8DFDA000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x82B7E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F9F7000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x82B9F000 \SystemRoot\system32\DRIVERS\mozy.sys
0x8A3F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A3F9000 \SystemRoot\System32\Drivers\Null.SYS
0x82BB2000 \SystemRoot\System32\Drivers\Beep.SYS
0x82BB9000 \SystemRoot\System32\drivers\vga.sys
0x82BC5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x82BE6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82BEE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82A00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x805D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x805E2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9000C000 \SystemRoot\system32\DRIVERS\smb.sys
0x90020000 \SystemRoot\system32\drivers\afd.sys
0x90068000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9009A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x900BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x900D1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x900D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90113000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9011D000 \SystemRoot\System32\Drivers\dfsc.sys
0x90134000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90156000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90163000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9016E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95610000 \SystemRoot\System32\win32k.sys
0x90176000 \SystemRoot\System32\drivers\Dxapi.sys
0x90180000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95830000 \SystemRoot\System32\TSDDD.dll
0x95850000 \SystemRoot\System32\cdd.dll
0x9018F000 \SystemRoot\system32\drivers\luafv.sys
0x901AA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA1C01000 \SystemRoot\system32\drivers\spsys.sys
0xA1CB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1CC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA1CEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1CF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1D08000 \SystemRoot\system32\drivers\HTTP.sys
0xA1D75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1D92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1DAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1DC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x901C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8A5CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2C03000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2C2B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2C91000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2C95000 \SystemRoot\system32\drivers\peauth.sys
0xA2D73000 \??\C:\Windows\system32\drivers\pmemnt.sys
0xA2D75000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2D7F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2D8B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2D93000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2DAB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA2DB4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77010000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
500 csrss.exe
552 C:\Windows\System32\wininit.exe
560 csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1336 C:\Windows\System32\rundll32.exe
1364 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\wlanext.exe
1712 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\taskeng.exe
1760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1788 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\rundll32.exe
680 C:\Windows\System32\dwm.exe
1164 C:\Windows\explorer.exe
700 C:\Windows\System32\taskeng.exe
2128 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2136 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2164 C:\Windows\System32\rundll32.exe
2412 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2480 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2552 C:\Windows\ehome\ehtray.exe
2568 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2592 C:\Program Files\Windows Sidebar\sidebar.exe
2608 C:\Program Files\Bonjour\mDNSResponder.exe
2628 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2692 C:\Windows\System32\svchost.exe
2804 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2816 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2860 C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe
2900 C:\Windows\System32\lxdicoms.exe
2956 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2992 C:\Windows\ehome\ehmsas.exe
3020 C:\Program Files\MozyHome\mozybackup.exe
3080 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
3116 C:\Windows\System32\svchost.exe
3168 C:\Windows\System32\svchost.exe
3224 C:\Windows\System32\svchost.exe
3268 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
3628 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3652 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3696 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3732 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3832 C:\Windows\System32\svchost.exe
3852 C:\Program Files\MozyHome\mozybackup.exe
3908 C:\Windows\System32\svchost.exe
3988 C:\Windows\System32\SearchIndexer.exe
4076 C:\Windows\System32\drivers\XAudio.exe
792 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4240 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4292 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4888 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5580 C:\Program Files\Avira\AntiVir Desktop\avscan.exe
5792 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5228 C:\Program Files\Internet Explorer\iexplore.exe
4500 C:\Program Files\Internet Explorer\iexplore.exe
4512 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
5460 C:\Windows\System32\SearchProtocolHost.exe
4036 C:\Windows\System32\SearchFilterHost.exe
5364 C:\Users\owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3db0da00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[crunchie]

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

 

[misschievous]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 161):
0x82435000 \SystemRoot\system32\ntkrnlpa.exe
0x82402000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F9000 \SystemRoot\system32\drivers\pciide.sys
0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071E000 \SystemRoot\system32\drivers\atapi.sys
0x80726000 \SystemRoot\system32\drivers\ataport.SYS
0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
0x80786000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A204000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A400000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A510000 \SystemRoot\system32\drivers\wd.sys
0x8A518000 \SystemRoot\system32\drivers\volsnap.sys
0x8A551000 \SystemRoot\System32\Drivers\spldr.sys
0x8A559000 \SystemRoot\System32\Drivers\mup.sys
0x8A568000 \SystemRoot\System32\drivers\ecache.sys
0x8A58F000 \SystemRoot\system32\drivers\disk.sys
0x8A5A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A309000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A319000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A5FE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8A31D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A32D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A334000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A33D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A340000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A34A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A397000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A3AF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8DE01000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DE8E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DE9E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DEAC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DEC6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8DED5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DEE9000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E40F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E20F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E602000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED44000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDE5000 \SystemRoot\System32\drivers\watchdog.sys
0x8E311000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EDF1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8E324000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E32F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EDF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E35D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E368000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E397000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E3E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E510000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E533000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E542000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E556000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E56B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E57B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E5A5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E5AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E5BC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E5C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DF3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DF4B000 \SystemRoot\system32\drivers\CHDART.sys
0x8DF7B000 \SystemRoot\system32\drivers\portcls.sys
0x8DFA8000 \SystemRoot\system32\drivers\drmk.sys
0x8A3B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F80A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F90D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F9C2000 \SystemRoot\system32\drivers\modem.sys
0x8F9D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E400000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8F800000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8DFCD000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x8DFDA000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x82B7E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F9F7000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x82B9F000 \SystemRoot\system32\DRIVERS\mozy.sys
0x8A3F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A3F9000 \SystemRoot\System32\Drivers\Null.SYS
0x82BB2000 \SystemRoot\System32\Drivers\Beep.SYS
0x82BB9000 \SystemRoot\System32\drivers\vga.sys
0x82BC5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x82BE6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82BEE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82A00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x805D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x805E2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9000C000 \SystemRoot\system32\DRIVERS\smb.sys
0x90020000 \SystemRoot\system32\drivers\afd.sys
0x90068000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9009A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x900BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x900D1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x900D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90113000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9011D000 \SystemRoot\System32\Drivers\dfsc.sys
0x90134000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90156000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90163000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9016E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95610000 \SystemRoot\System32\win32k.sys
0x90176000 \SystemRoot\System32\drivers\Dxapi.sys
0x90180000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95830000 \SystemRoot\System32\TSDDD.dll
0x95850000 \SystemRoot\System32\cdd.dll
0x9018F000 \SystemRoot\system32\drivers\luafv.sys
0x901AA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA1C01000 \SystemRoot\system32\drivers\spsys.sys
0xA1CB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1CC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA1CEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1CF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1D08000 \SystemRoot\system32\drivers\HTTP.sys
0xA1D75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1D92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1DAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1DC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x901C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8A5CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2C03000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2C2B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2C91000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2C95000 \SystemRoot\system32\drivers\peauth.sys
0xA2D73000 \??\C:\Windows\system32\drivers\pmemnt.sys
0xA2D75000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2D7F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2D8B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2D93000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2DAB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA2DB4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77010000 \Windows\System32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
500 csrss.exe
552 C:\Windows\System32\wininit.exe
560 csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1336 C:\Windows\System32\rundll32.exe
1364 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\wlanext.exe
1712 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\taskeng.exe
1760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1788 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\rundll32.exe
680 C:\Windows\System32\dwm.exe
1164 C:\Windows\explorer.exe
700 C:\Windows\System32\taskeng.exe
2128 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2136 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2164 C:\Windows\System32\rundll32.exe
2412 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2480 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2552 C:\Windows\ehome\ehtray.exe
2568 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2592 C:\Program Files\Windows Sidebar\sidebar.exe
2608 C:\Program Files\Bonjour\mDNSResponder.exe
2628 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2692 C:\Windows\System32\svchost.exe
2804 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2816 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2860 C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe
2900 C:\Windows\System32\lxdicoms.exe
2956 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2992 C:\Windows\ehome\ehmsas.exe
3020 C:\Program Files\MozyHome\mozybackup.exe
3080 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
3116 C:\Windows\System32\svchost.exe
3168 C:\Windows\System32\svchost.exe
3224 C:\Windows\System32\svchost.exe
3268 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
3628 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3652 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3696 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3732 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3832 C:\Windows\System32\svchost.exe
3852 C:\Program Files\MozyHome\mozybackup.exe
3908 C:\Windows\System32\svchost.exe
3988 C:\Windows\System32\SearchIndexer.exe
4076 C:\Windows\System32\drivers\XAudio.exe
792 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4240 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4292 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4888 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5580 C:\Program Files\Avira\AntiVir Desktop\avscan.exe
5792 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5228 C:\Program Files\Internet Explorer\iexplore.exe
4500 C:\Program Files\Internet Explorer\iexplore.exe
4512 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
5968 C:\Users\owner\Desktop\Trojan\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3db0da00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

[misschievous]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3db0da00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[crunchie]

The repair did not work so we will have to try something else.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[misschievous]

OK ... for the second time MBR will not allow me to right click or highlight and copy. So I Will just retype it ...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3db0da00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
Press Enter to exit...

 

[misschievous]

actually ... let me clarify ...

I was merely stating that this is the second time it would not allow me to copy ...

on review it looks like i was being a smart@ss "for the second time" and that wasn't the intent

 

[crunchie]

.

That MBR looks ok now.

How are things looking?

 

[misschievous]

Still have multiple iexplorers opening and redirects.

to be clearer ... for each iexplorer window (not tabs) there are two iexplorer processes running in task manager

 

[crunchie]

I reckon it is supposed to do that now. I do not generally use IE, so am not that familiar with it's processes.
If you look at my Task Manager, you will see there are three instances of IE running even though I have only opened one.

 

[misschievous]

I have never noticed it do that before ... in any event ... I am still being redirected

 

[misschievous]

??????????

 

[crunchie]

My apologies. I missed your post some how.

Please run GMER again and post the log.

==

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

[misschievous]

GMER will not run ... even in safe mode ...

it keeps getting to system volume shadow copy and faulting ...

I don't think I have ever used that on this machine.

 

[misschievous]

2010/10/31 20:45:46.0886 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 20:45:46.0886 ================================================================================
2010/10/31 20:45:46.0886 SystemInfo:
2010/10/31 20:45:46.0886
2010/10/31 20:45:46.0886 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/31 20:45:46.0886 Product type: Workstation
2010/10/31 20:45:46.0886 ComputerName: KJOLT1
2010/10/31 20:45:46.0886 UserName: owner
2010/10/31 20:45:46.0886 Windows directory: C:\Windows
2010/10/31 20:45:46.0886 System windows directory: C:\Windows
2010/10/31 20:45:46.0886 Processor architecture: Intel x86
2010/10/31 20:45:46.0886 Number of processors: 2
2010/10/31 20:45:46.0886 Page size: 0x1000
2010/10/31 20:45:46.0886 Boot type: Safe boot with network
2010/10/31 20:45:46.0886 ================================================================================
2010/10/31 20:45:47.0167 Initialize success
2010/10/31 20:45:51.0566 ================================================================================
2010/10/31 20:45:51.0566 Scan started
2010/10/31 20:45:51.0566 Mode: Manual;
2010/10/31 20:45:51.0566 ================================================================================
2010/10/31 20:45:52.0876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/31 20:45:52.0954 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/31 20:45:53.0032 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/31 20:45:53.0095 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/31 20:45:53.0142 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/31 20:45:53.0251 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/31 20:45:53.0298 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/31 20:45:53.0344 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/31 20:45:53.0407 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/31 20:45:53.0438 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/31 20:45:53.0485 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/31 20:45:53.0516 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/31 20:45:53.0563 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/31 20:45:53.0688 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/31 20:45:53.0766 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/31 20:45:53.0828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/31 20:45:53.0875 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/31 20:45:53.0922 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/31 20:45:53.0968 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/31 20:45:54.0046 BCM43XV (d029131abaee5645dd04a7919bb480a6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/31 20:45:54.0093 BCM43XX (d029131abaee5645dd04a7919bb480a6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/31 20:45:54.0124 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/31 20:45:54.0234 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/31 20:45:54.0280 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/31 20:45:54.0312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/31 20:45:54.0390 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/31 20:45:54.0421 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/31 20:45:54.0452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/31 20:45:54.0483 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/31 20:45:54.0514 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/31 20:45:54.0639 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/31 20:45:54.0686 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/31 20:45:54.0733 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/31 20:45:54.0764 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/31 20:45:54.0842 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/31 20:45:54.0889 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/31 20:45:54.0967 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/31 20:45:54.0998 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/31 20:45:55.0045 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/31 20:45:55.0123 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/31 20:45:55.0201 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/31 20:45:55.0294 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/10/31 20:45:55.0326 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/10/31 20:45:55.0372 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/10/31 20:45:55.0419 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/31 20:45:55.0482 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/31 20:45:55.0575 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/10/31 20:45:55.0638 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/31 20:45:55.0747 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/31 20:45:55.0825 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/31 20:45:55.0934 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/31 20:45:55.0996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/31 20:45:56.0043 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/31 20:45:56.0121 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/31 20:45:56.0184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/31 20:45:56.0215 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/31 20:45:56.0277 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/31 20:45:56.0355 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/31 20:45:56.0402 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
2010/10/31 20:45:56.0449 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
2010/10/31 20:45:56.0496 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/31 20:45:56.0542 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/10/31 20:45:56.0620 HdAudAddService (a1be5a64ddcb0880301cf860be3f0a07) C:\Windows\system32\drivers\CHDART.sys
2010/10/31 20:45:56.0683 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/31 20:45:56.0730 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/31 20:45:56.0776 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/31 20:45:56.0823 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/31 20:45:56.0886 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/31 20:45:56.0964 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/31 20:45:57.0010 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/10/31 20:45:57.0057 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/31 20:45:57.0135 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/31 20:45:57.0276 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/31 20:45:57.0338 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/31 20:45:57.0400 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/31 20:45:57.0463 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/31 20:45:57.0556 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/31 20:45:57.0634 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/31 20:45:57.0697 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/31 20:45:57.0775 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/10/31 20:45:57.0822 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/31 20:45:57.0900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/31 20:45:57.0962 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/31 20:45:58.0009 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/31 20:45:58.0071 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/31 20:45:58.0102 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/31 20:45:58.0165 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/31 20:45:58.0227 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/31 20:45:58.0274 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/31 20:45:58.0321 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/31 20:45:58.0368 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/31 20:45:58.0430 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/31 20:45:58.0492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/31 20:45:58.0539 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/31 20:45:58.0586 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/31 20:45:58.0633 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/31 20:45:58.0664 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/31 20:45:58.0758 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/31 20:45:58.0804 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/31 20:45:58.0867 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/31 20:45:58.0945 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/31 20:45:58.0976 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/31 20:45:59.0007 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/31 20:45:59.0038 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/31 20:45:59.0101 mozyFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\mozy.sys
2010/10/31 20:45:59.0148 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/31 20:45:59.0194 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/31 20:45:59.0241 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/31 20:45:59.0288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/31 20:45:59.0335 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/31 20:45:59.0382 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/31 20:45:59.0397 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/31 20:45:59.0428 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/31 20:45:59.0460 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/31 20:45:59.0522 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/31 20:45:59.0584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/31 20:45:59.0631 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/31 20:45:59.0678 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/31 20:45:59.0709 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/31 20:45:59.0740 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/31 20:45:59.0772 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/31 20:45:59.0834 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/31 20:45:59.0865 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/31 20:45:59.0912 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/31 20:45:59.0974 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/31 20:46:00.0021 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/31 20:46:00.0068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/31 20:46:00.0115 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/31 20:46:00.0162 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/31 20:46:00.0193 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/31 20:46:00.0240 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/31 20:46:00.0302 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/31 20:46:00.0349 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/31 20:46:00.0396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/31 20:46:00.0474 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/31 20:46:00.0520 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/31 20:46:00.0552 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/31 20:46:00.0630 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/10/31 20:46:00.0864 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/31 20:46:01.0113 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/31 20:46:01.0144 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/10/31 20:46:01.0176 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/31 20:46:01.0238 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/31 20:46:01.0332 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/31 20:46:01.0394 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/31 20:46:01.0441 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/31 20:46:01.0472 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/31 20:46:01.0519 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/31 20:46:01.0534 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/31 20:46:01.0581 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/31 20:46:01.0659 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/31 20:46:01.0753 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\system32\drivers\pmemnt.sys
2010/10/31 20:46:01.0831 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/31 20:46:01.0862 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/31 20:46:01.0924 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/31 20:46:02.0018 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/31 20:46:02.0080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/31 20:46:02.0127 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/31 20:46:02.0174 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/31 20:46:02.0221 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/31 20:46:02.0268 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/31 20:46:02.0377 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/31 20:46:02.0455 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/31 20:46:02.0470 RDPCDD (01189d0c0d81aa9ab71c242f6b6d3cf3) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/31 20:46:02.0486 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/31 20:46:02.0517 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/31 20:46:02.0548 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/31 20:46:02.0611 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/31 20:46:02.0704 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/31 20:46:02.0751 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/31 20:46:02.0767 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/31 20:46:02.0814 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/31 20:46:02.0860 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/31 20:46:02.0938 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/31 20:46:02.0970 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/31 20:46:03.0016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/31 20:46:03.0063 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/31 20:46:03.0110 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/31 20:46:03.0157 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/31 20:46:03.0204 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/31 20:46:03.0235 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/31 20:46:03.0266 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/31 20:46:03.0313 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/31 20:46:03.0344 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/31 20:46:03.0375 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/31 20:46:03.0438 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/31 20:46:03.0500 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/31 20:46:03.0594 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/31 20:46:03.0640 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/31 20:46:03.0672 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/31 20:46:03.0718 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/31 20:46:03.0765 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/31 20:46:03.0828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/31 20:46:03.0937 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/31 20:46:03.0984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/31 20:46:04.0030 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/31 20:46:04.0140 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/31 20:46:04.0186 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/31 20:46:04.0233 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/31 20:46:04.0264 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/31 20:46:04.0327 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/31 20:46:04.0374 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/31 20:46:04.0405 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/31 20:46:04.0483 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/31 20:46:04.0545 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/31 20:46:04.0576 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/31 20:46:04.0623 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/31 20:46:04.0686 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/31 20:46:04.0748 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/31 20:46:04.0795 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/31 20:46:04.0826 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/31 20:46:04.0873 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/31 20:46:04.0920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/31 20:46:04.0982 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/31 20:46:05.0029 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/31 20:46:05.0076 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/31 20:46:05.0122 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/31 20:46:05.0154 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/31 20:46:05.0200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/31 20:46:05.0232 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/31 20:46:05.0263 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/31 20:46:05.0310 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/31 20:46:05.0356 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/31 20:46:05.0419 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/31 20:46:05.0466 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/31 20:46:05.0497 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/31 20:46:05.0544 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/31 20:46:05.0575 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/31 20:46:05.0622 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/31 20:46:05.0684 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/31 20:46:05.0731 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/31 20:46:05.0762 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/31 20:46:05.0840 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/31 20:46:05.0887 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 20:46:05.0902 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 20:46:05.0949 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/31 20:46:06.0012 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/31 20:46:06.0136 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/31 20:46:06.0261 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/31 20:46:06.0355 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/31 20:46:06.0402 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/31 20:46:06.0464 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/10/31 20:46:06.0558 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/31 20:46:06.0620 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/31 20:46:06.0838 ================================================================================
2010/10/31 20:46:06.0838 Scan finished
2010/10/31 20:46:06.0838 ================================================================================
2010/10/31 20:46:06.0854 Detected object count: 1
2010/10/31 20:46:42.0375 RDPCDD (01189d0c0d81aa9ab71c242f6b6d3cf3) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/31 20:46:42.0672 Backup copy found, using it..
2010/10/31 20:46:42.0687 C:\Windows\system32\DRIVERS\RDPCDD.sys - will be cured after reboot
2010/10/31 20:46:42.0687 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure
2010/10/31 20:46:50.0269 Deinitialize success

 

[crunchie]

Ok. How are now that TDSS has removed that rootkit?

 

[misschievous]

[still getting redirected ... it has now started popups ...

when i click on a link or open an iexplorer window i get a popup..

did it when i clicked on my on my desktop shortcut to open this site I got this and an add popup.

still trying to run GMER but it doesn't want to run

 

[misschievous]

just in case it might lead you to the specific illness and a cure ...

Often when I get redirected and I try to use the back button to get to where I wanted to go ... I end up at what I believe to be a fake Google 404 not found page.

I could probably find the source of this thing as well ... I know where it came from ... I tried to download a crack and got this instead ...

I know ... thats what I get for trying to download a crack

 

[crunchie]

Any chance GMER will run in safe mode?