Google Redirects and unauthorized attempts to connect to Sites, Vista

Solved
By Demianwulf
Oct 29, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.

    Re-run command from my post #40 and post the log.
  2. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    I think, we posted at the same time.
    Read my previous reply.
  3. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Wulftop
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
    Physical Address. . . . . . . . . : 00-E0-B8-E2-3C-E6
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::4c85:24a2:77d4:d412%199(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 184606904
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-04-DA-21-00-E0-B8-E2-3C-E6
    DNS Servers . . . . . . . . . . . : 8.8.8.8
    8.8.4.4
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
  4. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    sorry for the delay I had to change the dns and manually put in a static ip to get the computer to connect to the internet again as well as kill the svchost.exe in task manager...seemed like the IP changed after running the commands you mentioned but they both ran successfully
  5. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    I was even able to run all of the flush dns commands as well as the other ones except for the iprenew command . from your post 33. Dns client started successfully.
  6. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    I still don't like the fact, that you have to do something manually.

    Delete your GMER and Combofix files, download fresh ones and post both new logs.
  7. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-02 01:11:04
    Windows 6.0.6002 Service Pack 2
    Running: yq7cwrf3.exe; Driver: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\fxldqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90535F8E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x90536F5C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x90536174]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x905353FA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90535BF4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x905352DC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x90535A82]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90536C16]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x90534EA2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x90534CD4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90536898]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9053567E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90535DD0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x90534A04]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9053590E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x90534B7C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x905373C6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x90536634]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90536A46]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90535618]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x90535802]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x905351A6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x90535074]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x90536280]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x843E9BAE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 119 83CB287C 4 Bytes [8E, 5F, 53, 90] {MOV DS, [EDI+0x53]; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 13D 83CB28A0 8 Bytes [5C, 6F, 53, 90, 74, 61, 53, ...] {POP ESP; OUTSD ; PUSH EBX; NOP ; JZ 0x67; PUSH EBX; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1C1 83CB2924 4 Bytes [FA, 53, 53, 90] {CLI ; PUSH EBX; PUSH EBX; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1D9 83CB293C 4 Bytes [F4, 5B, 53, 90] {HLT ; POP EBX; PUSH EBX; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 205 83CB2968 4 Bytes [DC, 52, 53, 90] {FCOM QWORD [EDX+0x53]; NOP }
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83DDD28F 5 Bytes JMP 843E55D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 83E36063 5 Bytes JMP 843E6FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 83E9790A 7 Bytes JMP 843E9BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1200BEVS-22UST0___________________01.01A01#4&9de862a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

    ---- EOF - GMER 1.0.15 ----
  8. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    can't seem to run combofix it won't start
  9. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Yeah, something is still hiding there.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ======================================================================

    • Please download Rootkit Unhooker . Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Checkmark Drivers, Stealth. Uncheck the rest. Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report to some known location. Click Close.
    Copy the entire content of the report and paste it in a reply here.

    Note. You may get this warning it is ok, just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
  10. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4982

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    11/2/2010 9:42:23 PM
    mbam-log-2010-11-02 (21-42-23).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 361307
    Time elapsed: 1 hour(s), 42 minute(s), 14 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    C:\Users\WulfTop\AppData\Roaming\hotfix.exe (Trojan.Agent.Gen) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\WulfTop\AppData\Local\temp\90f283c8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\WulfTop\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\WulfTop\AppData\Roaming\hotfix.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
  11. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Just got back online whew! Ok, I ran TDSkiller and rebooted. My User profile loaded but I had a microsoft security essentials alert which wouldn't let me open up firefox so I ran malewarebytes to kill it and rebooted here is the log above
  12. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    After the reboot I could not for the life of me get back connected online and after many tries of numerous unplugging of wires changing dns's changing settings ips etc to try to get it to connect...I changed everything back to normal and messed with COMODO...Comodo was blocking svchost.exe that was in the system32 folder (which I assume is the good one)...I unblocked it and voila i'm back online
  13. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    It looks like you managed to get reinfected somehow.

    Go ahead with TDSSKiller.
     
  14. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    HEre is the TDS log from earlier:

    2010/11/02 17:56:54.0507 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/11/02 17:56:54.0507 ================================================================================
    2010/11/02 17:56:54.0507 SystemInfo:
    2010/11/02 17:56:54.0507
    2010/11/02 17:56:54.0507 OS Version: 6.0.6002 ServicePack: 2.0
    2010/11/02 17:56:54.0507 Product type: Workstation
    2010/11/02 17:56:54.0507 ComputerName: WULFTOP
    2010/11/02 17:56:54.0507 UserName: WulfTop
    2010/11/02 17:56:54.0507 Windows directory: C:\Windows
    2010/11/02 17:56:54.0507 System windows directory: C:\Windows
    2010/11/02 17:56:54.0507 Processor architecture: Intel x86
    2010/11/02 17:56:54.0507 Number of processors: 2
    2010/11/02 17:56:54.0507 Page size: 0x1000
    2010/11/02 17:56:54.0507 Boot type: Normal boot
    2010/11/02 17:56:54.0507 ================================================================================
    2010/11/02 17:56:54.0850 Initialize success
    2010/11/02 17:57:02.0853 ================================================================================
    2010/11/02 17:57:02.0853 Scan started
    2010/11/02 17:57:02.0853 Mode: Manual;
    2010/11/02 17:57:02.0853 ================================================================================
    2010/11/02 17:57:03.0461 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/11/02 17:57:03.0649 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/02 17:57:03.0773 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/11/02 17:57:03.0836 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/11/02 17:57:03.0867 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/11/02 17:57:04.0335 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/11/02 17:57:04.0631 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    2010/11/02 17:57:04.0834 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/11/02 17:57:04.0928 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/11/02 17:57:04.0959 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/11/02 17:57:05.0006 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/11/02 17:57:05.0053 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/11/02 17:57:05.0099 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/11/02 17:57:05.0146 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/11/02 17:57:05.0224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/11/02 17:57:05.0365 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/11/02 17:57:05.0443 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
    2010/11/02 17:57:05.0583 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/11/02 17:57:05.0645 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/11/02 17:57:05.0723 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/11/02 17:57:05.0770 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/11/02 17:57:05.0833 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/11/02 17:57:05.0911 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/02 17:57:06.0098 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/11/02 17:57:06.0425 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/11/02 17:57:06.0644 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/02 17:57:06.0691 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/11/02 17:57:06.0737 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/11/02 17:57:06.0831 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/11/02 17:57:06.0878 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/11/02 17:57:06.0925 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/11/02 17:57:06.0956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/11/02 17:57:07.0034 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/11/02 17:57:07.0689 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/02 17:57:08.0079 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/02 17:57:08.0157 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/11/02 17:57:08.0219 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/11/02 17:57:08.0329 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/02 17:57:08.0391 cmdGuard (95b4dee20d89403d636dca2be73742cb) C:\Windows\system32\DRIVERS\cmdguard.sys
    2010/11/02 17:57:08.0594 cmdHlp (12186867f48b4817c58d45f268fda3d5) C:\Windows\system32\DRIVERS\cmdhlp.sys
    2010/11/02 17:57:08.0687 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/11/02 17:57:08.0781 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/02 17:57:08.0812 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/02 17:57:08.0859 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/11/02 17:57:08.0984 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/02 17:57:09.0421 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/11/02 17:57:09.0733 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/02 17:57:09.0904 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/02 17:57:09.0982 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/11/02 17:57:10.0060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/11/02 17:57:10.0216 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/11/02 17:57:10.0544 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/11/02 17:57:10.0669 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/11/02 17:57:10.0731 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/02 17:57:10.0840 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/02 17:57:10.0903 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/11/02 17:57:10.0949 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/02 17:57:11.0090 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/02 17:57:11.0183 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/02 17:57:11.0230 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/02 17:57:11.0293 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/02 17:57:11.0620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/02 17:57:11.0823 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/11/02 17:57:11.0901 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/11/02 17:57:12.0073 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/02 17:57:12.0307 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/11/02 17:57:12.0385 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/11/02 17:57:12.0447 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/11/02 17:57:12.0509 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/02 17:57:12.0619 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/02 17:57:12.0728 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/11/02 17:57:12.0931 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/11/02 17:57:13.0118 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/11/02 17:57:13.0695 Inspect (1d79596c08a0153335021ade850a0710) C:\Windows\system32\DRIVERS\inspect.sys
    2010/11/02 17:57:13.0867 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/11/02 17:57:13.0976 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/02 17:57:14.0054 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/02 17:57:14.0147 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/11/02 17:57:14.0194 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/11/02 17:57:14.0272 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/11/02 17:57:14.0381 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/11/02 17:57:14.0787 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/02 17:57:15.0567 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/11/02 17:57:15.0785 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/11/02 17:57:15.0817 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/02 17:57:15.0895 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/02 17:57:16.0129 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/02 17:57:16.0519 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/11/02 17:57:18.0297 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/02 17:57:18.0921 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/11/02 17:57:19.0810 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/11/02 17:57:21.0027 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/11/02 17:57:21.0620 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/02 17:57:21.0979 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/11/02 17:57:23.0476 LUsbFilt (ff1c2f90d40a2e52649937854e175987) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2010/11/02 17:57:23.0975 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/11/02 17:57:24.0989 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/11/02 17:57:25.0223 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
    2010/11/02 17:57:25.0348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/02 17:57:25.0785 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/02 17:57:25.0957 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/02 17:57:26.0159 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/02 17:57:26.0315 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/11/02 17:57:26.0409 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/02 17:57:26.0471 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/11/02 17:57:26.0518 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/02 17:57:26.0705 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/02 17:57:26.0783 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/02 17:57:26.0846 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/02 17:57:26.0924 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2010/11/02 17:57:26.0971 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/11/02 17:57:27.0236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/11/02 17:57:27.0283 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/11/02 17:57:27.0361 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/02 17:57:27.0548 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/02 17:57:27.0626 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/02 17:57:27.0813 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/02 17:57:28.0016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/02 17:57:28.0343 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/02 17:57:28.0577 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/11/02 17:57:28.0655 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/02 17:57:28.0780 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/11/02 17:57:28.0843 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/02 17:57:28.0874 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/02 17:57:28.0967 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/02 17:57:29.0170 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/02 17:57:29.0295 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/02 17:57:29.0420 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/02 17:57:29.0529 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/02 17:57:29.0966 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/11/02 17:57:30.0574 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/02 17:57:30.0886 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/02 17:57:31.0011 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/11/02 17:57:31.0073 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/11/02 17:57:31.0105 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/11/02 17:57:31.0151 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/11/02 17:57:31.0214 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/02 17:57:31.0323 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/02 17:57:31.0417 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/11/02 17:57:31.0541 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/11/02 17:57:31.0604 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/11/02 17:57:31.0775 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/11/02 17:57:31.0947 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2010/11/02 17:57:32.0009 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/11/02 17:57:32.0072 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/11/02 17:57:32.0134 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/11/02 17:57:32.0493 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/02 17:57:33.0055 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/11/02 17:57:33.0866 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/02 17:57:34.0053 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/11/02 17:57:34.0084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/02 17:57:34.0162 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/02 17:57:34.0240 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/02 17:57:34.0349 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/02 17:57:34.0412 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/02 17:57:34.0490 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/02 17:57:34.0568 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/02 17:57:34.0630 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/02 17:57:34.0677 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/02 17:57:34.0708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/02 17:57:34.0786 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/02 17:57:34.0927 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/02 17:57:35.0005 RTL8169 (2dd5dd25fb68975d094ae57d46097f48) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2010/11/02 17:57:35.0083 RTL8187B (73284ef4fdeb8d7ab36b6b4714db393e) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2010/11/02 17:57:35.0176 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
    2010/11/02 17:57:35.0254 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/02 17:57:35.0332 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
    2010/11/02 17:57:35.0395 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/02 17:57:35.0457 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/11/02 17:57:35.0519 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/11/02 17:57:35.0582 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/11/02 17:57:35.0675 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/02 17:57:35.0738 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/11/02 17:57:35.0816 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/02 17:57:35.0847 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/02 17:57:35.0894 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/11/02 17:57:35.0909 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/11/02 17:57:35.0956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/11/02 17:57:36.0019 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/02 17:57:36.0112 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/11/02 17:57:36.0237 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/02 17:57:36.0331 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/02 17:57:36.0377 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/02 17:57:36.0455 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    2010/11/02 17:57:36.0533 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/02 17:57:36.0596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/11/02 17:57:36.0627 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/11/02 17:57:36.0658 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/11/02 17:57:36.0736 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/11/02 17:57:36.0861 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/11/02 17:57:36.0923 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/02 17:57:36.0986 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/02 17:57:37.0048 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/02 17:57:37.0111 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/02 17:57:37.0173 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/02 17:57:37.0251 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/02 17:57:37.0360 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/02 17:57:37.0423 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/11/02 17:57:37.0501 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/02 17:57:37.0563 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/11/02 17:57:37.0625 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/02 17:57:37.0688 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/11/02 17:57:37.0735 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/11/02 17:57:37.0797 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/11/02 17:57:37.0875 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/11/02 17:57:37.0953 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/02 17:57:38.0078 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
    2010/11/02 17:57:38.0171 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/02 17:57:38.0218 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/11/02 17:57:38.0296 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/02 17:57:38.0405 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/02 17:57:38.0468 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/11/02 17:57:38.0546 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/02 17:57:38.0608 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/02 17:57:38.0686 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/02 17:57:38.0780 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
    2010/11/02 17:57:38.0905 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/02 17:57:38.0983 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/11/02 17:57:39.0045 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/11/02 17:57:39.0107 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/11/02 17:57:39.0170 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/11/02 17:57:39.0279 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/11/02 17:57:39.0388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/02 17:57:39.0497 volsnap (ecd91a7bbf55c2d5ab23d94e0c6e7bd9) C:\Windows\system32\drivers\volsnap.sys
    2010/11/02 17:57:39.0497 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ecd91a7bbf55c2d5ab23d94e0c6e7bd9, Fake md5: 147281c01fcb1df9252de2a10d5e7093
    2010/11/02 17:57:39.0513 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/02 17:57:39.0560 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/02 17:57:39.0700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/11/02 17:57:39.0778 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 17:57:39.0794 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 17:57:39.0872 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/11/02 17:57:39.0981 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/02 17:57:40.0168 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
    2010/11/02 17:57:40.0262 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/02 17:57:40.0355 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/11/02 17:57:40.0449 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/02 17:57:40.0558 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/02 17:57:40.0745 ================================================================================
    2010/11/02 17:57:40.0745 Scan finished
    2010/11/02 17:57:40.0745 ================================================================================
    2010/11/02 17:57:40.0777 Detected object count: 1
    2010/11/02 17:58:02.0819 volsnap (ecd91a7bbf55c2d5ab23d94e0c6e7bd9) C:\Windows\system32\drivers\volsnap.sys
    2010/11/02 17:58:02.0835 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ecd91a7bbf55c2d5ab23d94e0c6e7bd9, Fake md5: 147281c01fcb1df9252de2a10d5e7093
    2010/11/02 17:58:07.0499 Backup copy found, using it..
    2010/11/02 17:58:07.0531 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
    2010/11/02 17:58:07.0531 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
    2010/11/02 17:58:25.0283 Deinitialize success
  15. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Remember this was before I ran malewarebytes a few hours ago.
  16. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Re-run TDSSKiller one more time and...
    ....update MBAM and re-run it too

    Post both logs.
  17. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Here is rootkit unhooker scan:

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6002 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8E403000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
    0x83C4C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
    0x83C4C000 PnpManager 3903488 bytes
    0x83C4C000 RAW 3903488 bytes
    0x83C4C000 WMIxWDM 3903488 bytes
    0x9DE60000 Win32k 2109440 bytes
    0x9DE60000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x91208000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
    0x89C07000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
    0x89804000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x89A07000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
    0x804DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0x83273000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x89B0C000 C:\Windows\System32\Drivers\dump_iaStor.sys 897024 bytes
    0x8420F000 C:\Windows\system32\DRIVERS\iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
    0x90406000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
    0x8ED02000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8F807000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
    0x8435B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x81E53000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8320D000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
    0x8073A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x9054B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80691000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8F894000 C:\Windows\system32\DRIVERS\Rtlh86.sys 270336 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
    0x8049D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8F974000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x899BD000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x8993A000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x81F4B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x89D17000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x805BE000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
    0x83C19000 ACPI_HAL 208896 bytes
    0x83C19000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x83386000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
    0x84319000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x90505000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8F945000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x904A9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8F8F4000 C:\Windows\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
    0x8990F000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x89975000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x81E0C000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x807A9000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
    0x89D5F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x806E8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x81F9C000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x904D6000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x91331000 C:\Windows\System32\DRIVERS\cmdguard.sys 143360 bytes (COMODO, COMODO Internet Security Sandbox Driver)
    0x8EDAF000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x89D97000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x81F0B000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x91387000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x81F2C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x842F2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x81EC0000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x89AF1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x807D0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x81EDD000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8F92D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x81F84000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x843D6000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8F9C0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x833B9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x90593000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x913DA000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x905A9000 C:\Windows\system32\DRIVERS\inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
    0x81EF6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8EDE6000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8EDD2000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x90537000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8F8D6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x905D6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x89D86000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x899AC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80484000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8434B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x80799000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x89BE7000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x89DD7000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x84200000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x89D50000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x8070F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8F9E2000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8072B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x9E0A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x905C8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x913C3000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8078B000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x905E9000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
    0x89DC1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x91324000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x8999F000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x80684000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x8F9F1000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
    0x83363000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8337A000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
    0x9137B000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8EDA3000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
    0x8F8E9000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8F922000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x913B8000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8F9D7000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8F9B5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8336F000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
    0x913F0000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
    0x80721000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x904FB000 C:\Windows\System32\DRIVERS\cmdhlp.sys 40960 bytes (COMODO, COMODO Internet Security Helper Driver)
    0x843ED000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x89DF3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x81E36000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x843CC000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x83351000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x89DB8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x91354000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x84310000 C:\Windows\system32\drivers\msahci.sys 36864 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
    0x833CF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x913D1000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x9E080000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x89DCE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x89DEA000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x806D7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x842EA000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x80495000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x806E0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x913A8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x913B0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x91364000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x91374000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x80784000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x9135D000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x913FA000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
    0x89DE6000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x91200000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
    0x8071E000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x8F9FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8F920000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x010D0000 Hidden Image-->log4net.dll [ EPROCESS 0x89587560 ] PID: 1008, 282624 bytes
    0x057E0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x89587560 ] PID: 1008, 421888 bytes
    0x046B0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x89587560 ] PID: 1008, 479232 bytes
    0x03C20000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x89587560 ] PID: 1008, 872448 bytes


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  18. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    TDS scan came up empty but here is the report:

    2010/11/02 23:31:29.0899 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/11/02 23:31:29.0899 ================================================================================
    2010/11/02 23:31:29.0899 SystemInfo:
    2010/11/02 23:31:29.0899
    2010/11/02 23:31:29.0899 OS Version: 6.0.6002 ServicePack: 2.0
    2010/11/02 23:31:29.0900 Product type: Workstation
    2010/11/02 23:31:29.0900 ComputerName: WULFTOP
    2010/11/02 23:31:29.0903 UserName: WulfTop
    2010/11/02 23:31:29.0903 Windows directory: C:\Windows
    2010/11/02 23:31:29.0903 System windows directory: C:\Windows
    2010/11/02 23:31:29.0903 Processor architecture: Intel x86
    2010/11/02 23:31:29.0903 Number of processors: 2
    2010/11/02 23:31:29.0903 Page size: 0x1000
    2010/11/02 23:31:29.0904 Boot type: Normal boot
    2010/11/02 23:31:29.0904 ================================================================================
    2010/11/02 23:31:30.0259 Initialize success
    2010/11/02 23:31:31.0371 ================================================================================
    2010/11/02 23:31:31.0371 Scan started
    2010/11/02 23:31:31.0371 Mode: Manual;
    2010/11/02 23:31:31.0371 ================================================================================
    2010/11/02 23:31:31.0794 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/11/02 23:31:31.0848 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/02 23:31:31.0904 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/11/02 23:31:31.0943 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/11/02 23:31:31.0985 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/11/02 23:31:32.0082 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/11/02 23:31:32.0194 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    2010/11/02 23:31:32.0242 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/11/02 23:31:32.0280 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/11/02 23:31:32.0330 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/11/02 23:31:32.0371 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/11/02 23:31:32.0425 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/11/02 23:31:32.0472 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/11/02 23:31:32.0505 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/11/02 23:31:32.0573 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/11/02 23:31:32.0604 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/11/02 23:31:32.0672 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
    2010/11/02 23:31:32.0744 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/11/02 23:31:32.0796 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/11/02 23:31:32.0864 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/11/02 23:31:32.0901 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/11/02 23:31:32.0951 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/11/02 23:31:33.0007 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/02 23:31:33.0057 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/11/02 23:31:33.0199 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/11/02 23:31:33.0323 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/02 23:31:33.0376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/11/02 23:31:33.0410 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/11/02 23:31:33.0451 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/11/02 23:31:33.0494 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/11/02 23:31:33.0535 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/11/02 23:31:33.0559 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/11/02 23:31:33.0607 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/11/02 23:31:33.0795 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/02 23:31:33.0875 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/02 23:31:33.0930 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/11/02 23:31:33.0991 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/11/02 23:31:34.0079 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/02 23:31:34.0146 cmdGuard (95b4dee20d89403d636dca2be73742cb) C:\Windows\system32\DRIVERS\cmdguard.sys
    2010/11/02 23:31:34.0204 cmdHlp (12186867f48b4817c58d45f268fda3d5) C:\Windows\system32\DRIVERS\cmdhlp.sys
    2010/11/02 23:31:34.0236 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/11/02 23:31:34.0296 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/02 23:31:34.0341 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/02 23:31:34.0384 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/11/02 23:31:34.0460 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/02 23:31:34.0550 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/11/02 23:31:34.0647 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/02 23:31:34.0724 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/02 23:31:34.0787 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/11/02 23:31:34.0873 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/11/02 23:31:34.0954 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/11/02 23:31:35.0082 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/11/02 23:31:35.0148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/11/02 23:31:35.0200 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/02 23:31:35.0278 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/02 23:31:35.0310 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/11/02 23:31:35.0347 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/02 23:31:35.0414 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/02 23:31:35.0476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/02 23:31:35.0524 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/02 23:31:35.0582 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/02 23:31:35.0675 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/02 23:31:35.0727 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/11/02 23:31:35.0763 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/11/02 23:31:35.0843 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/02 23:31:35.0887 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/11/02 23:31:35.0968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/11/02 23:31:36.0008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/11/02 23:31:36.0078 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/02 23:31:36.0166 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/02 23:31:36.0220 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/11/02 23:31:36.0428 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/11/02 23:31:36.0500 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/11/02 23:31:36.0606 Inspect (1d79596c08a0153335021ade850a0710) C:\Windows\system32\DRIVERS\inspect.sys
    2010/11/02 23:31:36.0677 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/11/02 23:31:36.0732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/02 23:31:36.0819 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/02 23:31:36.0896 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/11/02 23:31:36.0934 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/11/02 23:31:36.0973 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/11/02 23:31:37.0015 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/11/02 23:31:37.0097 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/02 23:31:37.0136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/11/02 23:31:37.0171 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/11/02 23:31:37.0236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/02 23:31:37.0313 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/02 23:31:37.0397 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/02 23:31:37.0519 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/11/02 23:31:37.0599 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/11/02 23:31:37.0651 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/11/02 23:31:37.0690 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/11/02 23:31:37.0732 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/02 23:31:37.0790 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/11/02 23:31:37.0839 LUsbFilt (ff1c2f90d40a2e52649937854e175987) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2010/11/02 23:31:37.0911 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/11/02 23:31:37.0984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/11/02 23:31:38.0045 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
    2010/11/02 23:31:38.0113 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/02 23:31:38.0209 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/02 23:31:38.0248 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/02 23:31:38.0276 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/02 23:31:38.0322 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/11/02 23:31:38.0360 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/02 23:31:38.0414 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/11/02 23:31:38.0483 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/02 23:31:38.0559 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/02 23:31:38.0624 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/02 23:31:38.0695 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/02 23:31:38.0730 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2010/11/02 23:31:38.0765 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/11/02 23:31:38.0830 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/11/02 23:31:38.0882 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/11/02 23:31:38.0956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/02 23:31:39.0000 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/02 23:31:39.0024 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/02 23:31:39.0097 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/02 23:31:39.0145 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/02 23:31:39.0170 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/02 23:31:39.0207 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/11/02 23:31:39.0288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/02 23:31:39.0373 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/11/02 23:31:39.0435 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/02 23:31:39.0480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/02 23:31:39.0543 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/02 23:31:39.0588 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/02 23:31:39.0633 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/02 23:31:39.0708 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/02 23:31:39.0816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/02 23:31:39.0864 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/11/02 23:31:39.0913 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/02 23:31:40.0019 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/02 23:31:40.0061 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/11/02 23:31:40.0099 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/11/02 23:31:40.0144 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/11/02 23:31:40.0172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/11/02 23:31:40.0239 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/02 23:31:40.0343 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/02 23:31:40.0417 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/11/02 23:31:40.0484 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/11/02 23:31:40.0540 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/11/02 23:31:40.0636 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/11/02 23:31:40.0685 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2010/11/02 23:31:40.0736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/11/02 23:31:40.0802 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/11/02 23:31:40.0868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/11/02 23:31:41.0030 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/02 23:31:41.0075 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/11/02 23:31:41.0151 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/02 23:31:41.0244 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/11/02 23:31:41.0284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/02 23:31:41.0356 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/02 23:31:41.0442 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/02 23:31:41.0536 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/02 23:31:41.0612 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/02 23:31:41.0678 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/02 23:31:41.0768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/02 23:31:41.0824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/02 23:31:41.0889 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/02 23:31:41.0915 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/02 23:31:41.0975 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/02 23:31:42.0109 RTL8169 (2dd5dd25fb68975d094ae57d46097f48) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2010/11/02 23:31:42.0181 RTL8187B (73284ef4fdeb8d7ab36b6b4714db393e) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2010/11/02 23:31:42.0270 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/02 23:31:42.0343 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
    2010/11/02 23:31:42.0406 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/02 23:31:42.0479 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/11/02 23:31:42.0517 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/11/02 23:31:42.0581 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/11/02 23:31:42.0663 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/02 23:31:42.0697 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/11/02 23:31:42.0728 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/02 23:31:42.0762 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/02 23:31:42.0818 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/11/02 23:31:42.0844 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/11/02 23:31:42.0891 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/11/02 23:31:42.0963 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/02 23:31:43.0050 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/11/02 23:31:43.0182 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/02 23:31:43.0277 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/02 23:31:43.0333 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/02 23:31:43.0414 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    2010/11/02 23:31:43.0505 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/02 23:31:43.0571 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/11/02 23:31:43.0607 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/11/02 23:31:43.0657 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/11/02 23:31:43.0706 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/11/02 23:31:43.0832 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/11/02 23:31:43.0898 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/02 23:31:43.0956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/02 23:31:44.0023 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/02 23:31:44.0084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/02 23:31:44.0152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/02 23:31:44.0226 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/02 23:31:44.0346 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/02 23:31:44.0410 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/11/02 23:31:44.0490 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/02 23:31:44.0543 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/11/02 23:31:44.0615 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/02 23:31:44.0686 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/11/02 23:31:44.0723 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/11/02 23:31:44.0764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/11/02 23:31:44.0803 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/11/02 23:31:44.0864 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/02 23:31:44.0960 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
    2010/11/02 23:31:45.0024 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/02 23:31:45.0060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/11/02 23:31:45.0141 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/02 23:31:45.0227 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/02 23:31:45.0264 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/11/02 23:31:45.0333 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/02 23:31:45.0372 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/02 23:31:45.0439 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/02 23:31:45.0509 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
    2010/11/02 23:31:45.0581 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/02 23:31:45.0652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/11/02 23:31:45.0691 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/11/02 23:31:45.0722 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/11/02 23:31:45.0761 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/11/02 23:31:45.0828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/11/02 23:31:45.0901 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/02 23:31:45.0978 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/11/02 23:31:46.0027 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/02 23:31:46.0110 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/11/02 23:31:46.0181 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 23:31:46.0204 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 23:31:46.0270 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/11/02 23:31:46.0344 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/02 23:31:46.0510 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
    2010/11/02 23:31:46.0597 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/02 23:31:46.0677 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/11/02 23:31:46.0756 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/02 23:31:46.0856 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/02 23:31:47.0003 ================================================================================
    2010/11/02 23:31:47.0003 Scan finished
    2010/11/02 23:31:47.0003 ================================================================================
  19. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Very good :)
    Fresh MBAM, please.

    When done....delete your Combofix file, download fresh one and post new log.
  20. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Here is teh latest Malewarebytes scan (quick, should I have done a full?)

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5027

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    11/2/2010 11:43:52 PM
    mbam-log-2010-11-02 (23-43-52).txt

    Scan type: Quick scan
    Objects scanned: 180590
    Time elapsed: 9 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\WulfTop\AppData\Local\temp\20de7f05.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\Users\WulfTop\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
  21. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Good. Go on with Combofix.
  22. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    trying to run combofix and it seems to run to the very end but it stalls and freezes the computer at the last moment when it says it is creating a log. I have to hold the power button to reset the computer...maybe the logs are completed somewhere i'll search around otherwise I can try it in safemode maybe?
  23. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    ComboFix 10-11-02.03 - WulfTop 11/03/2010 7:54.7.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1087 [GMT -4:00]
    Running from: c:\users\WulfTop\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
    .

    2010-11-03 12:08 . 2010-11-03 12:09 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
    2010-11-03 12:08 . 2010-11-03 12:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-11-03 12:08 . 2010-11-03 12:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-11-03 12:08 . 2010-11-03 12:08 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
    2010-11-03 12:08 . 2010-11-03 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-03 12:08 . 2010-11-03 12:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-11-02 02:42 . 2010-11-02 02:42 -------- d-----w- C:\_OTL
    2010-11-02 02:28 . 2010-11-02 02:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 02:28 . 2010-11-02 02:28 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-11-01 04:59 . 2010-11-01 04:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Opera
    2010-11-01 04:55 . 2010-11-01 04:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
    2010-10-31 20:58 . 2010-10-31 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Logitech
    2010-10-26 16:51 . 2010-10-26 16:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Yahoo
    2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
    2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
    2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
    2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
    2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
    2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
    2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
    2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
    2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
    2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
    2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
    2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
    2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
    2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
    2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
    2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
    2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
    2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
    2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
    2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
    2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
    2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-02 21:59 . 2009-10-21 19:47 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
    2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
    2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    "PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
    "SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
    "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TaskTray"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *Deregistered* - ASPI32

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

    2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
    TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    MSConfigStartUp-svchost - c:\program files\Internet Explorer\svchost.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-03 08:08
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\WulfTop\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4724)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    Completion time: 2010-11-03 08:13:14
    ComboFix-quarantined-files.txt 2010-11-03 12:13
    ComboFix2.txt 2010-10-31 19:58
    ComboFix3.txt 2010-10-30 18:16
    ComboFix4.txt 2010-10-30 05:46

    Pre-Run: 19,195,162,624 bytes free
    Post-Run: 19,043,295,232 bytes free

    - - End Of File - - 17A56DC6E5C9E6CDB95449AA2121358E
  24. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Finally went through after deleting some PEV.cxxe file that avast detected as suspicious rootkit that seems related to combofix, but i'm not sure if it means anything. Speaking of which my avast doesn't seem to be updating properly...I might reinstall or it might be comodo blocking again I'll investigate.
  25. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    got avast to connect I had to change the update settings to direct connect from auto detect use internet explorer settings. Probably related to the internet connecting issue I had earlier when I was messing with the settings I'll see if I can revert back to the original and get it working stock.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.