TechSpot

Google redirects on Firefox searches, Malwarebytes useless

By athelander
Sep 24, 2010
  1. Hi guys, hoping for some help here. I picked up some malware on a legit site that I had been to hundreds of times, I later found out it was hacked temporarily and that's how I got infected. I've tried all the usual methods of removing it but I keep getting redirects on Google searches, and anytime I even run a Google search Avast gives me warning messages so I know it's still there. I ran Malwarebytes, GMER, and the DDS script and all the logs are below, however Malwarebytes didn't find anything.

    EDIT: Sorry about the split logs:-/

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4597

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    9/24/2010 5:47:47 PM
    mbam-log-2010-09-24 (17-47-47).txt

    Scan type: Quick scan
    Objects scanned: 147323
    Time elapsed: 5 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------------------------------------------------------------------------------

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-24 18:36:45
    Windows 6.0.6002 Service Pack 2
    Running: ryuuxyyz.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwlcrpob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA1960BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA19609D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA1960B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 82D6DDF0 7 Bytes JMP A1960B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DD928F 5 Bytes JMP A195C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82E32063 5 Bytes JMP A195DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82E33905 7 Bytes JMP A19609D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82E9390A 7 Bytes JMP A1960BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x807A2014]
    .text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xB08F5000, 0x2892, 0xE8000020]
    .vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xB0918050]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtProtectVirtualMemory 77A54D34 5 Bytes JMP 0093000A
    .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory 77A55674 5 Bytes JMP 0094000A
    .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!KiUserExceptionDispatcher 77A55DC8 5 Bytes JMP 006B000A
    .text C:\Windows\system32\svchost.exe[1164] ole32.dll!CoCreateInstance 76199EA6 5 Bytes JMP 00DC000A
    .text C:\Windows\system32\svchost.exe[1164] USER32.dll!GetCursorPos 76B90B88 5 Bytes JMP 0146000A
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 768CA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtProtectVirtualMemory 77A54D34 5 Bytes JMP 0087000A
    .text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtWriteVirtualMemory 77A55674 5 Bytes JMP 0088000A
    .text C:\Windows\Explorer.EXE[3368] ntdll.dll!KiUserExceptionDispatcher 77A55DC8 5 Bytes JMP 0086000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00010002
    IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00010000
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7429F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7429E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7429FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7429FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7432CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7429D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74296853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7429687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5aa1c4
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\System32\drivers\volmgrx.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
  2. athelander

    athelander TS Rookie Topic Starter

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Andrew at 18:43:18.73 on Fri 09/24/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1329 [GMT -7:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\aestsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Andrew\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
    mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
    mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
    mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunServices: [936865] c:\users\andrew\appdata\local\936865.exe
    mRunServices: [msadrh15msador156.0.6000.16386.0611012205] c:\program files\common files\system\ado\systemmsadox6.0.6002.180052.0904101830.exe
    mRunServices: [QuickTimeQuickTimeWebHelper] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\sv.lproj\quicktimewebhelperquicktime.exe
    mRunServices: [SystemInfoFxControlsresources] c:\program files\hewlett-packard\hp system information\fi-fi\resourcessysteminfofxcontrols3.1.9.1.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\tysc4mfk.default\
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071705000014.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
     
  3. athelander

    athelander TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/29/2009 12:25:45 PM
    System Uptime: 9/24/2010 4:27:48 PM (2 hours ago)

    Motherboard: Quanta | | 3627
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 222 GiB total, 113.653 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.85 GiB free.
    E: is CDROM (UDF)
    G: is FIXED (NTFS) - 932 GiB total, 680.44 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0001
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0001
    Service: tunnel

    ==== System Restore Points ===================


    ==== Installed Programs ======================


    µTorrent
    7-Zip 4.65
    AC3Filter (remove only)
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Adobe Shockwave Player
    ArcSoft PhotoStudio 5.5
    ASIO4ALL
    Audacity 1.2.6
    avast! Free Antivirus
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    Camtasia Studio 7
    CCleaner (remove only)
    CyberLink DVD Suite
    D4300
    D4300_Help
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DJ_SF_03_D4300_ProductContext
    DJ_SF_03_D4300_Software
    DJ_SF_03_D4300_Software_Min
    Easy-WebPrint
    ESU for Microsoft Vista
    Exact Audio Copy 0.99pb3
    FL Studio 9
    foobar2000 v1.0.2.1
    Full Tilt Poker
    gen_msn_adv 1.1
    GIMP 2.6.8
    Hardcore
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Common Access Service Library
    HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart Webcam
    HP Quick Launch Buttons 6.40 L1
    HP Smart Web Printing
    HP User Guides 0126
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    I-Doser v4
    IDT Audio
    IL Download Manager
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 7
    JDownloader
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes' Anti-Malware
    MediaMonkey 3.2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Move Media Player
    Mozilla Firefox (3.6.9)
    Mp3tag v2.45a
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    PeerGuardian 2.0
    PoiZone
    PokerStars
    PokerStove version 1.23
    PokerTracker 3 (remove only)
    PostgreSQL 8.3
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    QuickTime
    Rainmeter (remove only)
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Sakura
    Sawer
    ScanSoft OmniPage SE 4.0
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrintingOC
    Spectro
    Spek
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Synaptics Pointing Device Driver
    Toolbox
    Toxic Biohazard
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.17
    WebReg
    Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    X-Chat 2.8.6-2
    Zune

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. athelander

    athelander TS Rookie Topic Starter

    Thanks for the help Broni:) I ran TDSS Killer and it picked up a rootkit, here's the log. Tried a few google searches and no Avast warnings and no redirects (so far).

    2010/09/24 21:50:57.0623 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
    2010/09/24 21:50:57.0623 ================================================================================
    2010/09/24 21:50:57.0623 SystemInfo:
    2010/09/24 21:50:57.0623
    2010/09/24 21:50:57.0623 OS Version: 6.0.6002 ServicePack: 2.0
    2010/09/24 21:50:57.0623 Product type: Workstation
    2010/09/24 21:50:57.0624 ComputerName: ANDREWPC
    2010/09/24 21:50:57.0624 UserName: Andrew
    2010/09/24 21:50:57.0624 Windows directory: C:\Windows
    2010/09/24 21:50:57.0624 System windows directory: C:\Windows
    2010/09/24 21:50:57.0624 Processor architecture: Intel x86
    2010/09/24 21:50:57.0624 Number of processors: 2
    2010/09/24 21:50:57.0624 Page size: 0x1000
    2010/09/24 21:50:57.0624 Boot type: Normal boot
    2010/09/24 21:50:57.0624 ================================================================================
    2010/09/24 21:50:58.0068 Initialize success
    2010/09/24 21:51:05.0094 ================================================================================
    2010/09/24 21:51:05.0094 Scan started
    2010/09/24 21:51:05.0094 Mode: Manual;
    2010/09/24 21:51:05.0094 ================================================================================
    2010/09/24 21:51:05.0597 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2010/09/24 21:51:05.0652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/09/24 21:51:05.0750 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/09/24 21:51:05.0847 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/09/24 21:51:05.0935 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/09/24 21:51:05.0957 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/09/24 21:51:06.0126 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/09/24 21:51:06.0229 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/09/24 21:51:06.0260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/09/24 21:51:06.0287 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    2010/09/24 21:51:06.0313 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/09/24 21:51:06.0344 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    2010/09/24 21:51:06.0375 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/09/24 21:51:06.0402 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/09/24 21:51:06.0494 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/09/24 21:51:06.0514 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/09/24 21:51:06.0599 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/09/24 21:51:06.0730 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/09/24 21:51:06.0814 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/09/24 21:51:06.0964 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/09/24 21:51:06.0996 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/09/24 21:51:07.0098 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/09/24 21:51:07.0197 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/09/24 21:51:07.0412 BCM43XX (b9dce12ea5d337975c444787b66bbfde) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/09/24 21:51:07.0561 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/09/24 21:51:07.0674 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/09/24 21:51:07.0717 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/09/24 21:51:08.0007 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/09/24 21:51:08.0029 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/09/24 21:51:08.0117 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/09/24 21:51:08.0142 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/09/24 21:51:08.0170 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/09/24 21:51:08.0206 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/09/24 21:51:08.0304 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2010/09/24 21:51:08.0411 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/09/24 21:51:08.0539 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2010/09/24 21:51:08.0603 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2010/09/24 21:51:08.0700 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2010/09/24 21:51:08.0809 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
    2010/09/24 21:51:08.0876 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
    2010/09/24 21:51:08.0918 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
    2010/09/24 21:51:08.0952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/09/24 21:51:09.0052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/09/24 21:51:09.0090 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    2010/09/24 21:51:09.0137 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/09/24 21:51:09.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/09/24 21:51:09.0287 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    2010/09/24 21:51:09.0340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/09/24 21:51:09.0366 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/09/24 21:51:09.0423 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/09/24 21:51:09.0534 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/09/24 21:51:09.0684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/09/24 21:51:09.0794 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/09/24 21:51:09.0882 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/09/24 21:51:10.0021 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/09/24 21:51:10.0117 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/09/24 21:51:10.0177 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/09/24 21:51:10.0228 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
    2010/09/24 21:51:10.0324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/09/24 21:51:10.0479 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/09/24 21:51:10.0556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/09/24 21:51:10.0691 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/09/24 21:51:10.0799 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/09/24 21:51:10.0822 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/09/24 21:51:10.0866 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/09/24 21:51:10.0916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/09/24 21:51:10.0994 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/09/24 21:51:11.0048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/09/24 21:51:11.0147 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/09/24 21:51:11.0213 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/09/24 21:51:11.0245 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/09/24 21:51:11.0295 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    2010/09/24 21:51:11.0387 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/09/24 21:51:11.0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/09/24 21:51:11.0588 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2010/09/24 21:51:11.0751 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
     
  6. athelander

    athelander TS Rookie Topic Starter

    2010/09/24 21:51:11.0867 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/09/24 21:51:11.0902 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/09/24 21:51:11.0982 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/09/24 21:51:12.0025 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/09/24 21:51:12.0181 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/09/24 21:51:12.0290 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/09/24 21:51:12.0341 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
    2010/09/24 21:51:12.0432 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    2010/09/24 21:51:12.0462 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/09/24 21:51:12.0574 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/09/24 21:51:12.0639 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/09/24 21:51:12.0670 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/09/24 21:51:12.0706 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/09/24 21:51:12.0736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/09/24 21:51:12.0794 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/09/24 21:51:12.0823 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/09/24 21:51:12.0841 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/09/24 21:51:12.0881 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/09/24 21:51:12.0972 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/09/24 21:51:13.0157 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/09/24 21:51:13.0309 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/09/24 21:51:13.0362 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2010/09/24 21:51:13.0383 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2010/09/24 21:51:13.0406 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/09/24 21:51:13.0430 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/09/24 21:51:13.0466 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2010/09/24 21:51:13.0489 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2010/09/24 21:51:13.0530 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/09/24 21:51:13.0626 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/09/24 21:51:13.0651 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/09/24 21:51:13.0676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/09/24 21:51:13.0704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/09/24 21:51:13.0741 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2010/09/24 21:51:13.0778 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/09/24 21:51:13.0814 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/09/24 21:51:13.0882 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/09/24 21:51:13.0929 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/09/24 21:51:13.0958 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/09/24 21:51:13.0984 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/09/24 21:51:14.0082 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2010/09/24 21:51:14.0119 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2010/09/24 21:51:14.0185 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/09/24 21:51:14.0260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/09/24 21:51:14.0312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/09/24 21:51:14.0398 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/09/24 21:51:14.0419 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/09/24 21:51:14.0474 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/09/24 21:51:14.0511 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/09/24 21:51:14.0542 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/09/24 21:51:14.0596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/09/24 21:51:14.0668 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/09/24 21:51:14.0770 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/09/24 21:51:14.0911 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/09/24 21:51:14.0935 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/09/24 21:51:14.0985 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/09/24 21:51:15.0016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/09/24 21:51:15.0105 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/09/24 21:51:15.0171 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/09/24 21:51:15.0345 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2010/09/24 21:51:15.0441 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/09/24 21:51:15.0484 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/09/24 21:51:15.0526 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/09/24 21:51:15.0610 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/09/24 21:51:15.0670 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/09/24 21:51:15.0700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/09/24 21:51:15.0729 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2010/09/24 21:51:15.0753 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2010/09/24 21:51:15.0781 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2010/09/24 21:51:15.0874 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/09/24 21:51:15.0978 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/09/24 21:51:16.0032 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/09/24 21:51:16.0075 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/09/24 21:51:16.0187 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/09/24 21:51:16.0219 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    2010/09/24 21:51:16.0259 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/09/24 21:51:16.0363 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/09/24 21:51:16.0533 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
    2010/09/24 21:51:16.0723 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/09/24 21:51:16.0751 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2010/09/24 21:51:16.0812 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/09/24 21:51:16.0903 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2010/09/24 21:51:16.0960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/09/24 21:51:16.0994 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/09/24 21:51:17.0025 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/09/24 21:51:17.0064 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/09/24 21:51:17.0120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/09/24 21:51:17.0157 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/09/24 21:51:17.0207 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/09/24 21:51:17.0278 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/09/24 21:51:17.0316 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2010/09/24 21:51:17.0359 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/09/24 21:51:17.0428 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/09/24 21:51:17.0551 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2010/09/24 21:51:17.0612 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/09/24 21:51:17.0742 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2010/09/24 21:51:17.0785 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
    2010/09/24 21:51:17.0864 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/09/24 21:51:17.0921 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/09/24 21:51:17.0977 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/09/24 21:51:18.0013 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/09/24 21:51:18.0041 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/09/24 21:51:18.0068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/09/24 21:51:18.0118 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2010/09/24 21:51:18.0149 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/09/24 21:51:18.0170 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2010/09/24 21:51:18.0202 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/09/24 21:51:18.0239 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2010/09/24 21:51:18.0267 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2010/09/24 21:51:18.0288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2010/09/24 21:51:18.0355 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/09/24 21:51:18.0497 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/09/24 21:51:18.0562 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2010/09/24 21:51:18.0589 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2010/09/24 21:51:18.0670 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/09/24 21:51:18.0826 STHDA (9aefc1bc01e03a4afb8e718fc2f72c10) C:\Windows\system32\DRIVERS\stwrt.sys
    2010/09/24 21:51:18.0927 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/09/24 21:51:18.0964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/09/24 21:51:18.0998 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/09/24 21:51:19.0018 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/09/24 21:51:19.0172 SynTP (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/09/24 21:51:19.0278 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/09/24 21:51:19.0344 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/09/24 21:51:19.0399 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/09/24 21:51:19.0439 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/09/24 21:51:19.0467 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/09/24 21:51:19.0520 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/09/24 21:51:19.0611 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/09/24 21:51:19.0709 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/09/24 21:51:19.0794 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/09/24 21:51:19.0869 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/09/24 21:51:19.0925 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2010/09/24 21:51:19.0971 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/09/24 21:51:20.0023 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2010/09/24 21:51:20.0056 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2010/09/24 21:51:20.0091 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/09/24 21:51:20.0121 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/09/24 21:51:20.0140 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/09/24 21:51:20.0189 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/09/24 21:51:20.0218 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/09/24 21:51:20.0311 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/09/24 21:51:20.0353 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/09/24 21:51:20.0387 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/09/24 21:51:20.0430 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/09/24 21:51:20.0468 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/09/24 21:51:20.0503 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/09/24 21:51:20.0535 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/09/24 21:51:20.0643 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2010/09/24 21:51:20.0746 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/09/24 21:51:20.0775 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/09/24 21:51:20.0801 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2010/09/24 21:51:20.0828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2010/09/24 21:51:20.0907 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    2010/09/24 21:51:20.0932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/09/24 21:51:20.0986 volmgrx (78da3cecf76799f20cfd75c617446ab8) C:\Windows\system32\drivers\volmgrx.sys
    2010/09/24 21:51:20.0989 Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 78da3cecf76799f20cfd75c617446ab8, Fake md5: 23e41b834759917bfd6b9a0d625d0c28
    2010/09/24 21:51:20.0995 volmgrx - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/09/24 21:51:21.0041 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/09/24 21:51:21.0076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2010/09/24 21:51:21.0115 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/09/24 21:51:21.0141 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/09/24 21:51:21.0190 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/09/24 21:51:21.0251 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2010/09/24 21:51:21.0329 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/09/24 21:51:21.0604 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
    2010/09/24 21:51:21.0709 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/09/24 21:51:21.0835 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/09/24 21:51:22.0022 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/09/24 21:51:22.0077 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/09/24 21:51:22.0194 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    2010/09/24 21:51:22.0365 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
    2010/09/24 21:51:22.0462 =============================================================================
    2010/09/24 21:51:22.0462 Scan finished
    2010/09/24 21:51:22.0462
     
  7. athelander

    athelander TS Rookie Topic Starter

    Thanks for the help Broni. I ran TDSS Killer and it picked up a rootkit. Tried a few Google searches and no Avast warnings and no redirects (so far). Here's the log.

    2010/09/24 21:50:57.0623 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
    2010/09/24 21:50:57.0623 ================================================================================
    2010/09/24 21:50:57.0623 SystemInfo:
    2010/09/24 21:50:57.0623
    2010/09/24 21:50:57.0623 OS Version: 6.0.6002 ServicePack: 2.0
    2010/09/24 21:50:57.0623 Product type: Workstation
    2010/09/24 21:50:57.0624 ComputerName: ANDREWPC
    2010/09/24 21:50:57.0624 UserName: Andrew
    2010/09/24 21:50:57.0624 Windows directory: C:\Windows
    2010/09/24 21:50:57.0624 System windows directory: C:\Windows
    2010/09/24 21:50:57.0624 Processor architecture: Intel x86
    2010/09/24 21:50:57.0624 Number of processors: 2
    2010/09/24 21:50:57.0624 Page size: 0x1000
    2010/09/24 21:50:57.0624 Boot type: Normal boot
    2010/09/24 21:50:57.0624 ================================================================================
    2010/09/24 21:50:58.0068 Initialize success
    2010/09/24 21:51:05.0094 ================================================================================
    2010/09/24 21:51:05.0094 Scan started
    2010/09/24 21:51:05.0094 Mode: Manual;
    2010/09/24 21:51:05.0094 ================================================================================
    2010/09/24 21:51:05.0597 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2010/09/24 21:51:05.0652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/09/24 21:51:05.0750 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/09/24 21:51:05.0847 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/09/24 21:51:05.0935 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/09/24 21:51:05.0957 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/09/24 21:51:06.0126 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/09/24 21:51:06.0229 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/09/24 21:51:06.0260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/09/24 21:51:06.0287 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    2010/09/24 21:51:06.0313 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/09/24 21:51:06.0344 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    2010/09/24 21:51:06.0375 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/09/24 21:51:06.0402 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/09/24 21:51:06.0494 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/09/24 21:51:06.0514 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/09/24 21:51:06.0599 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/09/24 21:51:06.0730 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/09/24 21:51:06.0814 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/09/24 21:51:06.0964 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/09/24 21:51:06.0996 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/09/24 21:51:07.0098 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/09/24 21:51:07.0197 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/09/24 21:51:07.0412 BCM43XX (b9dce12ea5d337975c444787b66bbfde) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/09/24 21:51:07.0561 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/09/24 21:51:07.0674 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/09/24 21:51:07.0717 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/09/24 21:51:08.0007 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/09/24 21:51:08.0029 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/09/24 21:51:08.0117 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/09/24 21:51:08.0142 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/09/24 21:51:08.0170 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/09/24 21:51:08.0206 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/09/24 21:51:08.0304 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2010/09/24 21:51:08.0411 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/09/24 21:51:08.0539 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2010/09/24 21:51:08.0603 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2010/09/24 21:51:08.0700 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2010/09/24 21:51:08.0809 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
    2010/09/24 21:51:08.0876 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
    2010/09/24 21:51:08.0918 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
    2010/09/24 21:51:08.0952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/09/24 21:51:09.0052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/09/24 21:51:09.0090 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    2010/09/24 21:51:09.0137 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/09/24 21:51:09.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/09/24 21:51:09.0287 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    2010/09/24 21:51:09.0340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/09/24 21:51:09.0366 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/09/24 21:51:09.0423 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/09/24 21:51:09.0534 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/09/24 21:51:09.0684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/09/24 21:51:09.0794 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/09/24 21:51:09.0882 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/09/24 21:51:10.0021 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/09/24 21:51:10.0117 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/09/24 21:51:10.0177 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/09/24 21:51:10.0228 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
    2010/09/24 21:51:10.0324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/09/24 21:51:10.0479 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/09/24 21:51:10.0556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/09/24 21:51:10.0691 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/09/24 21:51:10.0799 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/09/24 21:51:10.0822 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/09/24 21:51:10.0866 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/09/24 21:51:10.0916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/09/24 21:51:10.0994 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/09/24 21:51:11.0048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/09/24 21:51:11.0147 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/09/24 21:51:11.0213 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/09/24 21:51:11.0245 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/09/24 21:51:11.0295 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    2010/09/24 21:51:11.0387 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/09/24 21:51:11.0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/09/24 21:51:11.0588 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2010/09/24 21:51:11.0751 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2010/09/24 21:51:11.0867 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/09/24 21:51:11.0902 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/09/24 21:51:11.0982 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/09/24 21:51:12.0025 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/09/24 21:51:12.0181 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/09/24 21:51:12.0290 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/09/24 21:51:12.0341 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
    2010/09/24 21:51:12.0432 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    2010/09/24 21:51:12.0462 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/09/24 21:51:12.0574 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/09/24 21:51:12.0639 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/09/24 21:51:12.0670 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/09/24 21:51:12.0706 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/09/24 21:51:12.0736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/09/24 21:51:12.0794 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/09/24 21:51:12.0823 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/09/24 21:51:12.0841 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I'm glad to hear good news :)

    We'll keep checking, if nothing else is hiding out there.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  9. athelander

    athelander TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 205):
    0x82C07000 \SystemRoot\system32\ntkrnlpa.exe
    0x82FC0000 \SystemRoot\system32\hal.dll
    0x8040F000 \SystemRoot\system32\kdcom.dll
    0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80486000 \SystemRoot\system32\PSHED.dll
    0x80497000 \SystemRoot\system32\BOOTVID.dll
    0x8049F000 \SystemRoot\system32\CLFS.SYS
    0x804E0000 \SystemRoot\system32\CI.dll
    0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8067F000 \SystemRoot\system32\drivers\acpi.sys
    0x806C5000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806CE000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806D6000 \SystemRoot\system32\drivers\pci.sys
    0x806FD000 \SystemRoot\system32\drivers\isapnp.sys
    0x8070C000 \SystemRoot\system32\drivers\mpio.sys
    0x80728000 \SystemRoot\System32\drivers\partmgr.sys
    0x80737000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8073A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x80744000 \SystemRoot\system32\drivers\volmgr.sys
    0x80753000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8079D000 \SystemRoot\system32\drivers\intelide.sys
    0x807A4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x807B2000 \SystemRoot\system32\drivers\aliide.sys
    0x807B9000 \SystemRoot\system32\drivers\amdide.sys
    0x807C0000 \SystemRoot\system32\drivers\cmdide.sys
    0x807C8000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807D8000 \SystemRoot\system32\drivers\msdsm.sys
    0x805C0000 \SystemRoot\system32\drivers\nvraid.sys
    0x805DB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807F2000 \SystemRoot\system32\drivers\pciide.sys
    0x80400000 \SystemRoot\system32\drivers\viaide.sys
    0x80C0C000 \SystemRoot\system32\drivers\iastorv.sys
    0x80CAD000 \SystemRoot\system32\drivers\atapi.sys
    0x80CB5000 \SystemRoot\system32\drivers\ataport.SYS
    0x80CD3000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x80CED000 \SystemRoot\system32\drivers\storport.sys
    0x80D2E000 \SystemRoot\system32\drivers\msahci.sys
    0x80D38000 \SystemRoot\system32\drivers\hpcisss.sys
    0x80D43000 \SystemRoot\system32\drivers\adp94xx.sys
    0x80DAD000 \SystemRoot\system32\drivers\adpahci.sys
    0x80E0B000 \SystemRoot\system32\drivers\adpu160m.sys
    0x80E26000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x80E4C000 \SystemRoot\system32\drivers\adpu320.sys
    0x80E72000 \SystemRoot\system32\drivers\djsvs.sys
    0x80E86000 \SystemRoot\system32\drivers\arc.sys
    0x80E9C000 \SystemRoot\system32\drivers\arcsas.sys
    0x80EB2000 \SystemRoot\system32\drivers\elxstor.sys
    0x80F46000 \SystemRoot\system32\drivers\i2omp.sys
    0x80F50000 \SystemRoot\system32\drivers\iirsp.sys
    0x80F60000 \SystemRoot\system32\drivers\iteatapi.sys
    0x80F6C000 \SystemRoot\system32\drivers\iteraid.sys
    0x80F78000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x80F92000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x80FAA000 \SystemRoot\system32\drivers\megasas.sys
    0x83204000 \SystemRoot\system32\drivers\megasr.sys
    0x832BB000 \SystemRoot\system32\drivers\mraid35x.sys
    0x832C6000 \SystemRoot\system32\drivers\nfrd960.sys
    0x832D4000 \SystemRoot\system32\drivers\nvstor.sys
    0x8B20E000 \SystemRoot\system32\drivers\ql2300.sys
    0x8B346000 \SystemRoot\system32\drivers\ql40xx.sys
    0x8B39B000 \SystemRoot\system32\drivers\sisraid2.sys
    0x8B3A8000 \SystemRoot\system32\drivers\sisraid4.sys
    0x8B3BD000 \SystemRoot\system32\drivers\symc8xx.sys
    0x8B3C9000 \SystemRoot\system32\drivers\sym_hi.sys
    0x8B3D4000 \SystemRoot\system32\drivers\sym_u3.sys
    0x832E1000 \SystemRoot\system32\drivers\uliahci.sys
    0x8B3DF000 \SystemRoot\system32\drivers\ulsata.sys
    0x8331D000 \SystemRoot\system32\drivers\ulsata2.sys
    0x83349000 \SystemRoot\system32\drivers\vsmraid.sys
    0x8336A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8339C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B40F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B480000 \SystemRoot\system32\drivers\ndis.sys
    0x8B58B000 \SystemRoot\system32\drivers\msrpc.sys
    0x8B5B6000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B60A000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B6F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B802000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B912000 \SystemRoot\system32\drivers\wd.sys
    0x8B91A000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B953000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B95B000 \SystemRoot\system32\drivers\sbp2port.sys
    0x8B970000 \SystemRoot\System32\Drivers\mup.sys
    0x8B97F000 \SystemRoot\System32\drivers\ecache.sys
    0x8B9A6000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x8B9AF000 \SystemRoot\system32\drivers\disk.sys
    0x8B9C0000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8B9EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8B9F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8B70F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8B71E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F204000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8F8FF000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F9A0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F9AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8F9B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8B722000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B731000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8FC06000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8FD4E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8FD70000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8FD83000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x8FD88000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8FD93000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8FDC3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8FDC5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8FDD0000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x8FDE8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F9F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8B7BE000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x8B7C9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8B5F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x833AC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8B400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x833C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x833E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x80FB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x80FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x80FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FC00000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FE09000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FE33000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x8FE41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FE4B000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FE58000 \SystemRoot\System32\drivers\vga.sys
    0x8FE64000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FE85000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x8FE94000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FEC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FEDA000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x8FF3E000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x8FF6B000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x8FF90000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x8FFB1000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x8FFBC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8FFCC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FFD3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8FFDC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8FFE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FFED000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FFF4000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8B7F8000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B200000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x80FED000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B600000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xA1001000 \SystemRoot\system32\DRIVERS\tdx.sys
    0xA1017000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA1021000 \SystemRoot\system32\DRIVERS\smb.sys
    0xA1035000 \SystemRoot\system32\drivers\afd.sys
    0xA107D000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xA1082000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xA10B4000 \SystemRoot\system32\DRIVERS\pacer.sys
    0xA10CA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA10D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA10EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA1127000 \SystemRoot\system32\drivers\nsiproxy.sys
    0xA1131000 \SystemRoot\System32\Drivers\dfsc.sys
    0xA1148000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xA116F000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0xA1182000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA1199000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA11A2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA11B7000 \SystemRoot\system32\DRIVERS\udfs.sys
    0xA11F2000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8B9C9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8B9D4000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0xA860C000 \SystemRoot\System32\Drivers\usbvideo.sys
    0xA862D000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0xA863A000 \SystemRoot\System32\Drivers\bthport.sys
    0xA86BA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0xA86E3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0xA94E0000 \SystemRoot\System32\win32k.sys
    0xA86ED000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA86F7000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0xA8711000 \SystemRoot\system32\drivers\btwavdt.sys
    0xA877C000 \SystemRoot\system32\drivers\btwaudio.sys
    0xA87FC000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0xA9700000 \SystemRoot\System32\TSDDD.dll
    0xA9720000 \SystemRoot\System32\cdd.dll
    0xAAA0B000 \SystemRoot\system32\drivers\luafv.sys
    0xAAA26000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0xAAA5D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xAAA60000 \SystemRoot\system32\drivers\WudfPf.sys
    0xAAA7A000 \SystemRoot\system32\drivers\spsys.sys
    0xAAB2A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xAAB3A000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xAAB64000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAAB6E000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xAAB81000 \SystemRoot\system32\drivers\HTTP.sys
    0xB060F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xB062C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xB0645000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xB065A000 \SystemRoot\system32\drivers\mrxdav.sys
    0xB067B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB069A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xB06D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xB06EB000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xB0712000 \SystemRoot\System32\DRIVERS\srv.sys
    0xB0C06000 \SystemRoot\system32\drivers\peauth.sys
    0xB0CE4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB0CEE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB0CFA000 \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
    0x777D0000 \Windows\System32\ntdll.dll

    Processes (total 76):
    0 System Idle Process
    4 System
    488 C:\Windows\System32\smss.exe
    564 csrss.exe
    612 C:\Windows\System32\wininit.exe
    624 csrss.exe
    656 C:\Windows\System32\services.exe
    668 C:\Windows\System32\lsass.exe
    676 C:\Windows\System32\lsm.exe
    776 C:\Windows\System32\winlogon.exe
    868 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\stacsv.exe
    1236 C:\Windows\System32\audiodg.exe
    1392 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\SLsvc.exe
    1500 C:\Windows\System32\svchost.exe
    1596 C:\Windows\System32\hpservice.exe
    1668 C:\Windows\System32\svchost.exe
    1820 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1840 C:\Windows\System32\wlanext.exe
    500 C:\Windows\System32\spoolsv.exe
    536 C:\Windows\System32\svchost.exe
    540 C:\Windows\System32\taskeng.exe
    512 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\AEstSrv.exe
    1676 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    1368 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2332 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    2396 C:\Windows\System32\svchost.exe
    2408 C:\Program Files\SMINST\BLService.exe
    2452 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2460 postgres.exe
    2484 C:\Windows\System32\svchost.exe
    2536 C:\Windows\System32\svchost.exe
    2556 C:\Windows\System32\SearchIndexer.exe
    2716 postgres.exe
    2832 postgres.exe
    2844 postgres.exe
    2852 postgres.exe
    2860 postgres.exe
    2268 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4044 C:\Windows\System32\taskeng.exe
    2908 C:\Windows\System32\dwm.exe
    4080 C:\Windows\explorer.exe
    3556 C:\Windows\System32\hkcmd.exe
    3820 C:\Windows\System32\igfxpers.exe
    3956 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4056 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    3580 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    2232 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    3412 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3444 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3824 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    2360 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1124 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3972 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1512 C:\Program Files\uTorrent\uTorrent.exe
    3536 C:\Program Files\Rainmeter\Rainmeter.exe
    2476 C:\Windows\ehome\ehtray.exe
    2236 C:\Windows\ehome\ehmsas.exe
    892 C:\Windows\System32\igfxsrvc.exe
    3320 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    3844 WmiPrvSE.exe
    1736 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    2164 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    4612 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4608 C:\Program Files\MediaMonkey\MediaMonkey.exe
    4664 C:\Program Files\Mozilla Firefox\firefox.exe
    1780 C:\Windows\System32\SearchProtocolHost.exe
    5788 C:\Users\Andrew\Desktop\MBRCheck.exe
    5608 C:\Windows\System32\SearchFilterHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`6bc00000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: ST9250320AS, Rev: HP07
    PhysicalDrive1 Model Number: WDExt HDD 1021, Rev: 2002

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
    931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your MBR seems to be infected....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  11. athelander

    athelander TS Rookie Topic Starter

    Hey Broli, is there any possible way that I could boot from a flash drive instead of a CD? I don't have any blank CDs and I couldn't get any until Monday at the earliest. If it's not possible I understand.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Do you have Vista DVD by any chance?
     
  13. athelander

    athelander TS Rookie Topic Starter

    Unfortunately no. I'm at college currently and the disc would be at home.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You have two choices...
    Get a blank CD, or....
    If your BIOS support booting from USB flash drive, you could create Vista recovery disk as described here: http://www.windowsitpro.com/article/deployment/using-a-usb-flash-drive-to-recover-windows-vista.aspx

    When done....

    Boot from created disk.
    At first screen click on Repair your computer:
    [​IMG]
    This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  15. athelander

    athelander TS Rookie Topic Starter

    Hi Broli,

    I got some blank CDs and did as you requested. I got all the way down to selecting English as the default keyboard layout after booting from the CD, and then I got this error:

    "Can't open CD driver CDRCACH. SHSUCDX can't install."
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Dang! I've seen this error before, but I can't recall the solution...

    Shot it the dark...
    Is it CDR, or CDRW?
     
  17. athelander

    athelander TS Rookie Topic Starter

    It's a CDR.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I found this advice:
    Eventually reset BIOS to defaults.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...