TechSpot

Malware Infection - 8 Step Results

Inactive
By Sharpey09
Apr 3, 2011
Topic Status:
Not open for further replies.
  1. Hi Guys

    First of all. Thanks for this forum. I really appreciate you offering help voluntarily.

    I have been having some issues with malware in particular search hijackers. I have enclosed the logs as requested below.

    Malware Bytes Log


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6259

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    03/04/2011 20:52:42
    mbam-log-2011-04-03 (20-52-42).txt

    Scan type: Quick scan
    Objects scanned: 169855
    Time elapsed: 7 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER Log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-03 21:22:59
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHZ2160BH_G2 rev.00000009
    Running: uzknwox6.exe; Driver: C:\Users\PETERS~1\AppData\Local\Temp\uwlyikog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x9748E730]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x9748E7E0]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x9748E880]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x9748E920]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8305A589 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 83086AF8 4 Bytes [30, E7, 48, 97] {XOR BH, AH; DEC EAX; XCHG EDI, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83086DC8 8 Bytes [E0, E7, 48, 97, 80, E8, 48, ...] {LOOPNZ 0xffffffffffffffe9; DEC EAX; XCHG EDI, EAX; SUB AL, 0x48; XCHG EDI, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 82C 83086E3C 4 Bytes JMP A4410589
    ? System32\Drivers\spzw.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8F82FCA0 5 Bytes JMP 867E94E0
    .text axlwxl6a.SYS 8FC11000 12 Bytes [44, C8, 42, 83, EE, C6, 42, ...]
    .text axlwxl6a.SYS 8FC1100D 9 Bytes [A7, 42, 83, 48, CB, 42, 83, ...] {CMPSD ; INC EDX; OR DWORD [EAX-0x35], 0x42; ADD DWORD [EAX], 0x0}
    .text axlwxl6a.SYS 8FC11017 41 Bytes [00, DE, 27, 98, 83, E6, 25, ...]
    .text axlwxl6a.SYS 8FC11041 128 Bytes [F6, 07, 83, 60, F5, 07, 83, ...]
    .text axlwxl6a.SYS 8FC110C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF98D000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF98D123 629 Bytes [85, 98, AF, FE, 05, 34, 85, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF98D399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F AF98D3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 543B AF98D4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 770451C0 5 Bytes JMP 0054000A
    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtWriteVirtualMemory 77045D40 5 Bytes JMP 0055000A
    .text C:\Windows\system32\svchost.exe[1184] ntdll.dll!KiUserExceptionDispatcher 77046298 5 Bytes JMP 0018000A
    .text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoCreateInstance 759E590C 5 Bytes JMP 008F000A
    .text C:\Windows\Explorer.EXE[1752] ntdll.dll!NtProtectVirtualMemory 770451C0 5 Bytes JMP 00A0000A
    .text C:\Windows\Explorer.EXE[1752] ntdll.dll!NtWriteVirtualMemory 77045D40 5 Bytes JMP 00A1000A
    .text C:\Windows\Explorer.EXE[1752] ntdll.dll!KiUserExceptionDispatcher 77046298 5 Bytes JMP 0090000A
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3240] USER32.dll!TrackPopupMenu 76934B3B 4 Bytes JMP 62A32024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5084] ntdll.dll!NtProtectVirtualMemory 770451C0 5 Bytes JMP 0025000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5084] ntdll.dll!NtWriteVirtualMemory 77045D40 5 Bytes JMP 0037000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5084] ntdll.dll!KiUserExceptionDispatcher 77046298 5 Bytes JMP 0024000A

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83886042] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [838866D6] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83886800] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8388613E] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortNotification] 00147880
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortInitialize] 157B805E
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
    IAT \SystemRoot\System32\Drivers\axlwxl6a.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 855A81F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

    Device \Driver\volmgr \Device\VolMgrControl 855A31F8
    Device \Driver\usbuhci \Device\USBPDO-0 864D7500
    Device \Driver\usbuhci \Device\USBPDO-1 864D7500
    Device \Driver\usbuhci \Device\USBPDO-2 864D7500
    Device \Driver\sptd \Device\422399275 spzw.sys
    Device \Driver\usbehci \Device\USBPDO-3 8677C500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{D6996C8C-ACC4-46FA-968D-6D3804E8B818} 8644C1F8
    Device \Driver\usbuhci \Device\USBPDO-4 864D7500

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-5 864D7500
    Device \Driver\usbuhci \Device\USBPDO-6 864D7500
    Device \Driver\volmgr \Device\HarddiskVolume1 855A31F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\usbehci \Device\USBPDO-7 8677C500
    Device \Driver\volmgr \Device\HarddiskVolume2 855A31F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 8663D1F8
    Device \Driver\atapi \Device\Ide\IdePort0 855A51F8
    Device \Driver\atapi \Device\Ide\IdePort1 855A51F8
    Device \Driver\atapi \Device\Ide\IdePort2 855A51F8
    Device \Driver\atapi \Device\Ide\IdePort3 855A51F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855A51F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 855A61F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 855A61F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel4 855A61F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 855A61F8
    Device \Driver\cdrom \Device\CdRom1 8663D1F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8644C1F8
    Device \Driver\PCI_PNP1273 \Device\0000005a spzw.sys
    Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 864D7500
    Device \Driver\usbuhci \Device\USBFDO-1 864D7500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{3F55DAFF-4228-4CC8-A753-876E392EEBC5} 8644C1F8
    Device \Driver\usbuhci \Device\USBFDO-2 864D7500
    Device \Driver\usbehci \Device\USBFDO-3 8677C500
    Device \Driver\usbuhci \Device\USBFDO-4 864D7500
    Device \Driver\usbuhci \Device\USBFDO-5 864D7500
    Device \Driver\usbuhci \Device\USBFDO-6 864D7500
    Device \Driver\usbehci \Device\USBFDO-7 8677C500
    Device \Driver\axlwxl6a \Device\Scsi\axlwxl6a1Port4Path0Target0Lun0 86735500
    Device \Driver\axlwxl6a \Device\Scsi\axlwxl6a1 86735500
    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________00000009#5&576c5bc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b00026
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b00026@00249f878bed 0x6A 0x31 0x27 0x33 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x59 0xE0 0x96 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x11 0xF4 0xBC 0x3B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDF 0x99 0x8E 0x72 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b00026@00249f878bed 0x6A 0x31 0x27 0x33 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC8 0x5E 0xD7 0x53 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x11 0xF4 0xBC 0x3B ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDF 0x99 0x8E 0x72 ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0

    DDS

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Peter Sharpe at 21:23:36.46 on 03/04/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1913.730 [GMT 1:00]
    .
    AV: AVG Anti-Virus SBS Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus SBS Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\runservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\CyberLink\YouCam\YouCamTray.exe
    C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Peter Sharpe\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
    mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
    mRun: [Fujitsu OSD Utility] c:\progra~1\fujits~1\OSDUTI~1.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [HP Color LaserJet CM2320 MFP Series Fax] c:\program files\hp\hp color laserjet cm2320 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
    mRun: [<NO NAME>]
    mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    StartupFolder: c:\users\peters~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\peters~1\appdata\roaming\mozilla\firefox\profiles\h3o8tkt1.default\
    FF - prefs.js: browser.search.selectedEngine - AltaVista
    FF - prefs.js: browser.startup.homepage - hxxp://www.fenews.co.uk/
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-2-1 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-1 52872]
    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-1 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-1 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-1 243024]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-3-30 2560]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-2-1 122448]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-2-1 30288]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-2-1 20560]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-13 167424]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-13 167936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 29192]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2010-2-9 66560]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2010-2-9 107520]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2010-2-9 8064]
    S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-9-21 20504]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-8-26 25480]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-20 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-04-03 19:26:00 -------- d-----w- c:\progra~2\STOPzilla!
    2011-04-03 17:52:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-03 17:52:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-02 14:27:06 -------- d-----w- c:\users\peters~1\appdata\roaming\Malwarebytes
    2011-04-02 14:26:47 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-02 14:26:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-02 11:37:05 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-03-31 14:21:03 -------- d-----w- c:\users\peters~1\appdata\roaming\Faiz
    2011-03-29 23:11:42 -------- d-----w- c:\program files\IObit
    2011-03-29 09:23:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-29 09:23:35 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-03-27 11:44:30 -------- d-----w- c:\users\peters~1\appdata\local\Sunbelt Software
    2011-03-27 11:41:59 -------- dc-h--w- c:\progra~2\{8790345A-AF70-4319-B9E7-AAA25C6DCD42}
    2011-03-27 11:41:22 -------- d-----w- c:\program files\Lavasoft
    2011-03-23 20:01:42 -------- d-----w- c:\users\peters~1\appdata\roaming\Childish Things
    2011-03-23 19:58:41 -------- d-----w- c:\program files\Childish Things
    2011-03-19 22:33:59 -------- d-----w- c:\users\peters~1\appdata\roaming\eMusic
    2011-03-19 22:33:59 -------- d-----w- c:\users\peters~1\appdata\local\eMusic
    2011-03-19 22:33:51 -------- d-----w- c:\program files\eMusic Download Manager
    2011-03-15 11:32:07 -------- d--h--w- c:\progra~2\Common Files
    2011-03-10 09:37:18 1034240 ----a-w- c:\windows\system32\mstsc.exe
    .
    ==================== Find3M ====================
    .
    2011-04-03 19:57:04 1385 --sha-w- c:\windows\system32\mmf.sys
    2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: FUJITSU_MHZ2160BH_G2 rev.00000009 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86429439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8642f7d0]; MOV EAX, [0x8642f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x83053448] -> \Device\Harddisk0\DR0[0x8640B030]
    3 CLASSPNP[0x8919759E] -> ntkrnlpa!IofCallDriver[0x83053448] -> [0x8668D908]
    \Driver\atapi[0x8644BEB8] -> IRP_MJ_CREATE -> 0x86429439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________00000009#5&576c5bc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    I have attached the "attach file" as my post was too long otherwise.

    Thanks Again. I really appreciate it.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,495   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    All logs have to be pasted.
    Make sure to paste Attach.txt log in your next reply.

    You're infected with TDL rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Sharpey09

    Sharpey09 Newcomer, in training Topic Starter

    Thank you so much for you help. I have run the TDSSKiller. I have copied the report and the previous "attach" log below.

    2011/04/03 23:26:21.0737 5984 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/03 23:26:22.0032 5984 ================================================================================
    2011/04/03 23:26:22.0032 5984 SystemInfo:
    2011/04/03 23:26:22.0032 5984
    2011/04/03 23:26:22.0032 5984 OS Version: 6.1.7600 ServicePack: 0.0
    2011/04/03 23:26:22.0032 5984 Product type: Workstation
    2011/04/03 23:26:22.0032 5984 ComputerName: PETERSHARPE-PC
    2011/04/03 23:26:22.0033 5984 UserName: Peter Sharpe
    2011/04/03 23:26:22.0033 5984 Windows directory: C:\Windows
    2011/04/03 23:26:22.0033 5984 System windows directory: C:\Windows
    2011/04/03 23:26:22.0033 5984 Processor architecture: Intel x86
    2011/04/03 23:26:22.0033 5984 Number of processors: 1
    2011/04/03 23:26:22.0033 5984 Page size: 0x1000
    2011/04/03 23:26:22.0033 5984 Boot type: Normal boot
    2011/04/03 23:26:22.0033 5984 ================================================================================
    2011/04/03 23:26:22.0442 5984 Initialize success
    2011/04/03 23:26:23.0989 5176 ================================================================================
    2011/04/03 23:26:23.0989 5176 Scan started
    2011/04/03 23:26:23.0989 5176 Mode: Manual;
    2011/04/03 23:26:23.0989 5176 ================================================================================
    2011/04/03 23:26:25.0418 5176 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/04/03 23:26:25.0505 5176 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/04/03 23:26:25.0608 5176 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/04/03 23:26:25.0761 5176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/03 23:26:25.0861 5176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/03 23:26:25.0932 5176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/03 23:26:26.0100 5176 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/04/03 23:26:26.0163 5176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/04/03 23:26:26.0249 5176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/04/03 23:26:26.0411 5176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/04/03 23:26:26.0479 5176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/04/03 23:26:26.0559 5176 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/04/03 23:26:26.0661 5176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/03 23:26:26.0754 5176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/03 23:26:26.0845 5176 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/04/03 23:26:26.0956 5176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/03 23:26:27.0049 5176 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/04/03 23:26:27.0144 5176 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/04/03 23:26:27.0263 5176 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/03 23:26:27.0330 5176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/03 23:26:27.0450 5176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/03 23:26:27.0510 5176 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/04/03 23:26:27.0639 5176 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
    2011/04/03 23:26:27.0858 5176 AVGIDSDriverw7x (9e6b5bc75fd68b0d56a6f68a2d967241) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
    2011/04/03 23:26:27.0983 5176 AVGIDSErHrw7x (25d906e3419ec2e7813d0627dd054032) C:\Windows\system32\Drivers\AVGIDSwx.sys
    2011/04/03 23:26:28.0017 5176 AVGIDSFilterw7x (57b9a71774c9e334dc8ef97657ff18a1) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
    2011/04/03 23:26:28.0070 5176 AVGIDSShimw7x (c996c03d160137938a122a951305d645) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
    2011/04/03 23:26:28.0186 5176 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
    2011/04/03 23:26:28.0283 5176 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
    2011/04/03 23:26:28.0426 5176 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
    2011/04/03 23:26:28.0496 5176 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
    2011/04/03 23:26:28.0616 5176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/04/03 23:26:28.0738 5176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/04/03 23:26:28.0835 5176 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/04/03 23:26:28.0964 5176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/03 23:26:29.0038 5176 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/03 23:26:29.0152 5176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/03 23:26:29.0227 5176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/03 23:26:29.0302 5176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/03 23:26:29.0372 5176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/03 23:26:29.0458 5176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/03 23:26:29.0553 5176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/03 23:26:29.0803 5176 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/03 23:26:29.0937 5176 BtHidBus (00d4ee3ea6f2713b2314a000ba3232dc) C:\Windows\system32\Drivers\BtHidBus.sys
    2011/04/03 23:26:30.0008 5176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/03 23:26:30.0105 5176 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/03 23:26:30.0214 5176 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/03 23:26:30.0350 5176 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/03 23:26:30.0459 5176 btnetBUs (a57e73c28ccef938ba096aca63183388) C:\Windows\system32\Drivers\btnetBus.sys
    2011/04/03 23:26:30.0568 5176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/03 23:26:30.0722 5176 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/03 23:26:30.0849 5176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/03 23:26:30.0934 5176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/04/03 23:26:31.0093 5176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/03 23:26:31.0152 5176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/04/03 23:26:31.0227 5176 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/04/03 23:26:31.0333 5176 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/03 23:26:31.0484 5176 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/04/03 23:26:31.0591 5176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/03 23:26:31.0768 5176 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
    2011/04/03 23:26:31.0939 5176 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/03 23:26:32.0041 5176 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/04/03 23:26:32.0178 5176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/03 23:26:32.0390 5176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/03 23:26:32.0523 5176 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/03 23:26:32.0971 5176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/04/03 23:26:33.0352 5176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/03 23:26:33.0595 5176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/04/03 23:26:33.0933 5176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/04/03 23:26:34.0223 5176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/04/03 23:26:34.0699 5176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/03 23:26:34.0875 5176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/03 23:26:35.0172 5176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/04/03 23:26:35.0378 5176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/03 23:26:35.0721 5176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/03 23:26:36.0072 5176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/03 23:26:36.0426 5176 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/03 23:26:36.0875 5176 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/03 23:26:37.0224 5176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/03 23:26:37.0623 5176 GTUHSBUS (884199f75305f58038480f31e47604b7) C:\Windows\system32\DRIVERS\gtuhsbus.sys
    2011/04/03 23:26:37.0851 5176 GTUHSNDISIPXP (26ea5eae39a48fc6667fcd35753dcfff) C:\Windows\system32\DRIVERS\gtuhs51.sys
    2011/04/03 23:26:38.0026 5176 GTUHSSER (84f1e6dd27a401c7e69e277fd74aefde) C:\Windows\system32\DRIVERS\gtuhsser.sys
    2011/04/03 23:26:38.0184 5176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/03 23:26:38.0286 5176 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/03 23:26:38.0381 5176 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/03 23:26:38.0490 5176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/03 23:26:38.0561 5176 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/03 23:26:38.0648 5176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/03 23:26:38.0834 5176 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/03 23:26:38.0964 5176 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
    2011/04/03 23:26:39.0114 5176 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys
    2011/04/03 23:26:39.0261 5176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/04/03 23:26:39.0370 5176 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/04/03 23:26:39.0521 5176 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/04/03 23:26:39.0753 5176 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/03 23:26:40.0056 5176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/03 23:26:40.0350 5176 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/04/03 23:26:41.0062 5176 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/04/03 23:26:41.0730 5176 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/03 23:26:42.0005 5176 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/03 23:26:42.0213 5176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/04/03 23:26:42.0366 5176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/03 23:26:42.0436 5176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/03 23:26:42.0579 5176 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/04/03 23:26:42.0652 5176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/04/03 23:26:42.0781 5176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/04/03 23:26:42.0881 5176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/04/03 23:26:42.0998 5176 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/03 23:26:43.0074 5176 IvtBtBUs (981c005c2389ba1de8575cddb2829340) C:\Windows\system32\Drivers\IvtBtBus.sys
    2011/04/03 23:26:43.0202 5176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/03 23:26:43.0307 5176 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/03 23:26:43.0428 5176 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/03 23:26:43.0533 5176 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/03 23:26:43.0761 5176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/03 23:26:43.0880 5176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/03 23:26:43.0956 5176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/03 23:26:44.0057 5176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/03 23:26:44.0119 5176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/03 23:26:44.0250 5176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/04/03 23:26:44.0314 5176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/03 23:26:44.0432 5176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/03 23:26:44.0605 5176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/04/03 23:26:44.0710 5176 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/03 23:26:44.0846 5176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/03 23:26:45.0012 5176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/03 23:26:45.0121 5176 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/03 23:26:45.0225 5176 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/04/03 23:26:45.0337 5176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/03 23:26:45.0453 5176 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/03 23:26:45.0553 5176 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/03 23:26:45.0641 5176 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/03 23:26:45.0733 5176 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/03 23:26:45.0886 5176 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/04/03 23:26:45.0993 5176 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/04/03 23:26:46.0104 5176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/04/03 23:26:46.0199 5176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/03 23:26:46.0278 5176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/04/03 23:26:46.0413 5176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/03 23:26:46.0530 5176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/03 23:26:46.0622 5176 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/03 23:26:46.0728 5176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/03 23:26:46.0844 5176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/03 23:26:46.0966 5176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/03 23:26:47.0065 5176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/03 23:26:47.0171 5176 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/04/03 23:26:47.0315 5176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/03 23:26:47.0553 5176 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/04/03 23:26:47.0717 5176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/03 23:26:47.0845 5176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/03 23:26:47.0900 5176 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/03 23:26:48.0001 5176 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/03 23:26:48.0107 5176 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/03 23:26:48.0400 5176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/03 23:26:48.0554 5176 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/03 23:26:48.0742 5176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/03 23:26:48.0940 5176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/04/03 23:26:49.0025 5176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/03 23:26:49.0149 5176 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/03 23:26:49.0371 5176 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/04/03 23:26:49.0549 5176 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/04/03 23:26:49.0676 5176 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/04/03 23:26:49.0779 5176 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/04/03 23:26:49.0859 5176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/04/03 23:26:49.0967 5176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/03 23:26:50.0143 5176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/03 23:26:50.0200 5176 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/04/03 23:26:50.0306 5176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/04/03 23:26:50.0424 5176 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    2011/04/03 23:26:50.0563 5176 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/04/03 23:26:50.0619 5176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/04/03 23:26:50.0717 5176 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/03 23:26:50.0833 5176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/04/03 23:26:50.0908 5176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/04/03 23:26:51.0189 5176 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
    2011/04/03 23:26:51.0322 5176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/03 23:26:51.0416 5176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/03 23:26:51.0587 5176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/03 23:26:51.0694 5176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/03 23:26:51.0836 5176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/03 23:26:51.0929 5176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/03 23:26:52.0018 5176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/03 23:26:52.0131 5176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/03 23:26:52.0252 5176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/03 23:26:52.0357 5176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/03 23:26:52.0477 5176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/03 23:26:52.0548 5176 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/03 23:26:52.0650 5176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/03 23:26:52.0747 5176 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/03 23:26:52.0900 5176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/03 23:26:52.0990 5176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/03 23:26:53.0084 5176 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/03 23:26:53.0226 5176 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/03 23:26:53.0371 5176 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/03 23:26:53.0536 5176 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    2011/04/03 23:26:53.0691 5176 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/04/03 23:26:53.0807 5176 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
    2011/04/03 23:26:54.0015 5176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/03 23:26:54.0122 5176 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/04/03 23:26:54.0260 5176 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/04/03 23:26:54.0486 5176 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/04/03 23:26:54.0562 5176 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/03 23:26:54.0735 5176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/03 23:26:54.0878 5176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/03 23:26:54.0980 5176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/03 23:26:55.0053 5176 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/03 23:26:55.0232 5176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/04/03 23:26:55.0314 5176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/04/03 23:26:55.0404 5176 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/04/03 23:26:55.0523 5176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/03 23:26:55.0635 5176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/04/03 23:26:55.0785 5176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/03 23:26:55.0853 5176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/03 23:26:56.0012 5176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/03 23:26:56.0125 5176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/04/03 23:26:56.0317 5176 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/04/03 23:26:56.0317 5176 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/04/03 23:26:56.0333 5176 sptd - detected Locked file (1)
    2011/04/03 23:26:56.0455 5176 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/03 23:26:56.0603 5176 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/03 23:26:56.0689 5176 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/03 23:26:56.0874 5176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/03 23:26:56.0976 5176 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/03 23:26:57.0196 5176 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/04/03 23:26:57.0451 5176 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/03 23:26:57.0556 5176 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/03 23:26:57.0635 5176 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/03 23:26:57.0755 5176 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/03 23:26:57.0823 5176 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/03 23:26:57.0904 5176 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/03 23:26:58.0096 5176 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    2011/04/03 23:26:58.0215 5176 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/03 23:26:58.0315 5176 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/03 23:26:58.0417 5176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/03 23:26:58.0487 5176 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/03 23:26:58.0617 5176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/04/03 23:26:58.0754 5176 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/03 23:26:58.0822 5176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/03 23:26:58.0902 5176 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/03 23:26:59.0046 5176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/04/03 23:26:59.0129 5176 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/03 23:26:59.0230 5176 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/03 23:26:59.0355 5176 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/03 23:26:59.0434 5176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/03 23:26:59.0539 5176 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/03 23:26:59.0678 5176 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/03 23:26:59.0776 5176 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/03 23:26:59.0865 5176 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/04/03 23:27:00.0100 5176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/04/03 23:27:00.0182 5176 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/03 23:27:00.0243 5176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/04/03 23:27:00.0317 5176 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/04/03 23:27:00.0458 5176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/04/03 23:27:00.0539 5176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/04/03 23:27:00.0632 5176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/04/03 23:27:00.0758 5176 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/04/03 23:27:00.0848 5176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/03 23:27:00.0967 5176 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/04/03 23:27:01.0067 5176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/03 23:27:01.0151 5176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/04/03 23:27:01.0292 5176 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/04/03 23:27:01.0481 5176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/03 23:27:01.0597 5176 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/03 23:27:01.0623 5176 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/03 23:27:01.0800 5176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/03 23:27:01.0880 5176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/03 23:27:02.0047 5176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/03 23:27:02.0130 5176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/04/03 23:27:02.0342 5176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/04/03 23:27:02.0448 5176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/03 23:27:02.0562 5176 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/03 23:27:02.0666 5176 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/03 23:27:02.0960 5176 ================================================================================
    2011/04/03 23:27:02.0960 5176 Scan finished
    2011/04/03 23:27:02.0960 5176 ================================================================================
    2011/04/03 23:27:02.0982 2004 Detected object count: 1
    2011/04/03 23:27:50.0398 2004 Locked file(sptd) - User select action: Skip


    "Attach Log"

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 01/02/2010 10:33:02
    System Uptime: 03/04/2011 20:55:33 (1 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | EF7
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 147 GiB total, 71.033 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP196: 15/03/2011 11:29:51 - Avg Update
    RP198: 15/03/2011 11:30:54 - Avg Update
    RP199: 15/03/2011 11:33:30 - Windows Update
    RP200: 18/03/2011 10:02:13 - Windows Update
    RP201: 22/03/2011 11:15:03 - Windows Update
    RP203: 23/03/2011 19:58:19 - Installed International Cricket Captain 2010
    RP204: 24/03/2011 17:49:24 - Windows Update
    RP205: 25/03/2011 10:47:23 - Windows Update
    RP207: 03/04/2011 18:03:04 - Avg Update
    RP209: 03/04/2011 18:07:19 - Avg Update
    RP210: 03/04/2011 20:25:23 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP211: 03/04/2011 20:28:59 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office system
    2007 Microsoft Office System Primary Interop Assemblies (Beta)
    32 Bit HP CIO Components Installer
    7-Zip 4.65
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Amazon MP3 Downloader 1.0.9
    ĀµTorrent
    AVG 9.0
    BlackBerry Desktop Software 6.0
    BufferChm
    CCleaner
    CustomerResearchQFolder
    CyberLink YouCam
    D3DX10
    Defraggler
    DeviceDiscovery
    DeviceManagementQFolder
    Fujitsu OSD Utility
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Color LaserJet CM2320 MFP Series 3.1
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    hppCLJCM2320
    hppFaxDrvCM2320
    hppFaxUtilityCM2320
    hppFonts
    hppManualsCM2320
    hppQFolderCM2320
    hppScanToCM2320
    hppSendFaxCM2320
    hppusgCM2320
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java(TM) 6 Update 20
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Player Classic - Home Cinema v1.5.0.2827
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office 2003 Web Components
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.16)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    MWSnap 3
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    PDF-File Converter
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shockwave
    Spotify
    SystemDiagnostics
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    Veetle TV 0.9.18
    VLC media player 1.1.7
    Vodafone Mobile Connect Lite
    WebReg
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinZip 14.0
    WordWeb
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/03/2011 15:36:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    31/03/2011 15:36:20, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    30/03/2011 14:27:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    30/03/2011 14:27:14, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    30/03/2011 14:26:14, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:15, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 14:25:14, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/03/2011 01:33:07, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    29/03/2011 23:14:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    29/03/2011 23:14:03, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/03/2011 11:33:20, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    27/03/2011 12:42:20, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    03/04/2011 20:58:28, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    03/04/2011 20:56:12, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb4b8ba10, 0x00000002, 0x00000001, 0x830528dc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040311-31590-01.
    03/04/2011 20:33:17, Error: Service Control Manager [7034] - The AVG9IDSAgent service terminated unexpectedly. It has done this 1 time(s).
    03/04/2011 18:51:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0x830bf0a9, 0x030bf121, 0xb34e09b4, 0x0000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040311-34039-01.
    02/04/2011 13:06:55, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    02/04/2011 13:02:35, Error: Service Control Manager [7022] - The AVG9IDSAgent service hung on starting.
    02/04/2011 01:21:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    01/04/2011 17:03:48, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D6996C8C-ACC4-46FA-968D-6D3804E8B818} because another computer on the network has the same name. The server could not start.
    .
    ==== End Of File ===========================

    Thanks again for all your help.
  4. Broni

    Broni Malware Annihilator Posts: 46,495   +252

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.