-
Help - Keep being redirected when I click on Google results
The majority of the time when I cliclk on one of my Google search results I get redirected to some weird site, its seems to move in trends - the last few weeks I cant remember where I was being redirected but the latest on is : http://www.enoognghirat.com/search.[whatever my search was]
It's starting to really get to me now - can take up to 10 attampts to actually get into the correct website.
There doesn't seem to be anything unusual in internet explorer ad-ons
Malwarebytes has found the odd thing and remove it but the problem persists.
Have successully backed up the registry with ERUNT as per the guide.
DDS.txt
-------------------------------------------------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFSx86
Run by Murdo & Louise at 23:58:18.13 on 28/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1953 [GMT 0:00]
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\fxssvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Murdo & Louise\Desktop\dds.com
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Watch for Browser Events: {42a7ce31-cee7-4cce-a060-a44a7e52e062} - c:\progra~1\keyboa~1\kie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101104123601.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [dlbtmon.exe] "c:\program files\dell photo aio printer 922\dlbtmon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
============= SERVICES / DRIVERS ===============
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-8 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-6-1 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-6-1 164840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-3 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-20 47640]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-1 141792]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-1 55840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-7-7 1227352]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-1 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-1 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-1 313288]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2010-2-24 562464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-11-9 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-1 84264]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
=============== File Associations ===============
.scr=AutoCADScriptFile
=============== Created Last 30 ================
2011-02-23 17:58:17 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58:16 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58:15 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19:57 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05:25 -------- d-----w- c:\users\murdo&~1\appdata\local\Sunbelt Software
2011-02-08 23:04:56 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04:42 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35:05 -------- d-----w- c:\users\murdo&~1\appdata\roaming\Malwarebytes
2011-02-08 22:34:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34:48 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-08 22:34:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 22:34:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 11:23:59 89088 ----a-w- c:\windows\MBR.exe
2011-02-06 11:23:55 98816 ----a-w- c:\windows\sed.exe
2011-02-06 11:23:55 256512 ----a-w- c:\windows\PEV.exe
2011-02-06 11:23:55 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 14:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2011-02-19 12:22:08 3504 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-29 20:04:07 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-20 17:07:32 98304 --sha-r- c:\windows\system32\ctdvinst4.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 23:41:30 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-09 21:44:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47:00 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD5000AVDS-63U7B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: >>UNKNOWN [0x83615000]<< >>UNKNOWN [0x8BEC3000]<< >>UNKNOWN [0x8BEB2000]<< >>UNKNOWN [0x8B9B5000]<< >>UNKNOWN [0x83A25000]<< >>UNKNOWN [0x8B981000]<< >>UNKNOWN [0x8B988000]<< >>UNKNOWN [0x8B9AC000]<< >>UNKNOWN [0x827A0000]<< >>UNKNOWN [0x828593A2]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83651448] -> \Device\Harddisk0\DR0[0x86BCC5D8]
\Driver\Disk[0x86BCCDA8] -> IRP_MJ_CREATE -> 0x8BEC739F
3 [0x8BEC759E] -> ntkrnlpa!IofCallDriver[0x83651448] -> \Device\Ide\IdeDeviceP1T0L0-1[0x86885908]
\Driver\atapi[0x8687B030] -> IRP_MJ_CREATE -> 0x8B9CF8C4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 0:00:11.28 ===============
-----------------------------------------------------------------------------
Latest Update for Spybot S&D installed Full Scan Completed
Results :
DoubleClick: Tracking cookie (Internet Explorer: Murdo & Louise) (Cookie, fixed)
------------------------------------------------------------------------------
Any Help & Advice appreciated thanks
Murdo
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a rootkit
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
Reboot and then run this quick scan
Download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
-
Done !
Hi - Run TDSSKiller
Results
--------------------------------------
2011/03/01 02:00:29.0244 1468 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/03/01 02:00:31.0256 1468 ================================================================================
2011/03/01 02:00:31.0256 1468 SystemInfo:
2011/03/01 02:00:31.0256 1468
2011/03/01 02:00:31.0256 1468 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/01 02:00:31.0256 1468 Product type: Workstation
2011/03/01 02:00:31.0256 1468 ComputerName: DELL
2011/03/01 02:00:31.0256 1468 UserName: Murdo & Louise
2011/03/01 02:00:31.0256 1468 Windows directory: C:\Windows
2011/03/01 02:00:31.0256 1468 System windows directory: C:\Windows
2011/03/01 02:00:31.0256 1468 Processor architecture: Intel x86
2011/03/01 02:00:31.0256 1468 Number of processors: 2
2011/03/01 02:00:31.0256 1468 Page size: 0x1000
2011/03/01 02:00:31.0256 1468 Boot type: Normal boot
2011/03/01 02:00:31.0256 1468 ================================================================================
2011/03/01 02:00:42.0379 1468 Initialize success
2011/03/01 02:00:54.0485 2604 ================================================================================
2011/03/01 02:00:54.0485 2604 Scan started
2011/03/01 02:00:54.0485 2604 Mode: Manual;
2011/03/01 02:00:54.0485 2604 ================================================================================
2011/03/01 02:00:56.0903 2604 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/01 02:00:57.0043 2604 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/01 02:00:57.0106 2604 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/01 02:00:57.0418 2604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/01 02:00:57.0542 2604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/01 02:00:57.0683 2604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/01 02:00:57.0917 2604 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/01 02:00:57.0995 2604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/01 02:00:58.0104 2604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/01 02:00:58.0322 2604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/01 02:00:58.0447 2604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/01 02:00:58.0541 2604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/01 02:00:58.0603 2604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/01 02:00:59.0040 2604 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/01 02:00:59.0227 2604 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/01 02:00:59.0352 2604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/01 02:00:59.0430 2604 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/01 02:00:59.0477 2604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/01 02:00:59.0555 2604 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/01 02:00:59.0617 2604 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/01 02:00:59.0773 2604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/01 02:00:59.0820 2604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/01 02:00:59.0929 2604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/01 02:01:00.0007 2604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/01 02:01:00.0148 2604 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
2011/03/01 02:01:00.0662 2604 atikmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/01 02:01:00.0912 2604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/01 02:01:01.0052 2604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/01 02:01:01.0162 2604 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/03/01 02:01:01.0255 2604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/01 02:01:01.0349 2604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/01 02:01:01.0505 2604 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/01 02:01:01.0583 2604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/01 02:01:01.0692 2604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/01 02:01:01.0848 2604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/01 02:01:01.0911 2604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/01 02:01:01.0957 2604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/01 02:01:02.0004 2604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/01 02:01:02.0113 2604 btaudio (9e8cf88d340e32fcb3c53955b2df388f) C:\Windows\system32\drivers\btaudio.sys
2011/03/01 02:01:02.0223 2604 Btcsrusb (942c602296119d758547808221c85a2c) C:\Windows\system32\Drivers\btcusb.sys
2011/03/01 02:01:02.0347 2604 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\Windows\system32\DRIVERS\btport.sys
2011/03/01 02:01:02.0441 2604 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/01 02:01:02.0550 2604 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\Windows\system32\Drivers\BtHidBus.sys
2011/03/01 02:01:02.0628 2604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/01 02:01:02.0706 2604 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/01 02:01:02.0847 2604 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/03/01 02:01:02.0925 2604 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/01 02:01:03.0081 2604 btkrnl (378b6f92c8a5b24baaa8f2ea3483f963) C:\Windows\system32\DRIVERS\btkrnl.sys
2011/03/01 02:01:03.0190 2604 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
2011/03/01 02:01:03.0361 2604 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/03/01 02:01:03.0564 2604 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\Windows\system32\DRIVERS\btwdndis.sys
2011/03/01 02:01:03.0673 2604 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\Windows\system32\DRIVERS\btwhid.sys
2011/03/01 02:01:03.0923 2604 BTWUSB (ec034d30a2b48fab3ed09bc75d155c7c) C:\Windows\system32\Drivers\btwusb.sys
2011/03/01 02:01:04.0017 2604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/01 02:01:04.0095 2604 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/01 02:01:04.0329 2604 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2011/03/01 02:01:04.0375 2604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/01 02:01:04.0438 2604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/01 02:01:04.0547 2604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/01 02:01:04.0609 2604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/01 02:01:04.0672 2604 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/01 02:01:04.0719 2604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/01 02:01:04.0781 2604 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/01 02:01:04.0828 2604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/01 02:01:04.0937 2604 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/01 02:01:05.0031 2604 CT20XUT (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\system32\drivers\CT20XUT.SYS
2011/03/01 02:01:05.0109 2604 CT20XUT.SYS (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\System32\drivers\CT20XUT.SYS
2011/03/01 02:01:05.0187 2604 ctac32k (3854ae2d02880ed877e9b4dfda15e0e1) C:\Windows\system32\drivers\ctac32k.sys
2011/03/01 02:01:05.0249 2604 ctaud2k (c365234b800a70afa95ded3c6bfeeaef) C:\Windows\system32\drivers\ctaud2k.sys
2011/03/01 02:01:05.0483 2604 CTEXFIFX (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/03/01 02:01:05.0577 2604 CTEXFIFX.SYS (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/03/01 02:01:05.0639 2604 CTHWIUT (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/03/01 02:01:05.0686 2604 CTHWIUT.SYS (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/03/01 02:01:05.0748 2604 ctprxy2k (ffa0e7da970749e0bf92822e82f94a1c) C:\Windows\system32\drivers\ctprxy2k.sys
2011/03/01 02:01:05.0811 2604 ctsfm2k (3487c97492dcfa3b1aa474f3d1024b94) C:\Windows\system32\drivers\ctsfm2k.sys
2011/03/01 02:01:05.0951 2604 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/01 02:01:06.0029 2604 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/01 02:01:06.0091 2604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/01 02:01:06.0325 2604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/01 02:01:06.0435 2604 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/01 02:01:06.0606 2604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/01 02:01:06.0887 2604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/01 02:01:06.0981 2604 emupia (dd5bbc069d01082d0273e03053c34c38) C:\Windows\system32\drivers\emupia2k.sys
2011/03/01 02:01:07.0059 2604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/01 02:01:07.0183 2604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/01 02:01:07.0277 2604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/01 02:01:07.0371 2604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/01 02:01:07.0449 2604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/01 02:01:07.0511 2604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/01 02:01:07.0605 2604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/01 02:01:07.0714 2604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/01 02:01:07.0807 2604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/01 02:01:07.0870 2604 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/01 02:01:07.0979 2604 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/01 02:01:08.0073 2604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/01 02:01:08.0151 2604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/01 02:01:08.0291 2604 ha20x22k (e9eed44cf043a23a1a74544c5fe9e927) C:\Windows\system32\drivers\ha20x22k.sys
2011/03/01 02:01:08.0431 2604 ha20x2k (b10ca02f917ddff5abc6c9408c691fc6) C:\Windows\system32\drivers\ha20x2k.sys
2011/03/01 02:01:08.0494 2604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/01 02:01:08.0650 2604 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/01 02:01:08.0743 2604 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/01 02:01:08.0806 2604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/01 02:01:08.0884 2604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/01 02:01:08.0977 2604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/01 02:01:09.0102 2604 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/01 02:01:09.0196 2604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/01 02:01:09.0336 2604 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/01 02:01:09.0586 2604 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/01 02:01:09.0695 2604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/01 02:01:09.0804 2604 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/01 02:01:09.0867 2604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/01 02:01:10.0101 2604 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\Windows\system32\DRIVERS\IntelC51.sys
2011/03/01 02:01:10.0241 2604 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\Windows\system32\DRIVERS\IntelC52.sys
2011/03/01 02:01:10.0303 2604 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\Windows\system32\DRIVERS\IntelC53.sys
2011/03/01 02:01:10.0366 2604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/01 02:01:10.0444 2604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/01 02:01:10.0491 2604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/01 02:01:10.0553 2604 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/01 02:01:10.0600 2604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/01 02:01:10.0756 2604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/01 02:01:10.0818 2604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/01 02:01:10.0912 2604 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/01 02:01:11.0005 2604 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\Windows\system32\Drivers\IvtBtBus.sys
2011/03/01 02:01:11.0146 2604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/01 02:01:11.0208 2604 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/01 02:01:11.0286 2604 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/01 02:01:11.0333 2604 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/01 02:01:11.0520 2604 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/01 02:01:11.0645 2604 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/01 02:01:11.0817 2604 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/03/01 02:01:12.0191 2604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/01 02:01:12.0565 2604 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/03/01 02:01:12.0659 2604 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/03/01 02:01:12.0846 2604 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/03/01 02:01:12.0955 2604 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/03/01 02:01:13.0096 2604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/01 02:01:13.0189 2604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/01 02:01:13.0283 2604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/01 02:01:13.0377 2604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/01 02:01:13.0439 2604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/01 02:01:13.0564 2604 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/03/01 02:01:13.0704 2604 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/03/01 02:01:13.0829 2604 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
2011/03/01 02:01:13.0907 2604 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/03/01 02:01:14.0219 2604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/01 02:01:14.0297 2604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/01 02:01:14.0406 2604 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/03/01 02:01:14.0562 2604 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2011/03/01 02:01:14.0796 2604 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2011/03/01 02:01:14.0937 2604 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2011/03/01 02:01:15.0139 2604 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/03/01 02:01:15.0186 2604 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/03/01 02:01:15.0264 2604 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2011/03/01 02:01:15.0405 2604 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2011/03/01 02:01:15.0498 2604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/01 02:01:15.0576 2604 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/03/01 02:01:15.0639 2604 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\Windows\system32\DRIVERS\mohfilt.sys
2011/03/01 02:01:15.0795 2604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/01 02:01:15.0873 2604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/01 02:01:15.0966 2604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/01 02:01:16.0060 2604 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/01 02:01:16.0122 2604 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/01 02:01:16.0231 2604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/01 02:01:16.0309 2604 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/01 02:01:16.0434 2604 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/01 02:01:16.0512 2604 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/01 02:01:16.0606 2604 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/01 02:01:16.0840 2604 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/01 02:01:16.0887 2604 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/01 02:01:17.0027 2604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/01 02:01:17.0105 2604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/01 02:01:17.0183 2604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/01 02:01:17.0339 2604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/01 02:01:17.0417 2604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/01 02:01:17.0511 2604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/01 02:01:17.0620 2604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/01 02:01:17.0698 2604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/01 02:01:17.0776 2604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/01 02:01:17.0807 2604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/01 02:01:17.0869 2604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/01 02:01:18.0025 2604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/01 02:01:18.0166 2604 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/01 02:01:18.0213 2604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/01 02:01:18.0259 2604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/01 02:01:18.0322 2604 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/01 02:01:18.0369 2604 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/01 02:01:18.0415 2604 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/01 02:01:18.0493 2604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/01 02:01:18.0603 2604 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/01 02:01:18.0899 2604 netr73 (00ebe302169c7b783a29b6df3c9e5b28) C:\Windows\system32\DRIVERS\netr73.sys
2011/03/01 02:01:19.0039 2604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/01 02:01:19.0195 2604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/01 02:01:19.0273 2604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/01 02:01:19.0414 2604 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/01 02:01:19.0492 2604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/01 02:01:19.0632 2604 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/01 02:01:19.0726 2604 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/01 02:01:19.0773 2604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/01 02:01:19.0835 2604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/01 02:01:19.0944 2604 ossrv (54c4bcfd5336ea6ceafcb0d4b6978408) C:\Windows\system32\drivers\ctoss2k.sys
2011/03/01 02:01:20.0053 2604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/01 02:01:20.0100 2604 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/01 02:01:20.0147 2604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/01 02:01:20.0287 2604 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/01 02:01:20.0350 2604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/01 02:01:20.0412 2604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/01 02:01:20.0475 2604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/01 02:01:20.0553 2604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/01 02:01:20.0662 2604 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\Windows\system32\DRIVERS\lv302af.sys
2011/03/01 02:01:20.0818 2604 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/03/01 02:01:20.0989 2604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/01 02:01:21.0036 2604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/01 02:01:21.0114 2604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/01 02:01:21.0208 2604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/01 02:01:21.0286 2604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/01 02:01:21.0395 2604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/01 02:01:21.0457 2604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/01 02:01:21.0535 2604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/01 02:01:21.0613 2604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/01 02:01:21.0691 2604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/01 02:01:21.0785 2604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/01 02:01:21.0832 2604 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/01 02:01:21.0894 2604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/01 02:01:21.0957 2604 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/01 02:01:22.0019 2604 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/01 02:01:22.0050 2604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/01 02:01:22.0144 2604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/01 02:01:22.0191 2604 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/01 02:01:22.0269 2604 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/01 02:01:22.0393 2604 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/01 02:01:22.0534 2604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/01 02:01:22.0596 2604 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/01 02:01:22.0705 2604 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/01 02:01:22.0783 2604 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/01 02:01:22.0893 2604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/01 02:01:23.0002 2604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/01 02:01:23.0033 2604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/01 02:01:23.0080 2604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/01 02:01:23.0205 2604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/01 02:01:23.0236 2604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/01 02:01:23.0283 2604 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/01 02:01:23.0345 2604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/01 02:01:23.0470 2604 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\Windows\system32\DRIVERS\SI3112r.sys
2011/03/01 02:01:23.0517 2604 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/03/01 02:01:23.0563 2604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/01 02:01:23.0641 2604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/01 02:01:23.0688 2604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/01 02:01:23.0766 2604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/01 02:01:23.0891 2604 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
2011/03/01 02:01:24.0094 2604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/01 02:01:24.0250 2604 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/01 02:01:24.0531 2604 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/01 02:01:24.0609 2604 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/01 02:01:24.0702 2604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/01 02:01:24.0765 2604 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/01 02:01:24.0827 2604 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/01 02:01:24.0874 2604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/01 02:01:25.0123 2604 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/01 02:01:25.0233 2604 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/01 02:01:25.0311 2604 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/01 02:01:25.0389 2604 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/01 02:01:25.0451 2604 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/01 02:01:25.0498 2604 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/01 02:01:25.0545 2604 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/01 02:01:25.0669 2604 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/01 02:01:25.0763 2604 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/01 02:01:25.0825 2604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/01 02:01:25.0888 2604 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/01 02:01:26.0013 2604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/01 02:01:26.0075 2604 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/01 02:01:26.0137 2604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/01 02:01:26.0262 2604 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/01 02:01:26.0325 2604 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/03/01 02:01:26.0387 2604 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/01 02:01:26.0434 2604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/01 02:01:26.0496 2604 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/01 02:01:26.0574 2604 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/01 02:01:26.0621 2604 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/01 02:01:26.0668 2604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/01 02:01:26.0761 2604 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/01 02:01:26.0839 2604 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/01 02:01:26.0886 2604 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/01 02:01:26.0995 2604 VComm (0955553090e0a88614e5b8a02af9324c) C:\Windows\system32\DRIVERS\VComm.sys
2011/03/01 02:01:27.0058 2604 VcommMgr (ea0d7c68dc77b478f1c08022b8afe8ca) C:\Windows\system32\Drivers\VcommMgr.sys
2011/03/01 02:01:27.0136 2604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/01 02:01:27.0261 2604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/01 02:01:27.0323 2604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/01 02:01:27.0401 2604 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/01 02:01:27.0495 2604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/01 02:01:27.0557 2604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/01 02:01:27.0604 2604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/01 02:01:27.0682 2604 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/01 02:01:27.0744 2604 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/01 02:01:27.0822 2604 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/01 02:01:27.0885 2604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/01 02:01:27.0978 2604 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/01 02:01:28.0056 2604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/01 02:01:28.0119 2604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/01 02:01:28.0165 2604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/01 02:01:28.0290 2604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/01 02:01:28.0368 2604 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/01 02:01:28.0384 2604 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/01 02:01:28.0540 2604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/01 02:01:28.0618 2604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/01 02:01:28.0789 2604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/01 02:01:28.0867 2604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/01 02:01:29.0086 2604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/01 02:01:29.0242 2604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/01 02:01:29.0413 2604 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/01 02:01:29.0507 2604 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/01 02:01:29.0959 2604 ================================================================================
2011/03/01 02:01:29.0959 2604 Scan finished
2011/03/01 02:01:29.0959 2604 ================================================================================
2011/03/01 02:01:59.0537 1476 Deinitialize success
Run MBRCheck
Results
----------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x00000ffc
Kernel Drivers (total 235):
0x83615000 \SystemRoot\system32\ntkrnlpa.exe
0x83A25000 \SystemRoot\system32\halmacpi.dll
0x80BAA000 \SystemRoot\system32\kdcom.dll
0x8B612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B68A000 \SystemRoot\system32\PSHED.dll
0x8B69B000 \SystemRoot\system32\BOOTVID.dll
0x8B6A3000 \SystemRoot\system32\CLFS.SYS
0x8B6E5000 \SystemRoot\system32\CI.dll
0x8B808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B879000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B887000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B8CF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B8D8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B8E0000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B90A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B915000 \SystemRoot\System32\drivers\partmgr.sys
0x8B926000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B936000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B981000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B988000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B996000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B9AC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B9B5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B9D8000 \SystemRoot\system32\DRIVERS\SI3112r.sys
0x8B790000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8B7B6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B7BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B600000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BA2A000 \SystemRoot\system32\drivers\mfehidk.sys
0x8BA87000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8BA96000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8BA9A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BBC9000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BA00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BC26000 \SystemRoot\System32\Drivers\cng.sys
0x8BC83000 \SystemRoot\System32\drivers\pcw.sys
0x8BC91000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BC9A000 \SystemRoot\system32\drivers\ndis.sys
0x8BD51000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BD8F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BDB4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BDBD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BC00000 \SystemRoot\System32\Drivers\spldr.sys
0x8BE3B000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BE68000 \SystemRoot\System32\Drivers\mup.sys
0x8BE78000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BE80000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BEB2000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BEC3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BEE8000 \SystemRoot\System32\Drivers\BtHidBus.sys
0x8BF1E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BF3D000 \SystemRoot\System32\Drivers\Null.SYS
0x8BF44000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BF4B000 \SystemRoot\System32\drivers\vga.sys
0x8BF57000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BF78000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BF8D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BF95000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BF9D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BFA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E1D000 \SystemRoot\System32\drivers\tcpip.sys
0x91F66000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x91F97000 \SystemRoot\system32\drivers\mfewfpk.sys
0x91FBE000 \SystemRoot\system32\drivers\TDI.SYS
0x91FC9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BFB6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92C08000 \SystemRoot\system32\drivers\afd.sys
0x92C62000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92C69000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92C88000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92C99000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x92CA7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92CB5000 \SystemRoot\system32\DRIVERS\serial.sys
0x92CCF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92CE2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92CF2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92D33000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92D3D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92D47000 \SystemRoot\System32\drivers\discache.sys
0x92D53000 \SystemRoot\system32\drivers\csc.sys
0x92DB7000 \SystemRoot\System32\Drivers\dfsc.sys
0x92DCF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92DDD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91FE0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9321C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x93A0C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x940B2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94169000 \SystemRoot\System32\drivers\dxgmms1.sys
0x941A2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93259000 \SystemRoot\system32\drivers\ctaud2k.sys
0x941CC000 \SystemRoot\system32\drivers\portcls.sys
0x932DB000 \SystemRoot\system32\drivers\drmk.sys
0x932F4000 \SystemRoot\system32\drivers\ks.sys
0x93328000 \SystemRoot\system32\drivers\ctoss2k.sys
0x93A00000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x941C1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9335D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x933A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x933B7000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0x9421C000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0x94364000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0x94200000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0x94206000 \SystemRoot\system32\drivers\modem.sys
0x933C3000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x933D4000 \SystemRoot\system32\DRIVERS\parport.sys
0x933EC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x94213000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x933F6000 \SystemRoot\System32\Drivers\btnetBus.sys
0x93200000 \SystemRoot\System32\Drivers\VcommMgr.sys
0x941FB000 \SystemRoot\System32\Drivers\IvtBtBus.sys
0x94414000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0x94505000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x94512000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x94513000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94525000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9453D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94548000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9456A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x94582000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94599000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x945B0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x945BA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x945C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x945D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x945D6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96C0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96C5C000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x96C66000 \SystemRoot\system32\drivers\ha20x22k.sys
0x96D95000 \SystemRoot\system32\drivers\emupia2k.sys
0x96DC5000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x96DEF000 \SystemRoot\system32\DRIVERS\btport.sys
0x945E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91E00000 \SystemRoot\system32\drivers\AtihdW73.sys
0x93207000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x8BE00000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x9B606000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x9B754000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9B778000 \SystemRoot\system32\drivers\mfefirek.sys
0x827A0000 \SystemRoot\System32\win32k.sys
0x9B7C3000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B7CD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9B7DA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9B7E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9B7EE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9B600000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x96C02000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x94400000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96C51000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96C58000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96DF7000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x945F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92C00000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8BEEC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91FF2000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8BF11000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x83230000 \SystemRoot\system32\DRIVERS\netr73.sys
0x832C1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x832CB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x832D7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x832EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82600000 \SystemRoot\System32\TSDDD.dll
0x82630000 \SystemRoot\System32\ATMFD.DLL
0x82680000 \SystemRoot\System32\cdd.dll
0x95408000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0x9553F000 \SystemRoot\system32\DRIVERS\lv302af.sys
0x95541000 \SystemRoot\system32\drivers\usbaudio.sys
0x95555000 \SystemRoot\system32\drivers\luafv.sys
0x95570000 \SystemRoot\system32\drivers\WudfPf.sys
0x9558A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9559A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x955E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x832F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8330C000 \SystemRoot\system32\drivers\HTTP.sys
0x83391000 \SystemRoot\system32\DRIVERS\bowser.sys
0x833AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x833BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9FC3A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9FC75000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9FC90000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9FC97000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0x9FC99000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x9FCA3000 \SystemRoot\system32\drivers\peauth.sys
0x9FD3A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FD44000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FDCF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA540A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5459000 \SystemRoot\System32\DRIVERS\srv.sys
0xA54CE000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA54D3000 \SystemRoot\system32\drivers\cfwids.sys
0xA54DF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA5500000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA5516000 \SystemRoot\system32\drivers\mfebopk.sys
0xA5521000 \??\C:\Users\MURDO&~1\AppData\Local\Temp\mbr.sys
0xA5528000 \??\C:\Windows\system32\drivers\mbamswissarmy.sys
0x77C90000 \Windows\System32\ntdll.dll
0x477A0000 \Windows\System32\smss.exe
0x77ED0000 \Windows\System32\apisetschema.dll
0x00AD0000 \Windows\System32\autochk.exe
0x77E10000 \Windows\System32\msvcrt.dll
0x77A90000 \Windows\System32\iertutil.dll
0x77E00000 \Windows\System32\nsi.dll
0x779F0000 \Windows\System32\advapi32.dll
0x77DF0000 \Windows\System32\psapi.dll
0x77990000 \Windows\System32\difxapi.dll
0x77900000 \Windows\System32\clbcatq.dll
0x77820000 \Windows\System32\kernel32.dll
0x777D0000 \Windows\System32\gdi32.dll
0x77780000 \Windows\System32\Wldap32.dll
0x77DD0000 \Windows\System32\sechost.dll
0x77750000 \Windows\System32\imagehlp.dll
0x76B00000 \Windows\System32\shell32.dll
0x76AF0000 \Windows\System32\lpk.dll
0x76A40000 \Windows\System32\rpcrt4.dll
0x76970000 \Windows\System32\user32.dll
0x768F0000 \Windows\System32\comdlg32.dll
0x76850000 \Windows\System32\usp10.dll
0x767C0000 \Windows\System32\oleaut32.dll
0x76760000 \Windows\System32\shlwapi.dll
0x765C0000 \Windows\System32\setupapi.dll
0x764F0000 \Windows\System32\msctf.dll
0x763B0000 \Windows\System32\urlmon.dll
0x763A0000 \Windows\System32\normaliz.dll
0x762A0000 \Windows\System32\wininet.dll
0x76280000 \Windows\System32\imm32.dll
0x76240000 \Windows\System32\ws2_32.dll
0x760E0000 \Windows\System32\ole32.dll
0x75FC0000 \Windows\System32\crypt32.dll
0x75F90000 \Windows\System32\wintrust.dll
0x75F70000 \Windows\System32\devobj.dll
0x75F20000 \Windows\System32\KernelBase.dll
0x75EF0000 \Windows\System32\cfgmgr32.dll
0x75E60000 \Windows\System32\comctl32.dll
0x75E50000 \Windows\System32\msasn1.dll
Processes (total 85):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
520 csrss.exe
592 C:\Windows\System32\wininit.exe
608 csrss.exe
648 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\atiesrxx.exe
1056 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1260 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1324 C:\Windows\System32\svchost.exe
1396 C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
1452 C:\Windows\System32\atieclxx.exe
1552 C:\Windows\System32\svchost.exe
1696 C:\Windows\System32\spoolsv.exe
1732 C:\Windows\System32\taskeng.exe
1756 C:\Windows\System32\svchost.exe
1892 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1928 C:\Windows\System32\ASTSRV.EXE
1956 C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1976 C:\Windows\System32\rundll32.exe
2044 C:\Program Files\Bonjour\mDNSResponder.exe
268 C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
356 C:\Windows\System32\dlbtcoms.exe
1292 C:\Windows\System32\taskhost.exe
1520 C:\Windows\System32\dwm.exe
724 C:\Windows\explorer.exe
2076 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
2116 C:\Program Files\LogMeIn\x86\ramaint.exe
2140 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2208 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2228 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2260 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
2296 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2340 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
2376 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2540 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\FXSSVC.exe
2828 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2844 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2916 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3000 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
3168 C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
3208 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3476 C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
3544 C:\Program Files\McAfee.com\Agent\mcagent.exe
3588 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3604 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3780 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1788 C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
2812 C:\Windows\System32\svchost.exe
3320 C:\Windows\System32\Ctxfihlp.exe
3312 C:\Program Files\Logitech\SetPoint\LBTWiz.exe
3632 C:\Windows\System32\SearchIndexer.exe
3356 WUDFHost.exe
3656 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3624 C:\Program Files\iTunes\iTunesHelper.exe
3912 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
3816 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
4008 C:\Program Files\Keyboard Express 3\keyexp.exe
4532 C:\Program Files\iPod\bin\iPodService.exe
4648 C:\Windows\System32\CTxfispi.exe
4768 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5560 C:\Windows\System32\svchost.exe
5844 C:\Program Files\Windows Media Player\wmpnetwk.exe
5860 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
5376 C:\Program Files\Common Files\Corel\Standby\Standby.exe
1916 C:\PROGRA~1\INTERN~1\iexplore.exe
3028 C:\PROGRA~1\INTERN~1\iexplore.exe
5632 C:\Windows\System32\audiodg.exe
216 C:\ProgramData\FLEXnet\Connect\11\agent.exe
4388 <unknown>
6032 <unknown>
3584 C:\Windows\System32\SearchFilterHost.exe
5160 C:\Windows\System32\SearchProtocolHost.exe
1728 C:\Users\Murdo & Louise\Desktop\MBRCheck.exe
4500 C:\Windows\System32\conhost.exe
2728 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000038`27000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AVDS-63U7B0, Rev: 01.00A01
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
PhysicalDrive2 Model Number: WDCWD20EADS-00R6B0, Rev: 01.00A01
PhysicalDrive3 Model Number: WDCWD20EADS-00R6B0, Rev: 01.00A01
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
1863 GB \\.\PhysicalDrive2 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive3 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
----------------------------------------------------------------------------------------
Doesn't Seem that either found anything unusual ?
-
Malwarebytes
Hi There
i though you should know - before even posting the problem initially I started running Malwarebytes (updated) It is still actually in the process of doing a full scan on C: and seems to have found one object.
Will post the results when completed
Regards
Murdo
-
Hello Murdo,
Yes please post the Malwarebytes log, post the one you ran before that found and removed entries and also the new one your running now.
-
Malwarebytes logs
Last scan before object detection :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5873
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
24/02/2011 9:31:15 PM
mbam-log-2011-02-24 (21-31-15).txt
Scan type: Quick scan
Objects scanned: 189349
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Last nights scan : 1 object found and removed
----------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5909
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
01/03/2011 9:49:44 AM
mbam-log-2011-03-01 (09-49-44).txt
Scan type: Full scan (C:\|)
Objects scanned: 430022
Time elapsed: 2 hour(s), 29 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\murdo & louise\Desktop\Murdo\Archive\Software\Software\sony vegas movie studio hd platinum 10.0.179\Keygen\sony products multikeygen v1.8.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
-
Hi,
c:\Users\murdo & louise\Desktop\Murdo\Archive\Software\Software\sony vegas movie studio hd platinum 10.0.179\Keygen\sony products multikeygen v1.8.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Your downloading illegal software. Almost all illegal software contains malicious code attached to it.
We do not support and condone the use of illegal software, if I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime.
This thread will now be closed
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
