Page 1 of 4 1234 LastLast
Results 1 to 10 of 37

Thread: Malware - PC Crashes / Browser redirects

  1. #1
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default Malware - PC Crashes / Browser redirects

    I think a Malware was introduced on my machine. MY PC crashes everytime I open Firefox now. Chrome gets hung. Only IE runs. The IE browser redirects to sites randomly even when genuine sites are clicked.
    Appreciate your help.
    Thanks.

    DDS log
    ----------------------

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Sanjana at 7:04:49.15 on Sun 01/30/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2239 [GMT -5:00]

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Windows\System32\jureg.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Data\MalwareRemoval\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    StartupFolder: c:\users\sanjana\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.barcap.com/workplace/webifiers/wficat.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 wvauth

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\sanjana\appdata\roaming\mozilla\firefox\profiles\lps6crmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\sanjana\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-31 260648]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 122368]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-31 6114816]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-31 47104]
    S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-31 49152]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-31 38400]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
    S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2011-01-27 16:28:33 -------- d-----w- c:\users\sanjana\hob
    2011-01-27 16:28:18 -------- d-----w- c:\users\sanjana\hob_jportal
    2011-01-23 05:51:37 0 ----a-w- c:\users\sanjana\appdata\local\Vpumebirit.bin
    2011-01-23 05:51:35 -------- d-----w- c:\users\sanjana\appdata\local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}
    2011-01-23 05:49:45 -------- d-----w- c:\progra~2\eAeLb06504

    ==================== Find3M ====================

    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87470555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x874767b0]; MOV EAX, [0x8747682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C7E458] -> \Device\Harddisk0\DR0[0x8744B030]
    3 CLASSPNP[0x8C99D59E] -> ntkrnlpa!IofCallDriver[0x82C7E458] -> [0x8771DE60]
    \Driver\iaStor[0x87451AF0] -> IRP_MJ_CREATE -> 0x87470555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&80d3227&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 7:05:31.01 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi sanjupan


    My name is Blottedisk, I'll be happy to assist you with all your malware problems you have on your computer. Solving any malware-related problem may or may not solve other issues you have with your machine. Before we start fixing your computer, there are a few points you need to know:


    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.



    Please follow these steps:


    Step 1 | Please download GMER from one of the following locations and save it to your desktop:

    Main Mirror - This version will download a randomly named file (Recommended)
    Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    --------------------------------------------------------------------

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.


    Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.



    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Make sure all options are checked except:
      • IAT/EAT
      • Drives/Partition other than Systemdrive, which is typically C:\
      • Show All (This is important, so do not miss it.)



    Click the image to enlarge it

    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode.


    Step 2 | Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.



    Please post back including:

    gmer.log
    MBRCheck logfile

  3. #3
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default GMER Log

    Thanks for your response.
    GMER Log
    ----------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-31 20:39:41
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.2AC1
    Running: mcd8ewmc.exe; Driver: C:\Users\Sanjana\AppData\Local\Temp\pwldypow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5F599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C83F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 77B65360 5 Bytes JMP 0029000A
    .text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 77B65EE0 5 Bytes JMP 002A000A
    .text C:\Windows\system32\svchost.exe[1088] ntdll.dll!KiUserExceptionDispatcher 77B66448 5 Bytes JMP 0028000A
    .text C:\Windows\system32\svchost.exe[1088] ole32.dll!CoCreateInstance 77A1590C 5 Bytes JMP 00C5000A
    .text C:\Windows\system32\svchost.exe[1088] USER32.dll!GetCursorPos 774EC198 5 Bytes JMP 013A000A
    .text C:\Program Files\real\realplayer\Update\realsched.exe[3412] kernel32.dll!SetUnhandledExceptionFilter 76603162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Windows\Explorer.EXE[3424] ntdll.dll!NtProtectVirtualMemory 77B65360 5 Bytes JMP 0224000A
    .text C:\Windows\Explorer.EXE[3424] ntdll.dll!NtWriteVirtualMemory 77B65EE0 5 Bytes JMP 0245000A
    .text C:\Windows\Explorer.EXE[3424] ntdll.dll!KiUserExceptionDispatcher 77B66448 5 Bytes JMP 0223000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000006a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&80d3227&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049d7f05
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???l?????k???????????b??????s???mrxsmb??????MSDMine??_???l?l????????????????????????@%systemroot%\system32\drivers\RdpRefMp.sys,-101?G???k?k?k?k0l?l?k???k?k?k?k?k?k?l???????l??????????????????? ???????5???l??volume_snapshot_install??????????k???????????????a???????e???????????????????k??????BD???l?????????????????s?????k???k???k???????????D???????????????????l?l.i???k???????????l???l???e??@%SystemRoot%\system32\vmstorfltres.dll,-1000????????????????????5??????????????????????????????? "??k???????????????????????????????l?l?????????%???????????????????l???k?k?k?k?l?l?l??? ???????k?????k?????k?~??????????"??????????R???e?k?k?k?k???k???l??? ???????k???????????k?~????????b????????????????k??????????????????????????FH?????k?&???????l???I??s???TCP/IP Registry Compatibility??????????????????s&????l???????????????????\??Microsoft????l???l????N??l????????D??????????l??? ??????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ???l??????????????BD???l??? ???????k?????k?????k?~??????????%? ???????B?????N??l?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????2B??????????? ?????????????????????1????????????????????? ?????????????????????1??????????????????????N???????????D?????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????B???????????{36fc9e60-c465-11cf-8056-444553540000}??ic??????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ???????n?????????????~??????????????????????1?????? ?????????????????????~??"???&?????????????????????????????????????????? ???????????????? ????~??"???&?????q?????????????????????????????????????????????????????????]??????????????l??????wpdmtp.inf:Generic.NTx86:MTP:6.1.7600.16385:usb\class_06&subclass_01&prot_01?????????????????????????????%??ic???????????????????????????4??4E??6.1.7600.16385?95C??????????????????????????????????MTP USB
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049d7f05 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?e???????e???????????????????v???????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p???????????????? ???????s???????????s????????&????? ??????????????????????????????e????? ???????o?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????????s????????h?????"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"???????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192??????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?????????????????????u?u?u??? ???????o?????s????????????????T????????????????????.??????????????????????System32\Drivers\ksecdd.sys??????????????????????????????0??e2??Root\*6TO4MP\0005???oem3.inf?????????????????????:???:????(??s?????????e??????????????8??s????????h?????????????????t???t???????t????????????B???v???????s???s???????????????????s???????e??????????????????????????????? ???????s???????????p????????0????? ?????????????????????????????s?????????????????????????????????????????????????? ???????o?????s?????s??????????R????????V??\SystemRoot\system32\DRIVERS\iaStorV.sys?l??SCSI Miniport?????R??s???????????d??iastorv.inf_x86_neutral_18cccb83b34e1453?????s?s?s?s?s?s?s?????????????g???????s?e???????e???????????????????v???????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p???????????????? ???????s???????????s????????&????? ??????????????????????????????e????? ???????o?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Fra

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default MBRCheck log

    MBRCheck log
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Latitude E5500
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 197):
    0x82C1C000 \SystemRoot\system32\ntkrnlpa.exe
    0x8302C000 \SystemRoot\system32\halmacpi.dll
    0x8761A000 \SystemRoot\system32\kdcom.dll
    0x83215000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8328D000 \SystemRoot\system32\PSHED.dll
    0x8329E000 \SystemRoot\system32\BOOTVID.dll
    0x832A6000 \SystemRoot\system32\CLFS.SYS
    0x832E8000 \SystemRoot\system32\CI.dll
    0x83403000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x83474000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x83482000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x834CA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x834D3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x834DB000 \SystemRoot\system32\DRIVERS\pci.sys
    0x83505000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x83510000 \SystemRoot\System32\drivers\partmgr.sys
    0x83521000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x83529000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x83534000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x83544000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8358F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x835BD000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8360D000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x836E7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x836F0000 \SystemRoot\system32\drivers\fltmgr.sys
    0x83724000 \SystemRoot\system32\drivers\fileinfo.sys
    0x83735000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8C43D000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8C56C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8C597000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8373F000 \SystemRoot\System32\Drivers\cng.sys
    0x8C5AA000 \SystemRoot\System32\drivers\pcw.sys
    0x8C5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C619000 \SystemRoot\system32\drivers\ndis.sys
    0x8C6D0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C70E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8C825000 \SystemRoot\System32\drivers\tcpip.sys
    0x8C96E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8C99F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8C9A8000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8C9E7000 \SystemRoot\System32\Drivers\spldr.sys
    0x8C733000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8C9EF000 \SystemRoot\system32\DRIVERS\PBADRV.sys
    0x8C800000 \SystemRoot\System32\Drivers\mup.sys
    0x8C810000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C760000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C792000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8C7A3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x91EEF000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x91F0E000 \SystemRoot\System32\Drivers\Null.SYS
    0x91F15000 \SystemRoot\System32\Drivers\Beep.SYS
    0x91F1C000 \SystemRoot\System32\drivers\vga.sys
    0x91F28000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91F49000 \SystemRoot\System32\drivers\watchdog.sys
    0x91F56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x91F5E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x91F66000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x91F6E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x91F79000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x91F87000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x91F9E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8379C000 \SystemRoot\system32\drivers\afd.sys
    0x91FA9000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91FDB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8C7C8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91FE2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x8C7E7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8C5C1000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8C600000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8C5DB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x83393000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91FF3000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8C7F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C9FA000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x8C5EB000 \SystemRoot\System32\drivers\discache.sys
    0x9042F000 \SystemRoot\system32\drivers\csc.sys
    0x90493000 \SystemRoot\System32\Drivers\dfsc.sys
    0x904AB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x904B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x92835000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x92E57000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x92F0E000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x92F47000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x92F52000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x92F9D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x92FAC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x93603000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
    0x93BE2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x904DA000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
    0x92FCB000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x92800000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x93BEC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x92819000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9051B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x90554000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x90561000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9056E000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x92FF7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x92831000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x90578000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x90581000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x90593000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x905A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x905B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x905CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x905D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x90400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90418000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C400000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8C417000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x8C421000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x835D3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x93BFD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x9301F000 \SystemRoot\system32\DRIVERS\ks.sys
    0x93053000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x93061000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x930A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x930B6000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x9311E000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x9314D000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x93166000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x97730000 \SystemRoot\System32\win32k.sys
    0x93189000 \SystemRoot\System32\drivers\Dxapi.sys
    0x93193000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x91E00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x931A0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x931B1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x97990000 \SystemRoot\System32\TSDDD.dll
    0x931BC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x931C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x931DA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x931E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x931E3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x931EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x979C0000 \SystemRoot\System32\cdd.dll
    0x93000000 \SystemRoot\system32\drivers\luafv.sys
    0x8DC3C000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
    0x8DC73000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8DC8D000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8DC9D000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8DCE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8DCF3000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x8DCFD000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x8DD07000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8DD23000 \SystemRoot\system32\drivers\HTTP.sys
    0x8DDA8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8DDC1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x8DDD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8DC00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x833D4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xB243D000 \SystemRoot\system32\drivers\peauth.sys
    0xB24D4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB24DE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xB24FF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB250C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xB255B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xB25AC000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xB25D6000 \??\C:\Users\Sanjana\AppData\Local\Temp\pwldypow.sys
    0x77B20000 \Windows\System32\ntdll.dll
    0x48260000 \Windows\System32\smss.exe
    0x77D60000 \Windows\System32\apisetschema.dll
    0x00620000 \Windows\System32\autochk.exe
    0x77CD0000 \Windows\System32\comdlg32.dll
    0x77CC0000 \Windows\System32\nsi.dll
    0x779C0000 \Windows\System32\ole32.dll
    0x77920000 \Windows\System32\usp10.dll
    0x77870000 \Windows\System32\rpcrt4.dll
    0x77C60000 \Windows\System32\difxapi.dll
    0x77730000 \Windows\System32\urlmon.dll
    0x776F0000 \Windows\System32\ws2_32.dll
    0x77620000 \Windows\System32\msctf.dll
    0x77600000 \Windows\System32\imm32.dll
    0x775B0000 \Windows\System32\Wldap32.dll
    0x774E0000 \Windows\System32\user32.dll
    0x774D0000 \Windows\System32\normaliz.dll
    0x774C0000 \Windows\System32\psapi.dll
    0x77460000 \Windows\System32\shlwapi.dll
    0x76810000 \Windows\System32\shell32.dll
    0x767E0000 \Windows\System32\imagehlp.dll
    0x76750000 \Windows\System32\clbcatq.dll
    0x76740000 \Windows\System32\lpk.dll
    0x76690000 \Windows\System32\msvcrt.dll
    0x765B0000 \Windows\System32\kernel32.dll
    0x763B0000 \Windows\System32\iertutil.dll
    0x76310000 \Windows\System32\advapi32.dll
    0x762C0000 \Windows\System32\gdi32.dll
    0x76120000 \Windows\System32\setupapi.dll
    0x76020000 \Windows\System32\wininet.dll
    0x75F90000 \Windows\System32\oleaut32.dll
    0x75F70000 \Windows\System32\sechost.dll
    0x75E50000 \Windows\System32\crypt32.dll
    0x75E00000 \Windows\System32\KernelBase.dll
    0x75DE0000 \Windows\System32\devobj.dll
    0x75DB0000 \Windows\System32\wintrust.dll
    0x75D20000 \Windows\System32\comctl32.dll
    0x75CF0000 \Windows\System32\cfgmgr32.dll
    0x75CE0000 \Windows\System32\msasn1.dll

    Processes (total 90):
    0 System Idle Process
    4 System
    300 C:\Windows\System32\smss.exe
    472 csrss.exe
    524 C:\Windows\System32\wininit.exe
    532 csrss.exe
    580 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    628 C:\Windows\System32\winlogon.exe
    772 C:\Windows\System32\svchost.exe
    836 C:\Program Files\Fingerprint Sensor\AtService.exe
    872 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
    1324 C:\Windows\System32\svchost.exe
    1516 C:\Windows\System32\svchost.exe
    1664 C:\Windows\System32\spoolsv.exe
    1724 C:\Windows\System32\svchost.exe
    1860 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    1912 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1964 C:\Program Files\Bonjour\mDNSResponder.exe
    1992 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2020 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    340 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    392 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1504 WmiPrvSE.exe
    1892 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    2056 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    2068 C:\Windows\System32\java.exe
    2100 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    2296 unsecapp.exe
    2304 C:\Windows\System32\conhost.exe
    2596 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2696 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2748 C:\Windows\System32\svchost.exe
    2788 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    3016 WmiPrvSE.exe
    3272 C:\Windows\System32\taskhost.exe
    3348 C:\Windows\System32\dwm.exe
    3424 C:\Windows\explorer.exe
    3888 C:\Windows\System32\svchost.exe
    3980 C:\Windows\System32\svchost.exe
    4032 C:\Program Files\DellTPad\Apoint.exe
    4040 C:\Program Files\IDT\WDM\sttray.exe
    4056 C:\Windows\System32\hkcmd.exe
    4064 C:\Windows\System32\igfxpers.exe
    4072 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4080 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    4092 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    1408 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    1380 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    1388 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    2684 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2892 C:\Windows\System32\jureg.exe
    636 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3164 C:\Windows\System32\schtasks.exe
    3512 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2836 C:\Windows\System32\conhost.exe
    3656 C:\Windows\System32\igfxsrvc.exe
    3412 C:\Program Files\real\realplayer\Update\realsched.exe
    4228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    4408 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    4432 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    4448 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    4700 C:\Windows\System32\igfxext.exe
    4836 C:\Windows\System32\SearchIndexer.exe
    5060 C:\Program Files\DellTPad\ApMsgFwd.exe
    5080 C:\Program Files\DellTPad\hidfind.exe
    5268 C:\Program Files\DellTPad\ApntEx.exe
    5352 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5488 C:\Windows\System32\conhost.exe
    3960 C:\Windows\System32\svchost.exe
    3816 C:\Windows\System32\svchost.exe
    700 C:\Windows\System32\svchost.exe
    3620 C:\Windows\System32\audiodg.exe
    2948 C:\Windows\System32\taskeng.exe
    5932 C:\Windows\System32\SearchFilterHost.exe
    944 C:\Program Files\Internet Explorer\iexplore.exe
    5244 C:\Program Files\Internet Explorer\iexplore.exe
    5252 C:\Program Files\Internet Explorer\iexplore.exe
    1944 C:\Windows\System32\dllhost.exe
    3920 C:\Windows\System32\SearchProtocolHost.exe
    2832 dllhost.exe
    5644 dllhost.exe
    5040 C:\Data\MalwareRemoval\MBRCheck.exe
    2540 C:\Windows\System32\conhost.exe
    4532 C:\Program Files\real\realplayer\realplay.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!

  5. #5
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi,


    Please download Combofix from either of the links below but rename it to gentleman.exe before saving it to your desktop.

    Link 1
    Link 2


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    --------------------------------------------------------------------

    • Right-click and choose "Run as administrator" on the renamed Combofix.exe & follow the prompts. When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    If you need help, see this link:
    http://www.bleepingcomputer.com/comb...o-use-combofix

  6. #6
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default Bsod

    I am getting the Blue Screen when I download and run Gentleman.exe (Combofix.exe).
    Do you want me to run this in Safe Mode or something. Not sure if that will resolve it.


    Thanks

  7. #7
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Yes please, try to run it in safe mode.

  8. #8
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default Please help

    Unfortunately the same result. My laptop crashes when I run the renamed ComboFix.exe. Please advise.

  9. #9
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi,


    It may be the infection interfering with Combofix. Please follow these steps:


    Step 1 | Please download TDSSKiller from one of the following mirrors and save it in your desktop:

    This is THE Mirror

    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and right click on TDSSKiller.exe and choose "Run as administrator" to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



    Step 2 | Please try to run Combofix again, following the procedure from my previous post.
    Last edited by Blottedisk; 2011-02-03 at 18:00.

  10. #10
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default TDS log

    TDSkiller log

    2011/02/03 22:43:39.0815 8016 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/03 22:43:40.0018 8016 ================================================================================
    2011/02/03 22:43:40.0018 8016 SystemInfo:
    2011/02/03 22:43:40.0018 8016
    2011/02/03 22:43:40.0018 8016 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/03 22:43:40.0018 8016 Product type: Workstation
    2011/02/03 22:43:40.0018 8016 ComputerName: SANJPC
    2011/02/03 22:43:40.0018 8016 UserName: Sanjana
    2011/02/03 22:43:40.0018 8016 Windows directory: C:\Windows
    2011/02/03 22:43:40.0018 8016 System windows directory: C:\Windows
    2011/02/03 22:43:40.0018 8016 Processor architecture: Intel x86
    2011/02/03 22:43:40.0018 8016 Number of processors: 2
    2011/02/03 22:43:40.0018 8016 Page size: 0x1000
    2011/02/03 22:43:40.0018 8016 Boot type: Normal boot
    2011/02/03 22:43:40.0018 8016 ================================================================================
    2011/02/03 22:43:40.0330 8016 Initialize success
    2011/02/03 22:43:49.0269 6960 ================================================================================
    2011/02/03 22:43:49.0269 6960 Scan started
    2011/02/03 22:43:49.0269 6960 Mode: Manual;
    2011/02/03 22:43:49.0269 6960 ================================================================================
    2011/02/03 22:43:49.0986 6960 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/03 22:43:50.0080 6960 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
    2011/02/03 22:43:50.0142 6960 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/03 22:43:50.0252 6960 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
    2011/02/03 22:43:50.0314 6960 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/03 22:43:50.0392 6960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/03 22:43:50.0454 6960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/03 22:43:50.0532 6960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/03 22:43:50.0642 6960 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/02/03 22:43:50.0704 6960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/03 22:43:50.0782 6960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/02/03 22:43:50.0938 6960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/03 22:43:50.0954 6960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/02/03 22:43:50.0969 6960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/03 22:43:51.0000 6960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/03 22:43:51.0047 6960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/03 22:43:51.0110 6960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/03 22:43:51.0188 6960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/03 22:43:51.0250 6960 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/03 22:43:51.0375 6960 ApfiltrService (12c94784e4fb5c5e45db8596b292c48a) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/02/03 22:43:51.0453 6960 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/02/03 22:43:51.0671 6960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/03 22:43:51.0718 6960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/03 22:43:51.0827 6960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/03 22:43:51.0905 6960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/03 22:43:52.0077 6960 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
    2011/02/03 22:43:52.0217 6960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/02/03 22:43:52.0295 6960 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/02/03 22:43:52.0436 6960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/02/03 22:43:52.0545 6960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/03 22:43:52.0607 6960 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
    2011/02/03 22:43:52.0670 6960 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/03 22:43:52.0701 6960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/03 22:43:52.0732 6960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/03 22:43:52.0763 6960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/03 22:43:52.0779 6960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/03 22:43:52.0810 6960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/03 22:43:52.0826 6960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/03 22:43:52.0872 6960 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/02/03 22:43:52.0935 6960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/03 22:43:52.0997 6960 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/02/03 22:43:53.0075 6960 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/02/03 22:43:53.0122 6960 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/02/03 22:43:53.0216 6960 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
    2011/02/03 22:43:53.0294 6960 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
    2011/02/03 22:43:53.0356 6960 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
    2011/02/03 22:43:53.0450 6960 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
    2011/02/03 22:43:53.0481 6960 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/02/03 22:43:53.0793 6960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/03 22:43:53.0840 6960 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/03 22:43:53.0886 6960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/03 22:43:53.0949 6960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/02/03 22:43:54.0011 6960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/03 22:43:54.0027 6960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/03 22:43:54.0058 6960 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/02/03 22:43:54.0105 6960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/03 22:43:54.0152 6960 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/03 22:43:54.0183 6960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/03 22:43:54.0276 6960 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/02/03 22:43:54.0339 6960 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/03 22:43:54.0401 6960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/02/03 22:43:54.0448 6960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/03 22:43:54.0542 6960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/03 22:43:54.0620 6960 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/03 22:43:54.0776 6960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/02/03 22:43:55.0010 6960 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/02/03 22:43:55.0088 6960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/03 22:43:55.0244 6960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/03 22:43:55.0290 6960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/02/03 22:43:55.0306 6960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/02/03 22:43:55.0337 6960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/03 22:43:55.0368 6960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/03 22:43:55.0400 6960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/02/03 22:43:55.0415 6960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/03 22:43:55.0446 6960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/03 22:43:55.0478 6960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/03 22:43:55.0509 6960 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/03 22:43:55.0556 6960 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/03 22:43:55.0649 6960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/03 22:43:55.0712 6960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/02/03 22:43:55.0758 6960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/03 22:43:55.0790 6960 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/03 22:43:55.0805 6960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/03 22:43:55.0821 6960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/03 22:43:55.0868 6960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/03 22:43:55.0899 6960 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/03 22:43:55.0977 6960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/03 22:43:56.0039 6960 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/02/03 22:43:56.0070 6960 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/03 22:43:56.0133 6960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/03 22:43:56.0226 6960 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/02/03 22:43:56.0273 6960 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/03 22:43:56.0445 6960 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/02/03 22:43:56.0726 6960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/03 22:43:56.0804 6960 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
    2011/02/03 22:43:56.0850 6960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/03 22:43:56.0866 6960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/03 22:43:56.0897 6960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/03 22:43:56.0960 6960 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/03 22:43:56.0991 6960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/02/03 22:43:57.0038 6960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/02/03 22:43:57.0069 6960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/03 22:43:57.0100 6960 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/03 22:43:57.0162 6960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/03 22:43:57.0209 6960 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/03 22:43:57.0240 6960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/03 22:43:57.0318 6960 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/03 22:43:57.0396 6960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/03 22:43:57.0459 6960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/03 22:43:57.0490 6960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/03 22:43:57.0521 6960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/03 22:43:57.0552 6960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/03 22:43:57.0584 6960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/02/03 22:43:57.0615 6960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/03 22:43:57.0630 6960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/03 22:43:57.0740 6960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/02/03 22:43:57.0786 6960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/03 22:43:57.0849 6960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/03 22:43:57.0927 6960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/03 22:43:57.0958 6960 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/03 22:43:57.0989 6960 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/03 22:43:58.0005 6960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/03 22:43:58.0036 6960 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/03 22:43:58.0098 6960 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/03 22:43:58.0130 6960 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/03 22:43:58.0161 6960 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/03 22:43:58.0192 6960 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/03 22:43:58.0208 6960 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/03 22:43:58.0301 6960 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
    2011/02/03 22:43:58.0332 6960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/02/03 22:43:58.0379 6960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/03 22:43:58.0395 6960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/03 22:43:58.0442 6960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/03 22:43:58.0473 6960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/03 22:43:58.0520 6960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/03 22:43:58.0551 6960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/03 22:43:58.0582 6960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/03 22:43:58.0629 6960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/03 22:43:58.0660 6960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/03 22:43:58.0707 6960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/02/03 22:43:58.0785 6960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/03 22:43:58.0847 6960 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/02/03 22:43:58.0894 6960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/03 22:43:58.0925 6960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/03 22:43:58.0972 6960 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/03 22:43:58.0988 6960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/03 22:43:59.0034 6960 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/03 22:43:59.0097 6960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/03 22:43:59.0128 6960 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/03 22:43:59.0362 6960 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
    2011/02/03 22:43:59.0612 6960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/03 22:43:59.0674 6960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/02/03 22:43:59.0705 6960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/03 22:43:59.0752 6960 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/03 22:43:59.0799 6960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/02/03 22:43:59.0830 6960 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/03 22:43:59.0861 6960 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/03 22:43:59.0924 6960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/03 22:43:59.0939 6960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/03 22:44:00.0080 6960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/03 22:44:00.0111 6960 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/02/03 22:44:00.0173 6960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/02/03 22:44:00.0220 6960 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
    2011/02/03 22:44:00.0251 6960 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/03 22:44:00.0282 6960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/03 22:44:00.0314 6960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/03 22:44:00.0345 6960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/02/03 22:44:00.0392 6960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/02/03 22:44:00.0501 6960 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
    2011/02/03 22:44:00.0610 6960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/03 22:44:00.0641 6960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/03 22:44:00.0704 6960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/03 22:44:00.0750 6960 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
    2011/02/03 22:44:00.0813 6960 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/02/03 22:44:00.0906 6960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/03 22:44:00.0953 6960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/03 22:44:00.0984 6960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/03 22:44:01.0000 6960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/03 22:44:01.0047 6960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/03 22:44:01.0109 6960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/03 22:44:01.0140 6960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/03 22:44:01.0172 6960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/03 22:44:01.0203 6960 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/03 22:44:01.0250 6960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/03 22:44:01.0281 6960 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/03 22:44:01.0343 6960 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/02/03 22:44:01.0390 6960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/03 22:44:01.0421 6960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/03 22:44:01.0468 6960 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/03 22:44:01.0562 6960 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/03 22:44:01.0640 6960 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/02/03 22:44:01.0702 6960 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/02/03 22:44:01.0749 6960 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
    2011/02/03 22:44:01.0780 6960 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/02/03 22:44:01.0858 6960 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/02/03 22:44:01.0874 6960 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
    2011/02/03 22:44:01.0920 6960 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/02/03 22:44:01.0967 6960 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
    2011/02/03 22:44:02.0045 6960 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
    2011/02/03 22:44:02.0123 6960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/03 22:44:02.0186 6960 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/02/03 22:44:02.0248 6960 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/03 22:44:02.0279 6960 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/03 22:44:02.0388 6960 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/02/03 22:44:02.0482 6960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/02/03 22:44:02.0576 6960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/03 22:44:02.0607 6960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/03 22:44:02.0622 6960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/03 22:44:02.0700 6960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/03 22:44:02.0747 6960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/03 22:44:02.0810 6960 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/03 22:44:02.0856 6960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/03 22:44:02.0888 6960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/02/03 22:44:02.0919 6960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/03 22:44:02.0934 6960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/03 22:44:03.0044 6960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/03 22:44:03.0153 6960 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\Windows\system32\DRIVERS\sonypvs1.sys
    2011/02/03 22:44:03.0184 6960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/02/03 22:44:03.0278 6960 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/03 22:44:03.0324 6960 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/03 22:44:03.0340 6960 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/03 22:44:03.0418 6960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/03 22:44:03.0512 6960 STHDA (674be634b14a6c773d2f4f46b7a1628b) C:\Windows\system32\DRIVERS\stwrt.sys
    2011/02/03 22:44:03.0590 6960 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/02/03 22:44:03.0636 6960 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/02/03 22:44:03.0652 6960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/03 22:44:03.0761 6960 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/02/03 22:44:03.0886 6960 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/03 22:44:03.0917 6960 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/03 22:44:03.0980 6960 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/03 22:44:04.0011 6960 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/03 22:44:04.0026 6960 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/03 22:44:04.0058 6960 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/03 22:44:04.0104 6960 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/03 22:44:04.0167 6960 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/03 22:44:04.0182 6960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/03 22:44:04.0214 6960 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/03 22:44:04.0276 6960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/03 22:44:04.0338 6960 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/03 22:44:04.0401 6960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/03 22:44:04.0463 6960 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/02/03 22:44:04.0541 6960 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/03 22:44:04.0557 6960 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/03 22:44:04.0604 6960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/03 22:44:04.0619 6960 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/03 22:44:04.0650 6960 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/03 22:44:04.0697 6960 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/03 22:44:04.0728 6960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/03 22:44:04.0760 6960 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/03 22:44:04.0791 6960 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/03 22:44:04.0869 6960 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
    2011/02/03 22:44:04.0962 6960 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2011/02/03 22:44:05.0009 6960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/03 22:44:05.0072 6960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/03 22:44:05.0103 6960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/02/03 22:44:05.0134 6960 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/03 22:44:05.0181 6960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/02/03 22:44:05.0212 6960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/02/03 22:44:05.0243 6960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/03 22:44:05.0290 6960 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/02/03 22:44:05.0321 6960 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/02/03 22:44:05.0337 6960 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/03 22:44:05.0352 6960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/03 22:44:05.0430 6960 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/03 22:44:05.0493 6960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/03 22:44:05.0680 6960 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
    2011/02/03 22:44:05.0727 6960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/02/03 22:44:05.0758 6960 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/02/03 22:44:05.0836 6960 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/02/03 22:44:05.0883 6960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/03 22:44:05.0914 6960 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/03 22:44:05.0914 6960 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/03 22:44:06.0023 6960 WavxDMgr (4011d285c449dd833040045cb0f0e3fe) C:\Windows\system32\DRIVERS\WavxDMgr.sys
    2011/02/03 22:44:06.0070 6960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/03 22:44:06.0101 6960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/03 22:44:06.0195 6960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/03 22:44:06.0226 6960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/02/03 22:44:06.0351 6960 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/02/03 22:44:06.0398 6960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/03 22:44:06.0444 6960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/03 22:44:06.0476 6960 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/03 22:44:06.0522 6960 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/03 22:44:06.0632 6960 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/03 22:44:06.0632 6960 ================================================================================
    2011/02/03 22:44:06.0632 6960 Scan finished
    2011/02/03 22:44:06.0632 6960 ================================================================================
    2011/02/03 22:44:06.0647 5964 Detected object count: 1
    2011/02/03 22:44:30.0936 5964 \HardDisk0 - will be cured after reboot
    2011/02/03 22:44:30.0936 5964 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/02/03 22:44:37.0114 3320 Deinitialize success

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •