Sadi
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Sadi
-
Ok, thanks.
-
Got all of them except C:\QooBox. When I try to delete that, it asks for my password as usual, acts like it is working, then says 'You need permission to perform this action.'
-
When I try to search for ComboFix /Uninstall, I'm told 'No items match your search.' I know where the file was saved, would deleting that do the same thing?
-
It has been running well. No signs of the old problems so far. Definitely a bit faster, if not fast as new. Thanks.
-
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: d35094e97b0622d4758ad80cec5458f6 Date first seen: 2011-07-14 23:46:32 (UTC) Date last seen: 2011-09-17 16:04:34 (UTC) Detection ratio: 0/44
-
Won't have a chance to do this until tomorrow due to work, but will do so then. Thanks.
-
Google and Gmail are no longer blocked by Malwarebytes. Seems to be working normally, though like I said the popups were random so hard to say that's gone for sure. Maybe even a bit faster. Looks all better from my end though! Hope it looks as clean to you. Thanks! ComboFix 11-09-15.05 - Admin 09/15/2011 16:55:43.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3325.1774 [GMT -7:00] Running from: c:\users\Greta\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Greta\AppData\Local\aimc.exe c:\users\Greta\AppData\Local\foyl.exe c:\users\Greta\AppData\Local\hkjg.exe c:\users\Greta\AppData\Local\nfdi.exe c:\users\Greta\AppData\Local\qawm.exe c:\users\Greta\AppData\Local\ugtt.exe c:\users\Greta\AppData\Local\wguj.exe c:\users\Greta\AppData\Local\ysyo.exe c:\users\Greta\AppData\Roaming\31CA.2A4 c:\users\Greta\wrar371.exe c:\windows\system32\comct332.ocx . . ((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 ))))))))))))))))))))))))))))))) . . 2011-09-16 00:02 . 2011-09-16 00:03 -------- d-----w- c:\users\Admin\AppData\Local\temp 2011-09-16 00:02 . 2011-09-16 00:02 -------- d-----w- c:\users\Eric\AppData\Local\temp 2011-09-16 00:02 . 2011-09-16 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-31 15:39 . 2011-08-31 15:39 709968 ----a-w- c:\windows\is-0N4MA.exe 2011-08-31 01:09 . 2011-08-31 01:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-04 17:48 . 2011-08-04 17:48 0 ----a-w- c:\programdata\yidx.exe 2011-08-04 17:48 . 2011-08-04 17:48 0 ----a-w- c:\programdata\fpjw.exe 2011-08-04 17:48 . 2011-08-04 17:48 0 ----a-w- c:\programdata\fikt.exe 2011-08-04 17:48 . 2011-08-04 17:48 0 ----a-w- c:\programdata\caoj.exe 2011-07-28 01:11 . 2011-07-28 01:11 0 ----a-w- c:\programdata\ylap.exe 2011-07-28 01:11 . 2011-07-28 01:11 0 ----a-w- c:\programdata\ixty.exe 2011-07-28 01:11 . 2011-07-28 01:11 0 ----a-w- c:\programdata\fmuq.exe 2011-07-28 01:11 . 2011-07-28 01:11 0 ----a-w- c:\programdata\cpeh.exe 2011-07-07 02:52 . 2011-08-04 19:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-08-04 19:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 16:43 . 2011-06-19 16:43 2600 ----a-w- C:\xp_exe_fix.reg 2011-04-14 16:26 . 2011-06-15 01:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824] "Fitbit Service Monitor"="c:\program files\Fitbit\fitbit-tray.exe" [2011-07-11 2162296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "WTClient"="WTClient.exe" [2007-04-11 40960] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] "InnoSetupRegFile.0000000001"="c:\windows\is-0N4MA.exe" [2011-08-31 709968] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2006-11-02 216064] . c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files\Trillian\trillian.exe [2007-7-19 1873280] . c:\users\Greta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [N/A] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560] R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 Fitbit;Fitbit Data Uploader;c:\program files\Fitbit\fitbit.exe [2011-07-11 786040] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-09 235624] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-04-30 14848] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-09-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 04:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070425 uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zzw3eq56.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\aro.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-FITBIT&10C4&84C4 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-15 17:03 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\a4e35ee8] "imagepath"="\??\c:\windows\TEMP\A11A.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-478687933-808470084-128191163-1000\Software\SecuROM\License information*] "datasecu"=hex:01,f7,aa,3f,12,98,a0,20,91,f4,00,b6,fb,e9,5d,ff,9a,ab,ec,a5,e7, 42,da,2a,5c,be,3d,b9,63,7a,11,38,c4,7a,9b,e7,89,ec,7e,7c,99,bc,1d,14,52,9c,\ "rkeysecu"=hex:e2,25,d7,02,ad,58,c1,fe,cf,f6,22,67,27,6b,87,2d . Completion time: 2011-09-15 17:04:52 ComboFix-quarantined-files.txt 2011-09-16 00:04 . Pre-Run: 104,658,739,200 bytes free Post-Run: 116,258,471,936 bytes free . - - End Of File - - F0CF919E2F42A154BA222234F31A901F
-
Google seems to have stopped redirecting, though I'll have to give it a little bit to be sure, because even during the problem, once in a while it would work for a bit. Malwarebytes still blocks the Google page and Gmail, unless I turn off Website Blocking. Overall, computer may be acting just a touch slower, but that could be my imagination. No random tabs have popped up yet, but that was always random, so can't say if that means anything. Thanks for your continued help! 2011/09/15 16:19:47.0903 34456 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17 2011/09/15 16:19:48.0257 34456 ================================================================================ 2011/09/15 16:19:48.0257 34456 SystemInfo: 2011/09/15 16:19:48.0257 34456 2011/09/15 16:19:48.0257 34456 OS Version: 6.0.6000 ServicePack: 0.0 2011/09/15 16:19:48.0257 34456 Product type: Workstation 2011/09/15 16:19:48.0257 34456 ComputerName: SADI 2011/09/15 16:19:48.0257 34456 UserName: Admin 2011/09/15 16:19:48.0257 34456 Windows directory: C:\Windows 2011/09/15 16:19:48.0257 34456 System windows directory: C:\Windows 2011/09/15 16:19:48.0257 34456 Processor architecture: Intel x86 2011/09/15 16:19:48.0257 34456 Number of processors: 2 2011/09/15 16:19:48.0257 34456 Page size: 0x1000 2011/09/15 16:19:48.0257 34456 Boot type: Normal boot 2011/09/15 16:19:48.0257 34456 ================================================================================ 2011/09/15 16:19:50.0378 34456 Initialize success 2011/09/15 16:19:52.0777 34460 ================================================================================ 2011/09/15 16:19:52.0777 34460 Scan started 2011/09/15 16:19:52.0777 34460 Mode: Manual; 2011/09/15 16:19:52.0777 34460 ================================================================================ 2011/09/15 16:19:54.0351 34460 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/09/15 16:19:54.0433 34460 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/09/15 16:19:54.0493 34460 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/09/15 16:19:54.0808 34460 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/09/15 16:19:54.0846 34460 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/09/15 16:19:54.0922 34460 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/09/15 16:19:54.0953 34460 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 2011/09/15 16:19:54.0989 34460 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/09/15 16:19:55.0032 34460 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys 2011/09/15 16:19:55.0056 34460 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 2011/09/15 16:19:55.0088 34460 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys 2011/09/15 16:19:55.0130 34460 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/09/15 16:19:55.0153 34460 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/09/15 16:19:55.0209 34460 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/09/15 16:19:55.0245 34460 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/09/15 16:19:55.0345 34460 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/09/15 16:19:55.0378 34460 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys 2011/09/15 16:19:55.0493 34460 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 2011/09/15 16:19:55.0545 34460 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 2011/09/15 16:19:55.0574 34460 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 2011/09/15 16:19:55.0610 34460 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 2011/09/15 16:19:55.0653 34460 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys 2011/09/15 16:19:55.0685 34460 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 2011/09/15 16:19:55.0722 34460 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys 2011/09/15 16:19:55.0778 34460 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 2011/09/15 16:19:55.0830 34460 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/09/15 16:19:55.0882 34460 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/09/15 16:19:55.0955 34460 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/09/15 16:19:55.0984 34460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/09/15 16:19:56.0030 34460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/09/15 16:19:56.0083 34460 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/09/15 16:19:56.0110 34460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/09/15 16:19:56.0131 34460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/09/15 16:19:56.0153 34460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/09/15 16:19:56.0189 34460 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/09/15 16:19:56.0227 34460 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/09/15 16:19:56.0248 34460 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/09/15 16:19:56.0288 34460 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/09/15 16:19:56.0335 34460 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/09/15 16:19:56.0365 34460 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys 2011/09/15 16:19:56.0389 34460 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2011/09/15 16:19:56.0407 34460 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/09/15 16:19:56.0439 34460 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/09/15 16:19:56.0491 34460 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/09/15 16:19:56.0565 34460 dhdusb.NTx86 (1ca43cc75ad0b3d8656caddd6720d4ae) C:\Windows\system32\DRIVERS\bcmusbdhdlh.sys 2011/09/15 16:19:56.0585 34460 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/09/15 16:19:56.0642 34460 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/09/15 16:19:56.0691 34460 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/09/15 16:19:56.0802 34460 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys 2011/09/15 16:19:56.0887 34460 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/09/15 16:19:57.0036 34460 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/09/15 16:19:57.0105 34460 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/09/15 16:19:57.0183 34460 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/09/15 16:19:57.0244 34460 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/09/15 16:19:57.0266 34460 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/09/15 16:19:57.0293 34460 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/09/15 16:19:57.0334 34460 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/09/15 16:19:57.0369 34460 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/09/15 16:19:57.0411 34460 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/09/15 16:19:57.0450 34460 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/09/15 16:19:57.0479 34460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/09/15 16:19:57.0539 34460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/09/15 16:19:57.0573 34460 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/09/15 16:19:57.0610 34460 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/09/15 16:19:57.0636 34460 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/09/15 16:19:57.0685 34460 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/09/15 16:19:57.0724 34460 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/09/15 16:19:57.0824 34460 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/09/15 16:19:57.0866 34460 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/09/15 16:19:57.0923 34460 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/09/15 16:19:58.0017 34460 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/09/15 16:19:58.0076 34460 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/09/15 16:19:58.0112 34460 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys 2011/09/15 16:19:58.0136 34460 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/09/15 16:19:58.0159 34460 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/09/15 16:19:58.0198 34460 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/09/15 16:19:58.0222 34460 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/09/15 16:19:58.0271 34460 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/09/15 16:19:58.0296 34460 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 2011/09/15 16:19:58.0324 34460 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/09/15 16:19:58.0348 34460 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/09/15 16:19:58.0373 34460 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/09/15 16:19:58.0396 34460 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/09/15 16:19:58.0464 34460 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/09/15 16:19:58.0505 34460 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/09/15 16:19:58.0565 34460 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/09/15 16:19:58.0609 34460 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/09/15 16:19:58.0651 34460 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/09/15 16:19:58.0682 34460 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/09/15 16:19:58.0718 34460 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/09/15 16:19:58.0781 34460 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/09/15 16:19:58.0815 34460 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/09/15 16:19:58.0856 34460 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/09/15 16:19:58.0973 34460 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/09/15 16:19:59.0005 34460 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/09/15 16:19:59.0023 34460 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/09/15 16:19:59.0048 34460 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/09/15 16:19:59.0094 34460 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/09/15 16:19:59.0147 34460 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/09/15 16:19:59.0184 34460 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/09/15 16:19:59.0217 34460 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/09/15 16:19:59.0273 34460 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/09/15 16:19:59.0295 34460 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/09/15 16:19:59.0377 34460 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/09/15 16:19:59.0405 34460 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys 2011/09/15 16:19:59.0444 34460 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/09/15 16:19:59.0488 34460 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/09/15 16:19:59.0522 34460 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys 2011/09/15 16:19:59.0561 34460 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/09/15 16:19:59.0597 34460 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/09/15 16:19:59.0645 34460 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/09/15 16:19:59.0688 34460 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/09/15 16:19:59.0719 34460 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/09/15 16:19:59.0762 34460 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/09/15 16:19:59.0777 34460 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/09/15 16:19:59.0840 34460 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/09/15 16:19:59.0886 34460 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/09/15 16:19:59.0935 34460 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/09/15 16:19:59.0960 34460 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/09/15 16:19:59.0985 34460 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/09/15 16:20:00.0008 34460 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/09/15 16:20:00.0030 34460 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/09/15 16:20:00.0059 34460 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/09/15 16:20:00.0101 34460 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/09/15 16:20:00.0127 34460 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/09/15 16:20:00.0164 34460 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/09/15 16:20:00.0236 34460 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/09/15 16:20:00.0289 34460 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/09/15 16:20:00.0315 34460 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/09/15 16:20:00.0387 34460 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys 2011/09/15 16:20:01.0031 34460 nvlddmkm (27742b94d0244bbeb9ce1c332a2577a3) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/09/15 16:20:01.0328 34460 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/09/15 16:20:01.0363 34460 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 2011/09/15 16:20:01.0409 34460 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 2011/09/15 16:20:01.0473 34460 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/09/15 16:20:01.0525 34460 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/09/15 16:20:01.0579 34460 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys 2011/09/15 16:20:01.0613 34460 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/09/15 16:20:01.0691 34460 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys 2011/09/15 16:20:01.0738 34460 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys 2011/09/15 16:20:01.0793 34460 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/09/15 16:20:01.0860 34460 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/09/15 16:20:01.0935 34460 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/09/15 16:20:01.0974 34460 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/09/15 16:20:02.0050 34460 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/09/15 16:20:02.0328 34460 PTSimBus (688983e03c0d82b2efa1db89792c4c6c) C:\Windows\system32\DRIVERS\PTSimBus.sys 2011/09/15 16:20:02.0370 34460 PTSimHid (fdc1a2e536b5cbce1c2245cd5ad910eb) C:\Windows\system32\DRIVERS\PTSimHid.sys 2011/09/15 16:20:02.0418 34460 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 2011/09/15 16:20:02.0480 34460 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/09/15 16:20:02.0537 34460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/09/15 16:20:02.0581 34460 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/09/15 16:20:02.0665 34460 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/09/15 16:20:02.0734 34460 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/09/15 16:20:02.0783 34460 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/09/15 16:20:02.0806 34460 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/09/15 16:20:02.0827 34460 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/09/15 16:20:02.0845 34460 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/09/15 16:20:02.0898 34460 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys 2011/09/15 16:20:02.0919 34460 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/09/15 16:20:02.0987 34460 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/09/15 16:20:03.0071 34460 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/09/15 16:20:03.0120 34460 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/09/15 16:20:03.0249 34460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/09/15 16:20:03.0468 34460 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2011/09/15 16:20:04.0031 34460 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys 2011/09/15 16:20:04.0171 34460 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/09/15 16:20:04.0251 34460 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/09/15 16:20:04.0364 34460 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/09/15 16:20:04.0409 34460 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/09/15 16:20:04.0454 34460 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/09/15 16:20:04.0488 34460 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 2011/09/15 16:20:04.0534 34460 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/09/15 16:20:04.0556 34460 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/09/15 16:20:04.0620 34460 SIUSBXP (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\SiUSBXp.sys 2011/09/15 16:20:04.0662 34460 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/09/15 16:20:04.0688 34460 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/09/15 16:20:04.0773 34460 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/09/15 16:20:04.0834 34460 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/09/15 16:20:04.0900 34460 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/09/15 16:20:05.0062 34460 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys 2011/09/15 16:20:05.0117 34460 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys 2011/09/15 16:20:05.0164 34460 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/09/15 16:20:05.0207 34460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/09/15 16:20:05.0258 34460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/09/15 16:20:05.0338 34460 TClass2k (1b3c28d36e669deeb39331255a3feeeb) C:\Windows\system32\DRIVERS\TClass2k.sys 2011/09/15 16:20:05.0455 34460 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/09/15 16:20:05.0568 34460 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/09/15 16:20:05.0606 34460 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/09/15 16:20:05.0647 34460 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/09/15 16:20:05.0679 34460 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/09/15 16:20:05.0708 34460 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/09/15 16:20:05.0730 34460 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys 2011/09/15 16:20:05.0789 34460 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/09/15 16:20:05.0895 34460 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/09/15 16:20:05.0965 34460 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/09/15 16:20:05.0999 34460 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/09/15 16:20:06.0086 34460 UCTblHid (adfa2e999bd2ddf89187dcbf0e3dd404) C:\Windows\system32\DRIVERS\UCTblHid.sys 2011/09/15 16:20:06.0116 34460 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/09/15 16:20:06.0185 34460 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 2011/09/15 16:20:06.0306 34460 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/09/15 16:20:06.0376 34460 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/09/15 16:20:06.0421 34460 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/09/15 16:20:06.0443 34460 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/09/15 16:20:06.0513 34460 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/09/15 16:20:06.0581 34460 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 2011/09/15 16:20:06.0632 34460 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/09/15 16:20:06.0672 34460 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/09/15 16:20:06.0720 34460 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys 2011/09/15 16:20:06.0769 34460 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys 2011/09/15 16:20:06.0817 34460 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys 2011/09/15 16:20:06.0848 34460 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/09/15 16:20:06.0884 34460 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/09/15 16:20:06.0925 34460 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/09/15 16:20:06.0995 34460 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/09/15 16:20:07.0022 34460 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/09/15 16:20:07.0058 34460 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 2011/09/15 16:20:07.0082 34460 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/09/15 16:20:07.0106 34460 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys 2011/09/15 16:20:07.0136 34460 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys 2011/09/15 16:20:07.0163 34460 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/09/15 16:20:07.0213 34460 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/09/15 16:20:07.0250 34460 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/09/15 16:20:07.0304 34460 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/09/15 16:20:07.0373 34460 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/15 16:20:07.0440 34460 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/15 16:20:07.0475 34460 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/09/15 16:20:07.0526 34460 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/09/15 16:20:07.0654 34460 WinUSB (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/09/15 16:20:07.0691 34460 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/09/15 16:20:07.0790 34460 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/09/15 16:20:07.0820 34460 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/09/15 16:20:07.0871 34460 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/09/15 16:20:07.0908 34460 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/09/15 16:20:07.0949 34460 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0 2011/09/15 16:20:07.0957 34460 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/09/15 16:20:07.0974 34460 Boot (0x1200) (43e1a9d45ca44e482f342015e2f0256c) \Device\Harddisk0\DR0\Partition0 2011/09/15 16:20:07.0993 34460 Boot (0x1200) (d91c7e717f283995fdecbae33d2153ae) \Device\Harddisk0\DR0\Partition1 2011/09/15 16:20:07.0997 34460 ================================================================================ 2011/09/15 16:20:07.0997 34460 Scan finished 2011/09/15 16:20:07.0997 34460 ================================================================================ 2011/09/15 16:20:08.0005 33592 Detected object count: 1 2011/09/15 16:20:08.0005 33592 Actual detected object count: 1 2011/09/15 16:20:13.0114 33592 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/09/15 16:20:13.0114 33592 \Device\Harddisk0\DR0 - ok 2011/09/15 16:20:13.0151 33592 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/09/15 16:20:20.0878 34772 Deinitialize success
-
"Please download ATF Cleaner by Atribune." I follow the link, but instead download PC Cleaner by PC HelpSoft, which Malwarebytes then identifies as malware and asks to quarantine. If I try to go to atribune.org, to try to get it direct, I get a 500 error page. Just want to make sure this is actually the correct thing before I go through with it, since the names both do not match, and MB didn't like it. Thank you!
-
I got Malwarebytes mainly to deal with the following issue: When I do a Google search, in Firefox OR Internet Explorer, I get search results as normal, but if I try to click any of them, they start to go to the correct page, then redirects to a seemingly random page; sometimes something that looks like Google News, sometimes a random add. Also, seemingly randomly a new tab will occasionally pop up with one of these pages as well, sometimes while I'm not even at my computer. I have it set up so new windows open in a new tab, so I'm guessing it's trying to open a whole new window. Sometimes it even causes the window to resize. Malwarebytes has blocked me from going to Google (or rather, fake Google, as that's what I get even if I type in the URL), but has also blocked anything related, such as GMail and GTalk, which were working fine. Help would be greatly appreciated, thanks! Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7697 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 9/14/2011 8:41:54 AM mbam-log-2011-09-14 (08-41-54).txt Scan type: Quick scan Objects scanned: 154638 Time elapsed: 8 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_23 Run by Admin at 9:03:29 on 2011-09-14 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3325.683 [GMT -7:00] . . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\Drivers\WTSRV.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\AVG\AVG10\avgscanx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\WTClient.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Fitbit\fitbit.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070425 uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070425 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe uRunOnce: [spchecker] "c:\program files\avg\avg10\notification\SPCheckerTE.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [sigmatelSysTrayApp] sttray.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [<NO NAME>] mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [WTClient] WTClient.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-0N4MA.exe" /REG /REGSVRMODE mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{56E33D23-83FD-43BC-BE5B-1170FF271116} : DhcpNameServer = 168.94.0.15 168.94.0.14 TCP: Interfaces\{7EE79AEB-F8FB-4F18-8541-DC0DE852A505} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Hosts: 95.64.61.141 www.google.com Hosts: 95.64.61.142 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\zzw3eq56.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2011-7-28 786040] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-31 366640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-8-8 235624] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936] R3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\bcmusbdhdlh.sys [2008-9-22 241656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-5 105576] R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-7-28 14848] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-4 41272] S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528] . =============== Created Last 30 ================ . 2011-08-31 15:39:20 709968 ----a-w- c:\windows\is-0N4MA.exe . ==================== Find3M ==================== . 2011-08-04 17:48:55 0 ----a-w- c:\programdata\yidx.exe 2011-08-04 17:48:55 0 ----a-w- c:\programdata\fpjw.exe 2011-08-04 17:48:55 0 ----a-w- c:\programdata\fikt.exe 2011-08-04 17:48:55 0 ----a-w- c:\programdata\caoj.exe 2011-07-28 01:11:20 0 ----a-w- c:\programdata\ylap.exe 2011-07-28 01:11:20 0 ----a-w- c:\programdata\ixty.exe 2011-07-28 01:11:20 0 ----a-w- c:\programdata\fmuq.exe 2011-07-28 01:11:20 0 ----a-w- c:\programdata\cpeh.exe 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 16:43:26 2600 ----a-w- C:\xp_exe_fix.reg . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6000 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87CCB4D0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87cd17d0]; MOV EAX, [0x87cd184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82C27F3B] -> \Device\Harddisk0\DR0[0x8761A730] 3 nt[0x82CB07E2] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x881CA5E0] \Driver\nvstor[0x87820A38] -> IRP_MJ_CREATE -> 0x87CCB4D0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } detected disk devices: \Device\0000004e -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-75TMA#4&201f1e9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 9:04:23.25 =============== GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-14 09:24:54 Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000032 WDC_WD50 rev.12.0 Running: d6ec8953.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxrdypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8DC827A0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8DC82848] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8DC828E4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8DC82980] ---- Kernel code sections - GMER 1.0.15 ---- PAGE CI.dll!CiInitialize + 3340 805EDBAA 1 Byte [C4] PAGE CI.dll!CiInitialize + 3340 805EDBAA 3 Bytes [C4, 00, 00] ? C:\Users\Admin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[312] ntdll.dll!NtProtectVirtualMemory 776CFD74 5 Bytes JMP 001B000A .text C:\Windows\system32\svchost.exe[312] ntdll.dll!NtWriteVirtualMemory 776D06F4 5 Bytes JMP 002C000A .text C:\Windows\system32\svchost.exe[312] ntdll.dll!KiUserExceptionDispatcher 776D0E88 5 Bytes JMP 001A000A .text C:\Windows\Explorer.EXE[2660] ntdll.dll!NtProtectVirtualMemory 776CFD74 5 Bytes JMP 0130000A .text C:\Windows\Explorer.EXE[2660] ntdll.dll!NtWriteVirtualMemory 776D06F4 5 Bytes JMP 0131000A .text C:\Windows\Explorer.EXE[2660] ntdll.dll!KiUserExceptionDispatcher 776D0E88 5 Bytes JMP 00F2000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6952] ntdll.dll!NtProtectVirtualMemory 776CFD74 5 Bytes JMP 0018000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6952] ntdll.dll!NtWriteVirtualMemory 776D06F4 5 Bytes JMP 0019000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6952] ntdll.dll!KiUserExceptionDispatcher 776D0E88 5 Bytes JMP 0017000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7856] USER32.dll!SetWindowLongA 767BB211 4 Bytes JMP 634E8DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7856] USER32.dll!GetWindowInfo 767C00DB 5 Bytes JMP 63317187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7856] USER32.dll!SetWindowLongW 767D244A 4 Bytes JMP 634E8D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7856] USER32.dll!TrackPopupMenu 767DCFF8 4 Bytes JMP 63317781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) Device \Device\0000004e -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-75TMA#4&201f1e9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- EOF - GMER 1.0.15 ---- Attach.zip