Jump to content

Wininit.exe rootkit?...redirects...survives formatting?


azzihs

Recommended Posts

First of all the only symptom I have noticed are browser redirects in chrome and ie. I'm sure theres other things going on but nothing noticeable right off the bat. Second of all, I have formatted with fresh installs of Windows 7 and I seem to be instantly reinfected each time. I don't know if this is somehow surviving the formatting or if I am somehow reinfected myself or being exploited each time, but this is extremely frustrating.

The first time I ran ComboFix it said Wininit.exe was infected! but it didn't attempt to do anything about it. I realized I had forgotten to close Kaspersky so I closed it and reran it, now it says it has successfully restored wininit.exe but the virus/rootkit is still there. I could try rerunning ComboFix again if someone thinks it will be productive but I'm almost certain it will just do the exact same thing. After ComboFix rebooted the system I had to give a file called rmbr.cfxxe or something of those sorts permissions in Kaspersky before it would complete the log generation and close. Google searches showed this file seemed to be related to ComboFix so i gave it permissions.

I had TDSS.Rootkit in the somewhat recent past but I had run tdsskiller on it already and have formatted several times since then. I don't know if this virus/rootkit could be related to that somehow.

TDSSKiller is coming up clean but I'm posting the log anyway in case it could be of use

MBAM is coming up clean

Kaspersky is coming up clean

ESET Online Scanner is coming up clean

Gmer isnt highlighting anything in red or giving me any popups while scanning

PLEASE HELP

Logs:

Link to post
Share on other sites

ComboFix 10-12-20.01 - Brandon 12/20/2010 20:50:28.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1012.471 [GMT -5:00]

Running from: c:\users\Brandon\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))

.

2010-12-21 02:01 . 2010-12-21 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-21 01:44 . 2010-12-21 01:44 -------- d-----w- c:\program files\CCleaner

2010-12-21 00:10 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:10 . 2010-12-21 00:10 -------- d-----w- c:\programdata\Malwarebytes

2010-12-21 00:10 . 2010-12-21 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-21 00:10 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 23:39 . 2010-12-20 23:39 -------- d-----w- c:\program files\uTorrent

2010-12-20 23:35 . 2010-12-20 23:36 -------- d-----w- c:\users\Brandon

2010-12-20 23:35 . 2010-12-20 23:35 -------- d-----w- C:\Recovery

2010-12-20 23:24 . 2010-12-20 23:35 -------- d-----w- c:\windows\Panther

2010-12-20 23:05 . 2010-12-20 23:06 -------- d-----w- c:\windows\system32\autorun

2010-12-20 23:03 . 2006-03-23 17:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe

2010-12-20 23:03 . 2007-04-13 16:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE

2010-12-20 23:03 . 2006-03-30 18:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe

2010-12-20 23:03 . 2005-12-09 14:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe

2010-12-20 23:03 . 2004-11-03 14:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll

2010-12-20 23:03 . 2010-12-20 23:03 -------- d-----w- C:\Acer

2010-12-20 21:52 . 2010-12-20 22:03 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-20 21:52 . 2010-12-20 22:03 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-20 21:51 . 2010-12-21 02:04 -------- d-----w- c:\programdata\Kaspersky Lab

2010-12-20 21:51 . 2010-12-20 21:51 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-20 21:48 . 2010-12-20 21:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2010-12-20 21:19 . 2007-12-03 23:11 207368 ----a-w- c:\windows\UNINST32.EXE

2010-12-20 21:17 . 2010-12-20 21:17 -------- d-----w- c:\program files\7-Zip

2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\programdata\AIM

2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\AIM

2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-12-20 21:09 . 2010-12-20 21:09 -------- d-----w- c:\program files\Common Files\AOL

2010-12-20 21:00 . 2010-12-20 21:00 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-12-20 20:59 . 2010-12-20 20:59 -------- d-----w- c:\windows\PCHEALTH

2010-12-20 20:59 . 2010-12-20 21:53 -------- d-sh--w- c:\windows\Installer

2010-12-20 20:58 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{130E0235-A542-47E2-980B-38AECAA30ACC}\mpengine.dll

2010-12-20 20:58 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-20 20:54 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-20 20:45 . 2010-12-20 20:45 -------- d-----w- c:\windows\system32\x64

2010-12-20 20:45 . 2009-09-24 03:30 1002008 ----a-w- c:\windows\system32\igxpun.exe

2010-12-20 20:43 . 2010-12-20 23:35 -------- d-----w- c:\windows\system32\wbem\Performance

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-11 14:50 . 2010-11-11 14:50 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-11 14:50 . 2010-11-11 14:50 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-11 14:50 . 2010-11-11 14:50 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-11-11 14:49 . 2010-11-11 14:49 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-11-11 14:49 . 2010-11-11 14:49 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-11-11 14:49 . 2010-11-11 14:49 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-11-11 14:49 . 2010-11-11 14:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-11-11 14:49 . 2010-11-11 14:49 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-11 14:48 . 2010-11-11 14:48 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-11-11 14:48 . 2010-11-11 14:48 417792 ----a-w- c:\windows\system32\msdri.dll

2010-11-11 14:48 . 2010-11-11 14:48 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-11-11 14:48 . 2010-11-11 14:48 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-11-11 14:48 . 2010-11-11 14:48 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-11-11 14:48 . 2010-11-11 14:48 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-11-11 14:47 . 2010-11-11 14:47 224256 ----a-w- c:\windows\system32\schannel.dll

2010-11-11 14:47 . 2010-11-11 14:47 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-11 14:47 . 2010-11-11 14:47 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-11 14:46 . 2010-11-11 14:46 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-11-11 14:45 . 2010-11-11 14:45 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-11 14:44 . 2010-11-11 14:44 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-11-11 14:44 . 2010-11-11 14:44 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-11-11 14:43 . 2010-11-11 14:43 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-11 14:43 . 2010-11-11 14:43 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys

2010-11-11 14:43 . 2010-11-11 14:43 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2010-11-11 14:43 . 2010-11-11 14:43 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-11 14:43 . 2010-11-11 14:43 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-11 14:43 . 2010-11-11 14:43 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-11 14:43 . 2010-11-11 14:43 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-11 14:43 . 2010-11-11 14:43 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-11 14:41 . 2010-11-11 14:41 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-11 14:40 . 2010-11-11 14:40 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-11 14:40 . 2010-11-11 14:40 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-11 14:40 . 2010-11-11 14:40 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-11 14:39 . 2010-11-11 14:39 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-11-11 14:39 . 2010-11-11 14:39 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-11 14:39 . 2010-11-11 14:39 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-11-11 14:38 . 2010-11-11 14:38 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-11-11 14:38 . 2010-11-11 14:38 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-11-11 14:37 . 2010-11-11 14:37 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-11-11 14:37 . 2010-11-11 14:37 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-11 14:37 . 2010-11-11 14:37 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-11 14:36 . 2010-11-11 14:36 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-11-11 14:36 . 2010-11-11 14:36 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-11-11 14:36 . 2010-11-11 14:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-11-11 14:35 . 2010-11-11 14:35 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-11 14:35 . 2010-11-11 14:35 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-11 14:35 . 2010-11-11 14:35 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-11-11 14:35 . 2010-11-11 14:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-11-11 14:35 . 2010-11-11 14:35 369152 ----a-w- c:\windows\system32\secproc.dll

2010-11-11 14:35 . 2010-11-11 14:35 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-11-11 14:35 . 2010-11-11 14:35 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-11-11 14:35 . 2010-11-11 14:35 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-11-11 14:35 . 2010-11-11 14:35 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-11-11 14:35 . 2010-11-11 14:35 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-11-11 14:34 . 2010-11-11 14:34 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-11 14:34 . 2010-11-11 14:34 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-11-11 14:34 . 2010-11-11 14:34 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-11-11 14:33 . 2010-11-11 14:33 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-11 14:33 . 2010-11-11 14:33 2614272 ----a-w- c:\windows\explorer.exe

2010-11-11 14:33 . 2010-11-11 14:33 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-11-11 14:32 . 2010-11-11 14:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-11-11 14:32 . 2010-11-11 14:32 91648 ----a-w- c:\windows\system32\avifil32.dll

2010-11-11 14:32 . 2010-11-11 14:32 84480 ----a-w- c:\windows\system32\mciavi32.dll

2010-11-11 14:32 . 2010-11-11 14:32 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-11-11 14:32 . 2010-11-11 14:32 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-11-11 14:32 . 2010-11-11 14:32 22016 ----a-w- c:\windows\system32\msyuv.dll

2010-11-11 14:32 . 2010-11-11 14:32 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-11-11 14:32 . 2010-11-11 14:32 1328640 ----a-w- c:\windows\system32\quartz.dll

2010-11-11 14:32 . 2010-11-11 14:32 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-11-11 14:32 . 2010-11-11 14:32 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-11-11 14:31 . 2010-11-11 14:31 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-11 14:31 . 2010-11-11 14:31 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-11 14:31 . 2010-11-11 14:31 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-11-11 14:31 . 2010-11-11 14:31 507568 ----a-w- c:\windows\system32\winload.exe

2010-11-11 14:31 . 2010-11-11 14:31 442920 ----a-w- c:\windows\system32\winresume.exe

2010-11-11 14:31 . 2010-11-11 14:31 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-11-11 14:30 . 2010-11-11 14:30 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-10-06 04:27 . 2010-10-06 04:27 228024 ----a-w- c:\windows\system32\klogon.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-20 136176]

"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-09-04 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.

Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547570943-3476092972-945727233-1000Core.job

- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 20:41]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547570943-3476092972-945727233-1000UA.job

- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 20:41]

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2010-12-20 21:12:12 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-21 02:12

ComboFix2.txt 2010-12-20 23:38

Pre-Run: 139,328,299,008 bytes free

Post-Run: 139,288,932,352 bytes free

- - End Of File - - A112D38BA651242CF504265D6EFCBBB1

Link to post
Share on other sites

2010/12/20 19:25:44.0560 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/20 19:25:44.0560 ================================================================================

2010/12/20 19:25:44.0560 SystemInfo:

2010/12/20 19:25:44.0560

2010/12/20 19:25:44.0560 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/20 19:25:44.0560 Product type: Workstation

2010/12/20 19:25:44.0560 ComputerName: BRANDON-PC

2010/12/20 19:25:44.0654 UserName: Brandon

2010/12/20 19:25:44.0654 Windows directory: C:\Windows

2010/12/20 19:25:44.0654 System windows directory: C:\Windows

2010/12/20 19:25:44.0654 Processor architecture: Intel x86

2010/12/20 19:25:44.0654 Number of processors: 2

2010/12/20 19:25:44.0654 Page size: 0x1000

2010/12/20 19:25:44.0654 Boot type: Normal boot

2010/12/20 19:25:44.0654 ================================================================================

2010/12/20 19:25:46.0682 Initialize success

2010/12/20 19:25:50.0098 ================================================================================

2010/12/20 19:25:50.0098 Scan started

2010/12/20 19:25:50.0098 Mode: Manual;

2010/12/20 19:25:50.0098 ================================================================================

2010/12/20 19:25:52.0391 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/20 19:25:52.0797 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/20 19:25:53.0437 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/20 19:25:54.0263 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/20 19:25:54.0934 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/20 19:25:55.0964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/20 19:25:57.0118 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/12/20 19:25:57.0961 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/20 19:25:59.0645 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/20 19:26:00.0269 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/20 19:26:00.0784 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/12/20 19:26:01.0299 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/20 19:26:02.0048 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/20 19:26:02.0625 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/20 19:26:03.0109 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/20 19:26:03.0670 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/20 19:26:04.0435 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/20 19:26:05.0090 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/20 19:26:05.0776 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/20 19:26:06.0244 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/20 19:26:07.0055 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/20 19:26:07.0898 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/20 19:26:08.0834 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys

2010/12/20 19:26:09.0505 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/20 19:26:10.0175 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/20 19:26:11.0080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/20 19:26:12.0016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/20 19:26:12.0905 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/20 19:26:14.0029 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/20 19:26:15.0370 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/20 19:26:17.0071 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/20 19:26:18.0178 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/20 19:26:19.0301 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/20 19:26:20.0097 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/20 19:26:20.0503 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/20 19:26:22.0437 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/20 19:26:23.0513 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/20 19:26:24.0465 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/20 19:26:24.0824 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/20 19:26:25.0417 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/20 19:26:25.0838 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/20 19:26:26.0431 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/20 19:26:27.0133 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/20 19:26:27.0694 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/20 19:26:28.0443 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/20 19:26:29.0005 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2010/12/20 19:26:29.0722 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/12/20 19:26:30.0237 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/20 19:26:30.0752 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/20 19:26:31.0906 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/20 19:26:32.0515 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/20 19:26:33.0716 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/20 19:26:34.0496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/20 19:26:35.0089 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/20 19:26:35.0822 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/20 19:26:36.0259 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/20 19:26:36.0961 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/20 19:26:38.0037 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/20 19:26:39.0176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/20 19:26:39.0862 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/20 19:26:40.0549 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/20 19:26:41.0313 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/20 19:26:42.0124 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/20 19:26:42.0733 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/20 19:26:43.0248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/20 19:26:44.0059 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/20 19:26:44.0542 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2010/12/20 19:26:45.0385 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/20 19:26:46.0118 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/20 19:26:46.0586 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/20 19:26:47.0101 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/20 19:26:49.0503 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/20 19:26:50.0252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/20 19:26:51.0334 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/12/20 19:26:51.0843 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/20 19:26:52.0474 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/20 19:26:54.0684 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/20 19:26:56.0684 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/20 19:26:59.0763 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/20 19:26:59.0997 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys

2010/12/20 19:27:00.0783 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/20 19:27:01.0943 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/20 19:27:03.0077 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/20 19:27:03.0498 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/20 19:27:03.0951 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/20 19:27:04.0494 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/20 19:27:05.0178 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/20 19:27:05.0673 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/20 19:27:06.0575 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/20 19:27:07.0153 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/20 19:27:09.0135 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys

2010/12/20 19:27:11.0071 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys

2010/12/20 19:27:13.0404 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys

2010/12/20 19:27:13.0895 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys

2010/12/20 19:27:14.0651 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

2010/12/20 19:27:15.0169 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/20 19:27:16.0443 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/20 19:27:17.0324 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/20 19:27:18.0054 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/20 19:27:18.0684 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/20 19:27:19.0296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/20 19:27:20.0318 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/20 19:27:20.0929 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/20 19:27:21.0543 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/20 19:27:21.0965 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/20 19:27:22.0641 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/20 19:27:23.0190 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/20 19:27:23.0656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/20 19:27:24.0491 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/20 19:27:24.0993 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/12/20 19:27:25.0453 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/20 19:27:28.0742 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/20 19:27:30.0094 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/20 19:27:30.0745 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/20 19:27:31.0423 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/20 19:27:32.0011 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/20 19:27:32.0626 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/20 19:27:33.0182 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/20 19:27:33.0773 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/20 19:27:34.0263 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/20 19:27:34.0762 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/20 19:27:35.0403 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/20 19:27:36.0040 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/20 19:27:36.0689 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/20 19:27:37.0453 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/20 19:27:38.0145 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/20 19:27:38.0665 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/20 19:27:39.0089 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/20 19:27:39.0756 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/20 19:27:40.0372 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/20 19:27:40.0921 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/12/20 19:27:41.0534 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/20 19:27:41.0988 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/20 19:27:42.0467 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/20 19:27:43.0073 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/20 19:27:43.0565 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/12/20 19:27:44.0009 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/20 19:27:45.0300 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/20 19:27:46.0422 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/20 19:27:47.0511 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/20 19:27:48.0468 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/20 19:27:49.0133 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/12/20 19:27:49.0725 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/20 19:27:50.0807 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/20 19:27:52.0156 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/20 19:27:52.0890 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/20 19:27:54.0228 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/20 19:27:55.0059 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/20 19:27:55.0683 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/20 19:27:56.0161 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/20 19:27:56.0681 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/12/20 19:27:57.0245 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/20 19:27:57.0713 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/20 19:27:58.0633 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/20 19:27:59.0329 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/20 19:28:00.0927 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys

2010/12/20 19:28:01.0619 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/20 19:28:02.0143 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/20 19:28:06.0203 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/20 19:28:08.0173 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/20 19:28:12.0018 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/20 19:28:13.0013 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/20 19:28:13.0579 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/20 19:28:14.0210 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/20 19:28:15.0039 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/20 19:28:15.0920 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/20 19:28:16.0833 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/20 19:28:17.0917 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/20 19:28:18.0896 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/20 19:28:19.0784 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/20 19:28:20.0346 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2010/12/20 19:28:20.0988 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/20 19:28:21.0929 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/20 19:28:22.0411 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/12/20 19:28:23.0131 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/12/20 19:28:24.0159 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/20 19:28:24.0894 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

2010/12/20 19:28:26.0463 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/12/20 19:28:27.0319 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/20 19:28:28.0584 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/20 19:28:29.0939 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/20 19:28:30.0711 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/20 19:28:31.0699 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/20 19:28:32.0573 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/20 19:28:33.0295 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/20 19:28:34.0008 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/20 19:28:34.0696 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/20 19:28:35.0486 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/20 19:28:36.0544 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/12/20 19:28:38.0093 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/20 19:28:39.0096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/20 19:28:39.0786 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/20 19:28:41.0211 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/20 19:28:45.0097 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/20 19:28:46.0579 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/20 19:28:47.0161 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/20 19:28:48.0323 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/20 19:28:49.0449 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/12/20 19:28:51.0163 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2010/12/20 19:28:53.0744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/20 19:28:56.0937 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/12/20 19:29:02.0671 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/20 19:29:07.0910 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/20 19:29:08.0622 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/12/20 19:29:10.0326 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/20 19:29:11.0953 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/20 19:29:13.0557 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/20 19:29:18.0466 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/20 19:29:22.0626 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/20 19:29:24.0076 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/20 19:29:25.0745 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/20 19:29:31.0180 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/20 19:29:32.0772 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/20 19:29:34.0012 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/20 19:29:38.0163 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/20 19:29:38.0689 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/20 19:29:40.0499 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/20 19:29:42.0462 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/20 19:29:42.0971 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/20 19:29:44.0100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/20 19:29:44.0695 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/20 19:29:45.0182 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/20 19:29:46.0173 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys

2010/12/20 19:29:47.0913 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/20 19:29:49.0677 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/20 19:29:50.0487 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/20 19:29:51.0561 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/20 19:29:52.0195 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/12/20 19:29:52.0785 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/20 19:29:53.0286 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/20 19:29:53.0895 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2010/12/20 19:29:54.0709 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/12/20 19:29:55.0506 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/20 19:29:56.0412 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/20 19:29:58.0420 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/20 19:29:59.0233 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/20 19:30:00.0403 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/12/20 19:30:02.0584 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/12/20 19:30:04.0495 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/20 19:30:06.0584 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/20 19:30:06.0964 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/20 19:30:09.0595 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/20 19:30:10.0169 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/20 19:30:12.0556 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/20 19:30:14.0079 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/20 19:30:15.0081 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/20 19:30:16.0044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/20 19:30:16.0733 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/12/20 19:30:17.0364 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/20 19:30:17.0957 ================================================================================

2010/12/20 19:30:17.0957 Scan finished

2010/12/20 19:30:17.0957 ================================================================================

2010/12/20 19:30:33.0357 Deinitialize success

Link to post
Share on other sites

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-20 20:33:31

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11

Running: gmer.exe; Driver: C:\Users\Brandon\AppData\Local\Temp\pxddyfog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x87E24DAA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x87E26FE8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x87E27262]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x87E274D8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x87E256BE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x87E264F2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x87E26A3C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x87E2599A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x87E26922]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x87E24998]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x87E267F6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x87E24B40]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x87E26B5C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x87E25344]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x87E25442]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x87E27722]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x87E2688C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x87E2824A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x87E25E1C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x87E29458]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x87E25C2A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x87E2833C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x87E28AA4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x87E26AD2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x87E25740]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x87E269B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x87E24FE8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x87E2883E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x87E26BF2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x87E24ED8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x87E277DC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x87E28DDE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x87E286D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x87E23652]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x87E26F56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x87E26E1C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x87E27FE4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x87E239CA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x87E292FA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x87E235EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x87E26238]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x87E25560]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x87E2787E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x87E284DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x87E28F2E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x87E29020]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x87E2915A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x87E2816E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x87E2518E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x87E250E4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x87E28C82]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x87E2527A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8183B8E9 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8185B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntoskrnl.exe!KeRemoveQueueEx + 1397 81862664 4 Bytes [AA, 4D, E2, 87] {STOSB ; DEC EBP; LOOP 0xffffffffffffff8b}

.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8186268C 8 Bytes CALL E40E0900

.text ntoskrnl.exe!KeRemoveQueueEx + 1403 818626D0 4 Bytes [D8, 74, E2, 87] {FDIV DWORD [EDX-0x79]}

.text ntoskrnl.exe!KeRemoveQueueEx + 142F 818626FC 4 Bytes [bE, 56, E2, 87]

.text ntoskrnl.exe!KeRemoveQueueEx + 1453 81862720 4 Bytes [F2, 64, E2, 87]

.text ...

? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] USER32.dll!NotifyWinEvent + 48B 77EBF724 4 Bytes JMP 4813E077

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] USER32.dll!NotifyWinEvent + 48B 77EBF724 4 Bytes JMP 4813E077

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00600240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 006002B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00600320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00600390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77F907F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77F90860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77F909B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00FD0B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77F90A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FD0BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00FD0C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00FD0CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77F90A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77F90B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00610160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 006101D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00610240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00610320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 77FB07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77FB0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 77FB08D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 006104E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 77FB09B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00610B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00610B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00610BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00610C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77FB0E10

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00610CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77FB0E80

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0EF0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77FB0F60

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00FE0010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00610D30

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00610DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FE0080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00FE00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00FE0160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 00FE01D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 006301D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 006302B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00FF0400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00FF0470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00FF04E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00FF0550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00FF05C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 006308D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00630940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 006309B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00630A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77FB0010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 77FB00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77FB0160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77F901D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 77FB0080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77F90320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77FB0160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77FB0010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 77FB00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 77FB01D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00220240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002202B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00220320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00220390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77F907F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77F90860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77F909B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 003E0B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77F90A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 003E0C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 003E0CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77F90A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77F90B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00230160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 002301D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00230240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00230320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 77FB07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77FB0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 77FB08D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 002304E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 77FB09B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00230B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00230B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00230BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00230C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77FB0E10

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00230CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77FB0E80

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77FB0EF0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77FB0F60

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 003F0010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00230D30

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00230DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 003F00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 003F0160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 003F01D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 002501D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002502B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00460400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00460470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 004604E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00460550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 004605C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00460630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002508D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00250940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002509B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00250A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77F90080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3592] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77F90010

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [005C02D5] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005C0380] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)

IAT C:\Program Files\AIM\aim.exe[3728] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005C0267] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

DDS (Ver_10-12-12.02) - NTFSx86

Run by Brandon at 22:01:22.57 on Mon 12/20/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1012.317 [GMT -5:00]

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\AIM\aim.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Explorer.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brandon\Downloads\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

uRun: [Google Update] "c:\users\brandon\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-5-22 167936]

S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-3 365336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-12-21 02:16:09 -------- d-----w- c:\program files\ESET

2010-12-21 02:10:31 -------- d-sh--w- C:\$RECYCLE.BIN

2010-12-21 01:44:42 -------- d-----w- c:\program files\CCleaner

2010-12-21 00:10:46 -------- d-----w- c:\users\brandon\appdata\roaming\Malwarebytes

2010-12-21 00:10:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:10:30 -------- d-----w- c:\progra~2\Malwarebytes

2010-12-21 00:10:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-21 00:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-20 23:40:59 -------- d-----w- c:\users\brandon\appdata\local\Deployment

2010-12-20 23:40:59 -------- d-----w- c:\users\brandon\appdata\local\Apps

2010-12-20 23:39:48 -------- d-----w- c:\program files\uTorrent

2010-12-20 23:39:06 -------- d-----w- c:\users\brandon\appdata\roaming\uTorrent

2010-12-20 23:26:24 -------- d-----w- c:\users\brandon\appdata\local\temp

2010-12-20 23:24:24 -------- d-----w- c:\windows\Panther

2010-12-20 23:05:08 -------- d-----w- c:\windows\system32\autorun

2010-12-20 23:03:38 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe

2010-12-20 23:03:37 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE

2010-12-20 23:03:37 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe

2010-12-20 23:03:37 16384 ----a-w- c:\windows\system32\ClearEvent.exe

2010-12-20 23:03:37 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll

2010-12-20 23:03:29 -------- d-----w- C:\Acer

2010-12-20 22:53:14 89088 ----a-w- c:\windows\MBR.exe

2010-12-20 22:53:14 256512 ----a-w- c:\windows\PEV.exe

2010-12-20 22:53:13 98816 ----a-w- c:\windows\sed.exe

2010-12-20 22:53:13 161792 ----a-w- c:\windows\SWREG.exe

2010-12-20 21:52:39 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-20 21:52:39 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-20 21:51:23 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-20 21:51:23 -------- d-----w- c:\progra~2\Kaspersky Lab

2010-12-20 21:48:18 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files

2010-12-20 21:19:30 207368 ----a-w- c:\windows\UNINST32.EXE

2010-12-20 21:10:05 -------- d-----w- c:\users\brandon\appdata\local\AOL

2010-12-20 21:10:05 -------- d-----w- c:\users\brandon\appdata\local\AIM

2010-12-20 21:09:53 -------- d-----w- c:\progra~2\AIM

2010-12-20 21:09:48 -------- d-----w- c:\program files\AIM

2010-12-20 21:09:47 -------- d-----w- c:\program files\common files\Software Update Utility

2010-12-20 21:09:44 -------- d-----w- c:\program files\common files\AOL

2010-12-20 21:00:07 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-12-20 20:59:59 -------- d-----w- c:\windows\PCHEALTH

2010-12-20 20:59:56 -------- d-sh--w- c:\windows\Installer

2010-12-20 20:58:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{130e0235-a542-47e2-980b-38aecaa30acc}\mpengine.dll

2010-12-20 20:58:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-20 20:54:46 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-20 20:45:25 1002008 ----a-w- c:\windows\system32\igxpun.exe

2010-12-20 20:45:25 -------- d-----w- c:\windows\system32\x64

2010-12-20 20:43:02 -------- d-----w- c:\windows\system32\wbem\Performance

2010-12-20 20:41:43 -------- d-----w- c:\users\brandon\appdata\local\Google

==================== Find3M ====================

2010-11-11 18:44:07 805 ----a-w- c:\windows\system32\RTSLCS.dll

2010-11-11 14:50:57 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-11 14:50:57 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-11 14:50:36 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-11-11 14:49:36 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-11-11 14:49:17 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-11 14:48:56 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-11-11 14:48:56 417792 ----a-w- c:\windows\system32\msdri.dll

2010-11-11 14:48:56 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-11-11 14:48:56 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-11-11 14:48:32 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-11-11 14:47:57 224256 ----a-w- c:\windows\system32\schannel.dll

2010-11-11 14:47:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-11 14:47:02 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-11 14:46:43 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-11-11 14:45:48 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-11 14:43:59 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-11 14:43:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-11 14:43:08 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-11 14:43:08 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-11 14:43:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-11 14:43:08 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-11 14:41:05 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-11 14:40:46 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-11 14:40:28 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-11 14:40:28 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-11 14:39:33 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-11-11 14:39:13 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-11 14:39:13 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-11-11 14:38:31 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-11-11 14:38:10 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-11-11 14:37:46 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-11-11 14:37:03 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-11 14:35:46 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-11 14:35:27 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-11 14:35:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-11-11 14:35:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-11-11 14:35:10 369152 ----a-w- c:\windows\system32\secproc.dll

2010-11-11 14:35:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-11-11 14:35:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-11-11 14:35:10 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-11-11 14:35:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-11-11 14:35:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-11-11 14:34:32 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-11-11 14:34:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-11-11 14:33:52 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-11 14:33:52 2614272 ----a-w- c:\windows\explorer.exe

2010-11-11 14:32:52 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-11-11 14:32:34 91648 ----a-w- c:\windows\system32\avifil32.dll

2010-11-11 14:32:34 84480 ----a-w- c:\windows\system32\mciavi32.dll

2010-11-11 14:32:34 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-11-11 14:32:34 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-11-11 14:32:34 22016 ----a-w- c:\windows\system32\msyuv.dll

2010-11-11 14:32:34 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-11-11 14:32:34 1328640 ----a-w- c:\windows\system32\quartz.dll

2010-11-11 14:32:34 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-11-11 14:31:59 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-11 14:31:41 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-11 14:31:15 507568 ----a-w- c:\windows\system32\winload.exe

2010-11-11 14:31:15 442920 ----a-w- c:\windows\system32\winresume.exe

2010-11-11 14:31:15 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-11-11 14:30:45 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

2010-10-06 04:27:04 228024 ----a-w- c:\windows\system32\klogon.dll

============= FINISH: 22:02:34.58 ===============

Link to post
Share on other sites

Hello azzihs

Welcome to Malwarebytes.

If you are using any type of hacked or cracked software then you can reinfected your self.

It could also be an infected file that you may have saved.

=====================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Link to post
Share on other sites

Hello azzihs

Welcome to Malwarebytes.

If you are using any type of hacked or cracked software then you can reinfected your self.

It could also be an infected file that you may have saved.

=====================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5367

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/21/2010 1:13:41 PM

mbam-log-2010-12-21 (13-13-41).txt

Scan type: Quick scan

Objects scanned: 128062

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

BTW i'm sure you already realized by now but the title of my thread is a typo, it seems to be userinit.exe that combofix tracked the infection down to, not wininit.exe. Also i tried running combofix again and it once again said userinit.exe is infected and that it successfully replaced it, to no avail.

Link to post
Share on other sites

And one other thing that I forgot about...

After ComboFix reboots, after it says please wait, there is an "Access is denied" message

If thats ComboFix attempting to repair userinit.exe then it seems strange because BEFORE it rebooted when it says that its disinfecting the file, theres no access is denied message, it simply says successful. I thought that this could definitely be relevant though because obviously ComboFix is trying to do something after the system reboots and its unable to do so.

Link to post
Share on other sites

Ok please do the following:

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\system32\userinit.exe

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

Link to post
Share on other sites

Ok please do the following:

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\system32\userinit.exe

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.

Filename: userinit.exe

Status:

Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Thu 16 Dec 2010 18:56:26 (CET) Permalink

File size: 26112 bytes

Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: 6de80f60d7de9ce6b8c2ddfdf79ef175

SHA1: 8d439a6186ff526403989ac217dfe8e3a2d8bc2c

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: userinit.exe

Submission date: 2010-12-21 19:02:38 (UTC)

Current status: finished

Result: 0/ 43 (0.0%

MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175

SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c

SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a

I also ran a Kaspersky full scan overnight...everything was clean except for some HEUR:Trojan.Script.Iframer files it found in Chrome's cache. I'm guessing these are just a result of the malaicious sites I'm being redirected too constantly...

So at this point EVERYTHING is saying userinit.exe is clean... except for ComboFix... and now I'm even more confused

Link to post
Share on other sites

Are you getting redirected now?

Could be that the file is corrupted and Combofix attempts to replace it.

Yes symptoms are still there, full blown. To give an example, i will go to chrome and do a google search, the search will usually go through fine, but the first time i click on a search result a new tab will open and i will be redirected to a advertisement, many times the url will begin with for example:

http://66fb.r.google.com/click?q=

or something alone those lines, or sometimes it will jump me to a totally random url such as

http://west.05tz2e9.com/click.php?s=2&...amp;c=15|2|6000

Usually if i click Back, and click on the link again, the second time it will bring me to the correct page.

I am also sometimes redirected simply by typing in a url, for example i type in www.cnn.com and it jumps me to an advertisement, i hit Back or Stop and try entering www.cnn.com again, this time it will usually work but it will show a quick white page with text at the top saying Redirecting you to cnn.com.... then it will actually go to the correct site.

Link to post
Share on other sites

Are you connected via a router if so please disconnect from it and plug directly from the modem into the computer and see if the same results occur.

... You're right, that fixed it

when i reconnected it to the router the problem came back immediately

Our router is a EtherFast Cable/DSL Router with 4-Port Switch (BEFSR41)

http://homesupport.cisco.com/en-us/wireles...EFSR41/download

guess i'm going to start looking around about how to fix it unless you already know, hopefully i just need to reset it to defaults and upgrade the firmware or something.

You solved the problem from your end though, THANK YOU

Link to post
Share on other sites

Yes indeed resetting it back to default will fix the issue.

You are welcome.

Let me know if you need any further assistance after doing that.

I upgraded the router firmware to latest and then reset it to factory defaults and the problem is resolved.

One of the items in the release notes for the firmware was "Fixed DHCP vulnerability" so I wouldn't be surprised if it was related to that. It probably also didn't help that the router password was still set to default "admin", it isn't a wireless router so i never really worried about changing it.

My guess is someone or something used that "DHCP vulnerability" to alter the the host/routing table somehow.

Big thanks to you, and everyone else on these forums helping people.

Link to post
Share on other sites

Probably so, you are welcome.

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.