Jump to content
TeraBytes

Backdoor.Bot ==> taskbar and networking issues

Recommended Posts

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=72dc88ade0bc7c46b011bda5ad69b4db

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-01-28 02:10:46

# local_time=2011-01-28 05:10:46 (+0300, Arab Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 8294431 8294431 0 0

# compatibility_mode=1797 16775141 100 93 92345 32697604 27330 0

# compatibility_mode=8192 67108863 100 0 3210 3210 0 0

# scanned=503685

# found=0

# cleaned=0

# scan_time=23199

Share this post


Link to post
Share on other sites

Two problems appeared after fixing: one major and one minor, I suppose.

- minor: hp psc 1200 series dialog keeps "Gathering information ..." evrytime I start computer or insert a USB key. I suppose I have to reinstall the printer's driver.

- major: I can't get into Safemode (Normal nor Networking). I haven't checked if I can get into Safemode with Command Prompt.

See, when I select either Safemode or Safemode with Networking, the screen scrolls until system32/drivers/agqCPQ.sys and then I get a really really fast blue screen and the computer restarts. This's been happening since the first ComboFix scan, the one where it found four or five "infected" files.

Share this post


Link to post
Share on other sites

After ComboFix installed Recovery Console sp2, I get a two second boot screen where I can select between the Recovery Console, a second thing "I shouldn't select" and finally my Windows operating system.

Do you think that's the cause of the problem ?

Share this post


Link to post
Share on other sites

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Share this post


Link to post
Share on other sites

I ran RkU twice, unattended:

- the first: I came back to the computer to find a "Windows Out Of Virtual Memory" message. Indeed, I had turn off the virtual paging file a very long time ago.

So I exited the malbytes module andI restarted the scan again.

- the second time: I got a dialogue box from Visual Basic c++ telling me something about an unhandled w32 something with 2Asomethingsomething and asking me if I wanted to debug or something. I have Visual Basic Ultimate 2010 installed and I get these kind of message from time to time. I usualy just click "No" and be on my way. This time, after clicking "No", I got some kind of error box ... I clicked the only option, "OK" ... then RkU displayed a list of things in the Stealth tab, if I remember, before showing me the following report in the report tab:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xA584F000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6082560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x9E80E000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1761280 bytes (-, UVC Camera Streaming Driver)

0xF554A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1753088 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xF5377000 C:\WINDOWS\system32\DRIVERS\athw.sys 1597440 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)

0xF51AF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xF764E000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x9ABB7000 C:\WINDOWS\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)

0x9A80D000 C:\WINDOWS\system32\drivers\hardlock.sys 589824 bytes (SafeNet Inc., Hardlock Device Driver for Windows NT)

0xF7508000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF52A0000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x9E9BC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF5094000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0x9A9AE000 C:\WINDOWS\system32\drivers\aksfridge.sys 372736 bytes (Aladdin Knowledge Systems Ltd., Ancillary Function Driver)

0x9EBD0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x9A5E0000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF5311000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x995B0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF516E000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)

0x9EB4A000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0x9EACF000 C:\WINDOWS\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xF7770000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0x9B218000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF74DB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF75F1000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)

0x991C5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0x9EA54000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF550E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0x9EBA8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x9E7E8000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x9EB82000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0x9A7C8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xA582B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5353000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF514B000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0x9EB28000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x9EB06000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 139264 bytes (Oracle Corporation, VirtualBox Support Driver)

0x9B30D000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)

0x806FF000 ACPI_HAL 134400 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF75D1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7740000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF74C1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF50F2000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)

0xF761D000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)

0xF7636000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7728000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF75A8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5134000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF510C000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 94208 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)

0x9B37E000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0x9B1DB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5536000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x9EC29000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF7595000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF75BF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0x9AA09000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)

0xF54FD000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 69632 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)

0xF775F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF5123000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF6A24000 C:\WINDOWS\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)

0xF794F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xA50F3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF793F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF781F000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)

0xF77EF000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)

0xA1AA1000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)

0xF79BF000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0xF787F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF79AF000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF79CF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xA134B000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xF77DF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF785F000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF784F000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF79EF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF78DF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF78EF000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)

0xF78BF000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)

0xF78CF000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)

0xA1A71000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF77CF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF79DF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF78AF000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)

0xA1A91000 C:\WINDOWS\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)

0xF77BF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF5746000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF788F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF783F000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF780F000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)

0xF789F000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)

0xF7A0F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xA1B01000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)

0xF786F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF799F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xA1AE1000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0x99936000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xF79FF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA1AC1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0x992DB000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77FF000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF782F000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)

0xA1AB1000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)

0xA1AD1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA3F00000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A6F000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)

0xF7A7F000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)

0xF7B07000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7A57000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)

0xA568F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7AA7000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)

0xF7A3F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A9F000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)

0xA2836000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)

0xF7A77000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)

0xF593E000 C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 28672 bytes (VMware, Inc., VMware bridge driver (32-bit))

0xF7A87000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)

0xF7A8F000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)

0xF7B0F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7B1F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xA283E000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF7AFF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA3F10000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7A97000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)

0xF7A67000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)

0xF7A5F000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)

0xA3F08000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7A47000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7B2F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7B37000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7A4F000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)

0xF7B27000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7B17000 C:\WINDOWS\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))

0x9EE7F000 C:\WINDOWS\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))

0xA3F30000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7BE3000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)

0xF7BF3000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)

0xF7BD7000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF7BFB000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)

0xF7CBB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xF7BDF000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)

0xF7BEB000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)

0xF7BF7000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)

0x9EA50000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF656D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0x9B33A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7BE7000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)

0x99D7A000 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)

0xF7BDB000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xF7BEF000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)

0xF7BCF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7BD3000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x9B96F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA9E25000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF6581000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA9E21000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7CB7000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF6565000 C:\WINDOWS\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))

0xF6569000 C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))

0xF6585000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xA581B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7CC3000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)

0xF7D5D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7D6F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7CCD000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)

0xF7CCB000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)

0xF7D6D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7CC5000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7CBF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D71000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7CCF000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)

0xF7D73000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7D21000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7CC7000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)

0xF7D51000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7CC9000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7CC1000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7EAD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7E04000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7D88000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xF7D87000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

File object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

IDT-->Int 03h-->Breakpoint, Type: Inline - RelativeJump 0x804D70CE-->8613F3A8 [unknown_code_page]

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page]

ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]

ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B00 [ntoskrnl.exe]

ntoskrnl.exe-->NtRequestPort, Type: Inline - RelativeJump 0x805E33BE-->F7E98CA0 [unknown_code_page]

ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x8057CD93-->F7E98D40 [unknown_code_page]

ntoskrnl.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x805499E0-->F7E98C00 [unknown_code_page]

[2016]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[2016]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[2016]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[2016]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[2016]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[2016]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[2016]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[3108]hasplms.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00E0B348-->00000000 [unknown_code_page]

[3108]hasplms.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00E0B338-->00000000 [unknown_code_page]

[3108]hasplms.exe-->user32.dll-->RegisterDeviceNotificationA, Type: IAT modification 0x00E0B350-->00000000 [unknown_code_page]

[3108]hasplms.exe-->wininet.dll-->InternetOpenA, Type: IAT modification 0x00E0B360-->00000000 [unknown_code_page]

Share this post


Link to post
Share on other sites

I would like to add that the bottom of the Report Tab said there was a possible rootkit infection (with a smiley face nonetheless !)

Was that a joke ?!

Share this post


Link to post
Share on other sites

I got the w32 error again ... clicked no ... got "can't load helper" or was it "can't get helper" error box ... then got report:

this is the version I copy/pasted directly from Report tab:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xA584F000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6082560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x9E80E000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1761280 bytes (-, UVC Camera Streaming Driver)

0xF554A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1753088 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xF5377000 C:\WINDOWS\system32\DRIVERS\athw.sys 1597440 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)

0xF51AF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xF764E000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x9ABB7000 C:\WINDOWS\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)

0x9A80D000 C:\WINDOWS\system32\drivers\hardlock.sys 589824 bytes (SafeNet Inc., Hardlock Device Driver for Windows NT)

0xF7508000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF52A0000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x9E9BC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF5094000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0x9A9AE000 C:\WINDOWS\system32\drivers\aksfridge.sys 372736 bytes (Aladdin Knowledge Systems Ltd., Ancillary Function Driver)

0x9EBD0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x9A5E0000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF5311000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x995B0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF516E000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)

0x9EB4A000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0x9EACF000 C:\WINDOWS\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xF7770000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0x9B218000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF74DB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF75F1000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)

0x9EA54000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF550E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0x9EBA8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x9E7E8000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x9EB82000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0x9A7C8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xA582B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5353000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF514B000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0x9EB28000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x9EB06000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 139264 bytes (Oracle Corporation, VirtualBox Support Driver)

0x9B30D000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)

0x806FF000 ACPI_HAL 134400 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF75D1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7740000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF74C1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF50F2000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)

0xF761D000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)

0xF7636000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7728000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF75A8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5134000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF510C000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 94208 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)

0x9B37E000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0x9B1DB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5536000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x9EC29000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF7595000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF75BF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0x9AA09000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)

0xF54FD000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 69632 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)

0xF775F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF5123000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF6A24000 C:\WINDOWS\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)

0xF794F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xA50F3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF793F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF781F000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)

0xF77EF000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)

0xA1AA1000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)

0xF79BF000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0xF787F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF79AF000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF79CF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xA134B000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xF77DF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF785F000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF784F000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF79EF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF78DF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF78EF000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)

0xF78BF000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)

0xF78CF000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)

0xA1A71000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF77CF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF79DF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF78AF000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)

0xA1A91000 C:\WINDOWS\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)

0xF77BF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF5746000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF788F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF783F000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF780F000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)

0xF789F000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)

0xF7A0F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xA1B01000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)

0xF786F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF799F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xA1AE1000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0x99936000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xF79FF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA1AC1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8DE5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77FF000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF782F000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)

0xA1AB1000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)

0xA1AD1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA3F00000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A6F000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)

0xF7A7F000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)

0xF7B07000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7A57000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)

0xA568F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7AA7000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)

0xF7A3F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A9F000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)

0xA2836000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)

0xF7A77000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)

0xF593E000 C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 28672 bytes (VMware, Inc., VMware bridge driver (32-bit))

0xF7A87000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)

0xF7A8F000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)

0xF7B0F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7B1F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xA283E000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF7AFF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA3F10000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7A97000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)

0xF7A67000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)

0xF7A5F000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)

0xA3F08000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7A47000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7B2F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7B37000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7A4F000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)

0xF7B27000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7B17000 C:\WINDOWS\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))

0x9EE7F000 C:\WINDOWS\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))

0xA3F30000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7BE3000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)

0xF7BF3000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)

0xF7BD7000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF7BFB000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)

0xF7CBB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xF7BDF000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)

0xF7BEB000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)

0xF7BF7000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)

0x9EA50000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF656D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0x9B33A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7BE7000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)

0x99D7A000 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)

0xF7BDB000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xF7BEF000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)

0xF7BCF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7BD3000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x9B96F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA9E25000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF6581000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA9E21000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7CB7000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF6565000 C:\WINDOWS\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))

0xF6569000 C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))

0xF6585000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xA581B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7CC3000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)

0xF7D5D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7D6F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7CCD000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)

0xF7CCB000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)

0xF7D6D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7CC5000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7CBF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D71000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7CCF000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)

0xF7D73000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7D21000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7CC7000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)

0xF7D51000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7CC9000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7CC1000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7EAD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7E04000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7D88000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xF7D87000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

File object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

IDT-->Int 03h-->Breakpoint, Type: Inline - RelativeJump 0x804D70D3-->8636A1A0 [unknown_code_page]

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page]

ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]

ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B00 [ntoskrnl.exe]

ntoskrnl.exe-->NtRequestPort, Type: Inline - RelativeJump 0x805E33BE-->F7E98CA0 [unknown_code_page]

ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x8057CD93-->F7E98D40 [unknown_code_page]

ntoskrnl.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x805499E0-->F7E98C00 [unknown_code_page]

[2016]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[2016]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[2016]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[2016]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[2016]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[2016]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[2016]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[3108]hasplms.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00E0B348-->00000000 [unknown_code_page]

[3108]hasplms.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00E0B338-->00000000 [unknown_code_page]

[3108]hasplms.exe-->user32.dll-->RegisterDeviceNotificationA, Type: IAT modification 0x00E0B350-->00000000 [unknown_code_page]

[3108]hasplms.exe-->wininet.dll-->InternetOpenA, Type: IAT modification 0x00E0B360-->00000000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

This is the version that was saved by File>Save Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xA584F000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6082560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x9E80E000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1761280 bytes (-, UVC Camera Streaming Driver)

0xF554A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1753088 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xF5377000 C:\WINDOWS\system32\DRIVERS\athw.sys 1597440 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)

0xF51AF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xF764E000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x9ABB7000 C:\WINDOWS\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)

0x9A80D000 C:\WINDOWS\system32\drivers\hardlock.sys 589824 bytes (SafeNet Inc., Hardlock Device Driver for Windows NT)

0xF7508000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF52A0000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x9E9BC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF5094000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0x9A9AE000 C:\WINDOWS\system32\drivers\aksfridge.sys 372736 bytes (Aladdin Knowledge Systems Ltd., Ancillary Function Driver)

0x9EBD0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x9A5E0000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF5311000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x995B0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF516E000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)

0x9EB4A000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0x9EACF000 C:\WINDOWS\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xF7770000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0x9B218000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF74DB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF75F1000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)

0x9EA54000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF550E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0x9EBA8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x9E7E8000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x9EB82000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0x9A7C8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xA582B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5353000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF514B000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0x9EB28000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x9EB06000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 139264 bytes (Oracle Corporation, VirtualBox Support Driver)

0x9B30D000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)

0x806FF000 ACPI_HAL 134400 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF75D1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7740000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF74C1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF50F2000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)

0xF761D000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)

0xF7636000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7728000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF75A8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5134000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF510C000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 94208 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)

0x9B37E000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0x9B1DB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5536000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x9EC29000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF7595000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF75BF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0x9AA09000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)

0xF54FD000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 69632 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)

0xF775F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF5123000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF6A24000 C:\WINDOWS\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)

0xF794F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xA50F3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF793F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF781F000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)

0xF77EF000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)

0xA1AA1000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)

0xF79BF000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0xF787F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF79AF000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF79CF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xA134B000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xF77DF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF785F000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF784F000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF79EF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF78DF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF78EF000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)

0xF78BF000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)

0xF78CF000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)

0xA1A71000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF77CF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF79DF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF78AF000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)

0xA1A91000 C:\WINDOWS\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)

0xF77BF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF5746000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF788F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF783F000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF780F000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)

0xF789F000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)

0xF7A0F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xA1B01000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)

0xF786F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF799F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xA1AE1000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0x99936000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xF79FF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA1AC1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8DE5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77FF000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)

0xF782F000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)

0xA1AB1000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)

0xA1AD1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA3F00000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A6F000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)

0xF7A7F000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)

0xF7B07000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7A57000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)

0xA568F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7AA7000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)

0xF7A3F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A9F000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)

0xA2836000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)

0xF7A77000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)

0xF593E000 C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 28672 bytes (VMware, Inc., VMware bridge driver (32-bit))

0xF7A87000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)

0xF7A8F000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)

0xF7B0F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7B1F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xA283E000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF7AFF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA3F10000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7A97000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)

0xF7A67000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)

0xF7A5F000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)

0xA3F08000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7A47000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7B2F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7B37000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7A4F000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)

0xF7B27000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7B17000 C:\WINDOWS\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))

0x9EE7F000 C:\WINDOWS\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))

0xA3F30000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7BE3000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)

0xF7BF3000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)

0xF7BD7000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF7BFB000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)

0xF7CBB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xF7BDF000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)

0xF7BEB000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)

0xF7BF7000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)

0x9EA50000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF656D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0x9B33A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7BE7000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)

0x99D7A000 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)

0xF7BDB000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xF7BEF000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)

0xF7BCF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7BD3000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x9B96F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA9E25000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF6581000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA9E21000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7CB7000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF6565000 C:\WINDOWS\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))

0xF6569000 C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))

0xF6585000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xA581B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7CC3000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)

0xF7D5D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7D6F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7CCD000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)

0xF7CCB000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)

0xF7D6D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7CC5000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7CBF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D71000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7CCF000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)

0xF7D73000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7D21000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7CC7000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)

0xF7D51000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7CC9000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7CC1000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7EAD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7E04000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7D88000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xF7D87000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

File object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

IDT-->Int 03h-->Breakpoint, Type: Inline - RelativeJump 0x804D70D3-->8636A1A0 [unknown_code_page]

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

LpcPort object-->OpenProcedure, Type: Kernel Object [unknown_code_page]

ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]

ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B00 [ntoskrnl.exe]

ntoskrnl.exe-->NtRequestPort, Type: Inline - RelativeJump 0x805E33BE-->F7E98CA0 [unknown_code_page]

ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Inline - RelativeJump 0x8057CD93-->F7E98D40 [unknown_code_page]

ntoskrnl.exe-->NtTraceEvent, Type: Inline - RelativeJump 0x805499E0-->F7E98C00 [unknown_code_page]

[2016]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[2016]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[2016]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[2016]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[2016]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[2016]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[2016]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[3108]hasplms.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00E0B348-->00000000 [unknown_code_page]

[3108]hasplms.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00E0B338-->00000000 [unknown_code_page]

[3108]hasplms.exe-->user32.dll-->RegisterDeviceNotificationA, Type: IAT modification 0x00E0B350-->00000000 [unknown_code_page]

[3108]hasplms.exe-->wininet.dll-->InternetOpenA, Type: IAT modification 0x00E0B360-->00000000 [unknown_code_page]

Share this post


Link to post
Share on other sites

I haven't checked it word for word but it looks to me like the one I pasted just has the "!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)" line in addition.

That report looks concluded to me ... :blink:

Share this post


Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Share this post


Link to post
Share on other sites

2011/01/28 20:15:09.0390 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/28 20:15:09.0390 ================================================================================

2011/01/28 20:15:09.0390 SystemInfo:

2011/01/28 20:15:09.0390

2011/01/28 20:15:09.0390 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/28 20:15:09.0390 Product type: Workstation

2011/01/28 20:15:09.0390 ComputerName: EMACHINE-70C055

2011/01/28 20:15:09.0390 UserName: Waheb

2011/01/28 20:15:09.0390 Windows directory: C:\WINDOWS

2011/01/28 20:15:09.0390 System windows directory: C:\WINDOWS

2011/01/28 20:15:09.0390 Processor architecture: Intel x86

2011/01/28 20:15:09.0390 Number of processors: 2

2011/01/28 20:15:09.0390 Page size: 0x1000

2011/01/28 20:15:09.0390 Boot type: Normal boot

2011/01/28 20:15:09.0406 ================================================================================

2011/01/28 20:15:10.0312 Initialize success

2011/01/28 20:15:14.0000 ================================================================================

2011/01/28 20:15:14.0000 Scan started

2011/01/28 20:15:14.0000 Mode: Manual;

2011/01/28 20:15:14.0000 ================================================================================

2011/01/28 20:15:16.0031 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/28 20:15:16.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/28 20:15:16.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/28 20:15:16.0265 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys

2011/01/28 20:15:16.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/28 20:15:16.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/28 20:15:16.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/28 20:15:16.0625 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/28 20:15:16.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/28 20:15:16.0750 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/28 20:15:16.0781 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/28 20:15:16.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/28 20:15:16.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/28 20:15:16.0968 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\WINDOWS\system32\drivers\aksfridge.sys

2011/01/28 20:15:17.0093 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/28 20:15:17.0140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/28 20:15:17.0250 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/01/28 20:15:17.0359 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/28 20:15:17.0437 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/28 20:15:17.0562 ApfiltrService (10b2c784163208693248af6241c011ff) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/28 20:15:17.0703 AR5416 (e6d433868e1c0b1dead8d5f64bb2af9f) C:\WINDOWS\system32\DRIVERS\athw.sys

2011/01/28 20:15:17.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/28 20:15:17.0906 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/28 20:15:17.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/28 20:15:18.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/28 20:15:18.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/28 20:15:18.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/28 20:15:18.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/28 20:15:18.0531 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/01/28 20:15:18.0593 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/01/28 20:15:18.0640 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/01/28 20:15:18.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/28 20:15:18.0937 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/01/28 20:15:19.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/28 20:15:19.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/28 20:15:19.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/28 20:15:19.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/28 20:15:19.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/28 20:15:19.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/28 20:15:19.0531 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/28 20:15:19.0671 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/28 20:15:19.0703 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/28 20:15:19.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/28 20:15:19.0843 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/28 20:15:19.0921 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/28 20:15:19.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/28 20:15:20.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/28 20:15:20.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/28 20:15:20.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/28 20:15:20.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/28 20:15:20.0343 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/28 20:15:20.0421 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/28 20:15:20.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/28 20:15:20.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/28 20:15:20.0750 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/28 20:15:20.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/28 20:15:20.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/28 20:15:20.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/28 20:15:21.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/28 20:15:21.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/28 20:15:21.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/28 20:15:21.0312 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys

2011/01/28 20:15:21.0437 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\WINDOWS\system32\drivers\hcmon.sys

2011/01/28 20:15:21.0531 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/28 20:15:21.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/28 20:15:21.0750 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/28 20:15:21.0843 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/28 20:15:21.0890 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/28 20:15:21.0953 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/28 20:15:22.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/28 20:15:22.0156 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/28 20:15:22.0203 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/28 20:15:22.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/28 20:15:22.0484 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/28 20:15:22.0671 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys

2011/01/28 20:15:22.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/28 20:15:22.0859 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/28 20:15:23.0171 IntcAzAudAddService (f574d00ab0319d8ab38fff0739c8659b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/28 20:15:23.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/28 20:15:23.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/28 20:15:23.0546 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/28 20:15:23.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/28 20:15:23.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/28 20:15:23.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/28 20:15:23.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/28 20:15:23.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/28 20:15:23.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/28 20:15:23.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/28 20:15:24.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/28 20:15:24.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/28 20:15:24.0140 L1c (d99d73fb21394f2cba4b6f34361f88fa) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/01/28 20:15:24.0281 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/01/28 20:15:24.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/28 20:15:24.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/28 20:15:24.0609 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/01/28 20:15:24.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/28 20:15:24.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/28 20:15:24.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/28 20:15:24.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/28 20:15:25.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/28 20:15:25.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/28 20:15:25.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/28 20:15:25.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/28 20:15:25.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/28 20:15:25.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/28 20:15:25.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/28 20:15:25.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/28 20:15:25.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/28 20:15:25.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/28 20:15:25.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/28 20:15:25.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/28 20:15:25.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/28 20:15:25.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/28 20:15:25.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/28 20:15:26.0000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/28 20:15:26.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/28 20:15:26.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/28 20:15:26.0218 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys

2011/01/28 20:15:26.0296 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys

2011/01/28 20:15:26.0375 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2011/01/28 20:15:26.0546 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2011/01/28 20:15:26.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/28 20:15:26.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/28 20:15:26.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/28 20:15:26.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/28 20:15:26.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/28 20:15:27.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/28 20:15:27.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/28 20:15:27.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/28 20:15:27.0234 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2011/01/28 20:15:27.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/28 20:15:27.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/28 20:15:27.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/28 20:15:27.0734 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/28 20:15:27.0781 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/28 20:15:27.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/28 20:15:27.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/28 20:15:28.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/28 20:15:28.0109 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/28 20:15:28.0156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/28 20:15:28.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/28 20:15:28.0281 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/28 20:15:28.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/28 20:15:28.0359 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/28 20:15:28.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/28 20:15:28.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/28 20:15:28.0609 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/28 20:15:28.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/28 20:15:28.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/28 20:15:28.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/28 20:15:28.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/28 20:15:28.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/28 20:15:29.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/28 20:15:29.0218 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys

2011/01/28 20:15:29.0406 SbieDrv (0e37b22d506d09f349885049db34f0dc) C:\Program Files\Sandboxie\SbieDrv.sys

2011/01/28 20:15:29.0671 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/01/28 20:15:29.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/28 20:15:29.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/28 20:15:29.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/28 20:15:30.0140 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/28 20:15:30.0218 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/28 20:15:30.0390 SNP2UVC (fa8a150623ed0e99b8e4f5cc3d57968b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

2011/01/28 20:15:30.0515 SNP325 (b3cc5a8cbe6f2bc3c764ee98101f427d) C:\WINDOWS\system32\DRIVERS\snp325.sys

2011/01/28 20:15:30.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/28 20:15:30.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/28 20:15:30.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/28 20:15:30.0968 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

2011/01/28 20:15:31.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/28 20:15:31.0203 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/01/28 20:15:31.0312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/28 20:15:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/28 20:15:31.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/28 20:15:31.0625 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/28 20:15:31.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/28 20:15:31.0750 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/28 20:15:31.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/28 20:15:31.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/28 20:15:31.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/28 20:15:32.0031 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/01/28 20:15:32.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/28 20:15:32.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/28 20:15:32.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/28 20:15:32.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/28 20:15:32.0484 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys

2011/01/28 20:15:32.0562 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/01/28 20:15:32.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/28 20:15:32.0734 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/28 20:15:32.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/28 20:15:32.0906 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

2011/01/28 20:15:33.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/28 20:15:33.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/28 20:15:33.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/28 20:15:33.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/28 20:15:33.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/28 20:15:33.0390 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

2011/01/28 20:15:33.0453 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

2011/01/28 20:15:33.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/28 20:15:33.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/28 20:15:33.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/28 20:15:33.0812 VBoxDrv (7be10a4eaf9c7475a28c6fafdf756499) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys

2011/01/28 20:15:33.0921 VBoxNetAdp (a1989b6f174ad6ee1c3de55cb942c91f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys

2011/01/28 20:15:33.0984 VBoxNetFlt (19ba977f1714d51b9fad6b188989ea03) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys

2011/01/28 20:15:34.0093 VBoxUSBMon (779744e022f3733c2d36014036ed74c2) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys

2011/01/28 20:15:34.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/28 20:15:34.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/28 20:15:34.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/28 20:15:34.0437 vmci (c9561dcbeda5b700752e3f7049b2d6f2) C:\WINDOWS\system32\Drivers\vmci.sys

2011/01/28 20:15:34.0515 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\WINDOWS\system32\drivers\VMkbd.sys

2011/01/28 20:15:34.0562 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

2011/01/28 20:15:34.0625 VMnetBridge (af55d6a291f99146c9b6419028fed844) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

2011/01/28 20:15:34.0687 VMnetuserif (ecbe41a85c852bcd2fd12281e8f9d833) C:\WINDOWS\system32\drivers\vmnetuserif.sys

2011/01/28 20:15:34.0750 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys

2011/01/28 20:15:34.0890 vmx86 (626d103ef74b9c2e9f7b5d3be9007fba) C:\WINDOWS\system32\Drivers\vmx86.sys

2011/01/28 20:15:35.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/28 20:15:35.0265 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys

2011/01/28 20:15:35.0421 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

2011/01/28 20:15:35.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/28 20:15:35.0687 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/01/28 20:15:35.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/28 20:15:36.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/28 20:15:36.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/28 20:15:36.0203 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/28 20:15:36.0281 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/28 20:15:36.0343 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/28 20:15:36.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/28 20:15:36.0609 ================================================================================

2011/01/28 20:15:36.0609 Scan finished

2011/01/28 20:15:36.0609 ================================================================================

Share this post


Link to post
Share on other sites

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Share this post


Link to post
Share on other sites

2011/01/28 20:15:09.0390 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/28 20:15:09.0390 ================================================================================

2011/01/28 20:15:09.0390 SystemInfo:

2011/01/28 20:15:09.0390

2011/01/28 20:15:09.0390 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/28 20:15:09.0390 Product type: Workstation

2011/01/28 20:15:09.0390 ComputerName: EMACHINE-70C055

2011/01/28 20:15:09.0390 UserName: Waheb

2011/01/28 20:15:09.0390 Windows directory: C:\WINDOWS

2011/01/28 20:15:09.0390 System windows directory: C:\WINDOWS

2011/01/28 20:15:09.0390 Processor architecture: Intel x86

2011/01/28 20:15:09.0390 Number of processors: 2

2011/01/28 20:15:09.0390 Page size: 0x1000

2011/01/28 20:15:09.0390 Boot type: Normal boot

2011/01/28 20:15:09.0406 ================================================================================

2011/01/28 20:15:10.0312 Initialize success

2011/01/28 20:15:14.0000 ================================================================================

2011/01/28 20:15:14.0000 Scan started

2011/01/28 20:15:14.0000 Mode: Manual;

2011/01/28 20:15:14.0000 ================================================================================

2011/01/28 20:15:16.0031 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/28 20:15:16.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/28 20:15:16.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/28 20:15:16.0265 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys

2011/01/28 20:15:16.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/28 20:15:16.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/28 20:15:16.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/28 20:15:16.0625 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/28 20:15:16.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/28 20:15:16.0750 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/28 20:15:16.0781 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/28 20:15:16.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/28 20:15:16.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/28 20:15:16.0968 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\WINDOWS\system32\drivers\aksfridge.sys

2011/01/28 20:15:17.0093 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/28 20:15:17.0140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/28 20:15:17.0250 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/01/28 20:15:17.0359 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/28 20:15:17.0437 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/28 20:15:17.0562 ApfiltrService (10b2c784163208693248af6241c011ff) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/28 20:15:17.0703 AR5416 (e6d433868e1c0b1dead8d5f64bb2af9f) C:\WINDOWS\system32\DRIVERS\athw.sys

2011/01/28 20:15:17.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/28 20:15:17.0906 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/28 20:15:17.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/28 20:15:18.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/28 20:15:18.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/28 20:15:18.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/28 20:15:18.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/28 20:15:18.0531 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/01/28 20:15:18.0593 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/01/28 20:15:18.0640 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/01/28 20:15:18.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/28 20:15:18.0937 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/01/28 20:15:19.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/28 20:15:19.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/28 20:15:19.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/28 20:15:19.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/28 20:15:19.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/28 20:15:19.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/28 20:15:19.0531 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/28 20:15:19.0671 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/28 20:15:19.0703 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/28 20:15:19.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/28 20:15:19.0843 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/28 20:15:19.0921 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/28 20:15:19.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/28 20:15:20.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/28 20:15:20.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/28 20:15:20.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/28 20:15:20.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/28 20:15:20.0343 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/28 20:15:20.0421 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/28 20:15:20.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/28 20:15:20.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/28 20:15:20.0750 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/28 20:15:20.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/28 20:15:20.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/28 20:15:20.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/28 20:15:21.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/28 20:15:21.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/28 20:15:21.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/28 20:15:21.0312 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys

2011/01/28 20:15:21.0437 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\WINDOWS\system32\drivers\hcmon.sys

2011/01/28 20:15:21.0531 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/28 20:15:21.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/28 20:15:21.0750 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/28 20:15:21.0843 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/28 20:15:21.0890 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/28 20:15:21.0953 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/28 20:15:22.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/28 20:15:22.0156 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/28 20:15:22.0203 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/28 20:15:22.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/28 20:15:22.0484 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/28 20:15:22.0671 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys

2011/01/28 20:15:22.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/28 20:15:22.0859 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/28 20:15:23.0171 IntcAzAudAddService (f574d00ab0319d8ab38fff0739c8659b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/28 20:15:23.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/28 20:15:23.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/28 20:15:23.0546 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/28 20:15:23.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/28 20:15:23.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/28 20:15:23.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/28 20:15:23.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/28 20:15:23.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/28 20:15:23.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/28 20:15:23.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/28 20:15:24.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/28 20:15:24.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/28 20:15:24.0140 L1c (d99d73fb21394f2cba4b6f34361f88fa) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/01/28 20:15:24.0281 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/01/28 20:15:24.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/28 20:15:24.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/28 20:15:24.0609 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/01/28 20:15:24.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/28 20:15:24.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/28 20:15:24.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/28 20:15:24.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/28 20:15:25.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/28 20:15:25.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/28 20:15:25.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/28 20:15:25.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/28 20:15:25.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/28 20:15:25.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/28 20:15:25.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/28 20:15:25.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/28 20:15:25.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/28 20:15:25.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/28 20:15:25.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/28 20:15:25.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/28 20:15:25.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/28 20:15:25.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/28 20:15:25.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/28 20:15:26.0000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/28 20:15:26.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/28 20:15:26.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/28 20:15:26.0218 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys

2011/01/28 20:15:26.0296 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys

2011/01/28 20:15:26.0375 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2011/01/28 20:15:26.0546 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2011/01/28 20:15:26.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/28 20:15:26.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/28 20:15:26.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/28 20:15:26.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/28 20:15:26.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/28 20:15:27.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/28 20:15:27.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/28 20:15:27.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/28 20:15:27.0234 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2011/01/28 20:15:27.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/28 20:15:27.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/28 20:15:27.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/28 20:15:27.0734 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/28 20:15:27.0781 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/28 20:15:27.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/28 20:15:27.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/28 20:15:28.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/28 20:15:28.0109 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/28 20:15:28.0156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/28 20:15:28.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/28 20:15:28.0281 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/28 20:15:28.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/28 20:15:28.0359 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/28 20:15:28.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/28 20:15:28.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/28 20:15:28.0609 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/28 20:15:28.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/28 20:15:28.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/28 20:15:28.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/28 20:15:28.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/28 20:15:28.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/28 20:15:29.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/28 20:15:29.0218 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys

2011/01/28 20:15:29.0406 SbieDrv (0e37b22d506d09f349885049db34f0dc) C:\Program Files\Sandboxie\SbieDrv.sys

2011/01/28 20:15:29.0671 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/01/28 20:15:29.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/28 20:15:29.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/28 20:15:29.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/28 20:15:30.0140 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/28 20:15:30.0218 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/28 20:15:30.0390 SNP2UVC (fa8a150623ed0e99b8e4f5cc3d57968b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

2011/01/28 20:15:30.0515 SNP325 (b3cc5a8cbe6f2bc3c764ee98101f427d) C:\WINDOWS\system32\DRIVERS\snp325.sys

2011/01/28 20:15:30.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/28 20:15:30.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/28 20:15:30.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/28 20:15:30.0968 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

2011/01/28 20:15:31.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/28 20:15:31.0203 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/01/28 20:15:31.0312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/28 20:15:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/28 20:15:31.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/28 20:15:31.0625 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/28 20:15:31.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/28 20:15:31.0750 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/28 20:15:31.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/28 20:15:31.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/28 20:15:31.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/28 20:15:32.0031 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/01/28 20:15:32.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/28 20:15:32.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/28 20:15:32.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/28 20:15:32.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/28 20:15:32.0484 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys

2011/01/28 20:15:32.0562 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/01/28 20:15:32.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/28 20:15:32.0734 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/28 20:15:32.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/28 20:15:32.0906 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

2011/01/28 20:15:33.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/28 20:15:33.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/28 20:15:33.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/28 20:15:33.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/28 20:15:33.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/28 20:15:33.0390 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

2011/01/28 20:15:33.0453 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

2011/01/28 20:15:33.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/28 20:15:33.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/28 20:15:33.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/28 20:15:33.0812 VBoxDrv (7be10a4eaf9c7475a28c6fafdf756499) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys

2011/01/28 20:15:33.0921 VBoxNetAdp (a1989b6f174ad6ee1c3de55cb942c91f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys

2011/01/28 20:15:33.0984 VBoxNetFlt (19ba977f1714d51b9fad6b188989ea03) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys

2011/01/28 20:15:34.0093 VBoxUSBMon (779744e022f3733c2d36014036ed74c2) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys

2011/01/28 20:15:34.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/28 20:15:34.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/28 20:15:34.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/28 20:15:34.0437 vmci (c9561dcbeda5b700752e3f7049b2d6f2) C:\WINDOWS\system32\Drivers\vmci.sys

2011/01/28 20:15:34.0515 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\WINDOWS\system32\drivers\VMkbd.sys

2011/01/28 20:15:34.0562 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

2011/01/28 20:15:34.0625 VMnetBridge (af55d6a291f99146c9b6419028fed844) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

2011/01/28 20:15:34.0687 VMnetuserif (ecbe41a85c852bcd2fd12281e8f9d833) C:\WINDOWS\system32\drivers\vmnetuserif.sys

2011/01/28 20:15:34.0750 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys

2011/01/28 20:15:34.0890 vmx86 (626d103ef74b9c2e9f7b5d3be9007fba) C:\WINDOWS\system32\Drivers\vmx86.sys

2011/01/28 20:15:35.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/28 20:15:35.0265 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys

2011/01/28 20:15:35.0421 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

2011/01/28 20:15:35.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/28 20:15:35.0687 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/01/28 20:15:35.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/28 20:15:36.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/28 20:15:36.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/28 20:15:36.0203 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/28 20:15:36.0281 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/28 20:15:36.0343 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/28 20:15:36.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/28 20:15:36.0609 ================================================================================

2011/01/28 20:15:36.0609 Scan finished

2011/01/28 20:15:36.0609 ================================================================================

Share this post


Link to post
Share on other sites

For Your information:

I have run the latest Prevx and it crashed a couple of seconds after detecting two infections somewhere in the c:/Programs ... (scanning was going very fast)

Share this post


Link to post
Share on other sites

Did you read my instructions? I want a log file from MBRCheck, not from TDSSKiller.

Share this post


Link to post
Share on other sites

oops sorry !!!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x00000004

Kernel Drivers (total 195):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0xF7CBF000 \WINDOWS\system32\KDCOM.DLL

0xF7BCF000 \WINDOWS\system32\BOOTVID.dll

0xF7770000 ACPI.sys

0xF7CC1000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF775F000 pci.sys

0xF77BF000 isapnp.sys

0xF7BD3000 compbatt.sys

0xF7BD7000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7D87000 pciide.sys

0xF7A3F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7CC3000 aliide.sys

0xF7CC5000 intelide.sys

0xF7CC7000 toside.sys

0xF7CC9000 viaide.sys

0xF7CCB000 cmdide.sys

0xF77CF000 MountMgr.sys

0xF7740000 ftdisk.sys

0xF7A47000 PartMgr.sys

0xF7BDB000 ACPIEC.sys

0xF7D88000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF77DF000 VolSnap.sys

0xF7BDF000 cpqarray.sys

0xF7728000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF764E000 iaStor.sys

0xF7636000 atapi.sys

0xF7BE3000 aha154x.sys

0xF7A4F000 sparrow.sys

0xF7BE7000 symc810.sys

0xF77EF000 aic78xx.sys

0xF7BEB000 dac960nt.sys

0xF77FF000 ql10wnt.sys

0xF7BEF000 amsint.sys

0xF7A57000 asc.sys

0xF7BF3000 asc3550.sys

0xF7A5F000 mraid35x.sys

0xF7A67000 i2omp.sys

0xF7BF7000 ini910u.sys

0xF780F000 ql1240.sys

0xF781F000 aic78u2.sys

0xF7A6F000 symc8xx.sys

0xF7A77000 sym_hi.sys

0xF7A7F000 sym_u3.sys

0xF7A87000 ABP480N5.SYS

0xF7A8F000 asc3350p.sys

0xF7CCD000 cd20xrnt.sys

0xF782F000 ultra.sys

0xF761D000 adpu160m.sys

0xF7A97000 dpti2o.sys

0xF783F000 ql1080.sys

0xF784F000 ql1280.sys

0xF785F000 ql12160.sys

0xF7A9F000 perc2.sys

0xF7CCF000 perc2hib.sys

0xF7AA7000 hpn.sys

0xF7BFB000 cbidf2k.sys

0xF75F1000 dac2w2k.sys

0xF786F000 disk.sys

0xF787F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF75D1000 fltMgr.sys

0xF75BF000 sr.sys

0xF788F000 PxHelp20.sys

0xF75A8000 KSecDD.sys

0xF7595000 WudfPf.sys

0xF7508000 Ntfs.sys

0xF74DB000 NDIS.sys

0xF789F000 sisagp.sys

0xF78AF000 viaagp.sys

0xF74C1000 Mup.sys

0xF78BF000 alim1541.sys

0xF78CF000 amdagp.sys

0xF78DF000 agp440.sys

0xF78EF000 agpCPQ.sys

0xF7CB7000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xF799F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF554A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xF5536000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF550E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF54FD000 \SystemRoot\system32\DRIVERS\l1c51x86.sys

0xF5377000 \SystemRoot\system32\DRIVERS\athw.sys

0xF7AFF000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF5353000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7B07000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7CBB000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF79AF000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7B0F000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7B17000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys

0xF5311000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xF79BF000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xF52A0000 \SystemRoot\System32\Drivers\wdf01000.sys

0xF7B1F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF6585000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xF51AF000 \SystemRoot\system32\DRIVERS\btkrnl.sys

0xF516E000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys

0xF514B000 \SystemRoot\system32\drivers\ks.sys

0xF7E3B000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF79CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF6581000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5134000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF79DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF79EF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7B27000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5123000 \SystemRoot\system32\DRIVERS\psched.sys

0xF79FF000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7B2F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7B37000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF510C000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys

0xF7A0F000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF50F2000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys

0xF7D21000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF5094000 \SystemRoot\system32\DRIVERS\update.sys

0xF656D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF6569000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

0xF6565000 \SystemRoot\system32\DRIVERS\VMNET.SYS

0xF5746000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF793F000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7D51000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA584F000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xA582B000 \SystemRoot\system32\drivers\portcls.sys

0xF794F000 \SystemRoot\system32\drivers\drmk.sys

0xA9E25000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xA1B01000 \SystemRoot\System32\Drivers\AFS2K.SYS

0xF7D6D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7E04000 \SystemRoot\System32\Drivers\Null.SYS

0xF7D6F000 \SystemRoot\System32\Drivers\Beep.SYS

0xA3F10000 \SystemRoot\System32\drivers\vga.sys

0xF7D71000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7D73000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xA3F08000 \SystemRoot\System32\Drivers\Msfs.SYS

0xA3F00000 \SystemRoot\System32\Drivers\Npfs.SYS

0xA9E21000 \SystemRoot\system32\DRIVERS\rasacd.sys

0x9EC29000 \SystemRoot\system32\DRIVERS\ipsec.sys

0x9EBD0000 \SystemRoot\system32\DRIVERS\tcpip.sys

0x9EBA8000 \SystemRoot\system32\DRIVERS\netbt.sys

0x9EB82000 \SystemRoot\system32\DRIVERS\ipnat.sys

0x9EB4A000 \SystemRoot\system32\DRIVERS\tcpip6.sys

0xA581B000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xA1AE1000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys

0x9EB28000 \SystemRoot\System32\drivers\afd.sys

0xA1AD1000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA1AC1000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA1AB1000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys

0x9EB06000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys

0x9EACF000 \SystemRoot\System32\drivers\truecrypt.sys

0xA283E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xA1AA1000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0x9EA54000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x9E9BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA1A71000 \SystemRoot\System32\Drivers\Fips.SYS

0x9E80E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys

0xA134B000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xA2836000 \SystemRoot\system32\DRIVERS\sncduvc.SYS

0x9E7E8000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xF7D5D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

0xA568F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0x9B96F000 \SystemRoot\System32\drivers\Dxapi.sys

0xA3F30000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7EAD000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF059000 \SystemRoot\System32\igxpdv32.DLL

0xBF2E9000 \SystemRoot\System32\igxpdx32.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0x9B37E000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x9EA50000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0x9B30D000 \??\C:\Program Files\Sandboxie\SbieDrv.sys

0xF593E000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

0x9B33A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x9B218000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0x9B1DB000 \SystemRoot\system32\drivers\wdmaud.sys

0xA50F3000 \SystemRoot\system32\drivers\sysaudio.sys

0xA1A91000 \??\C:\WINDOWS\system32\drivers\hcmon.sys

0xF6A24000 \??\C:\WINDOWS\system32\Drivers\vmci.sys

0x9ABB7000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys

0x9AA09000 \SystemRoot\System32\Drivers\adfs.SYS

0x9A9AE000 \??\C:\WINDOWS\system32\drivers\aksfridge.sys

0x9A80D000 \??\C:\WINDOWS\system32\drivers\hardlock.sys

0x9A7C8000 \SystemRoot\System32\Drivers\Fastfat.SYS

0x9A5E0000 \SystemRoot\system32\DRIVERS\srv.sys

0x9EE7F000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys

0x99D7A000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

0x99936000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0x995B0000 \SystemRoot\System32\Drivers\HTTP.sys

0xF7B4F000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x9AD7E000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x9933B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x9A99E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x991C5000 \SystemRoot\system32\drivers\kmixer.sys

0xA3F20000 \SystemRoot\System32\drivers\pxkbf.sys

0x99074000 \SystemRoot\System32\drivers\pxrts.sys

0xF7AEF000 \SystemRoot\System32\drivers\pxscan.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):

0 System Idle Process

4 System

876 C:\WINDOWS\system32\smss.exe

924 csrss.exe

948 C:\WINDOWS\system32\winlogon.exe

992 C:\WINDOWS\system32\services.exe

1004 C:\WINDOWS\system32\lsass.exe

1172 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

1508 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1656 C:\WINDOWS\system32\svchost.exe

1704 svchost.exe

148 C:\Program Files\Sandboxie\SbieSvc.exe

184 C:\WINDOWS\system32\svchost.exe

368 C:\WINDOWS\system32\svchost.exe

456 svchost.exe

624 svchost.exe

1200 C:\WINDOWS\system32\spoolsv.exe

1248 C:\Program Files\Avira\AntiVir Desktop\sched.exe

1320 svchost.exe

2016 C:\WINDOWS\explorer.exe

492 C:\WINDOWS\system32\hkcmd.exe

500 C:\WINDOWS\system32\igfxpers.exe

532 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

576 C:\WINDOWS\system32\igfxsrvc.exe

580 C:\WINDOWS\RTHDCPL.EXE

828 C:\Program Files\Launch Manager\LManager.exe

968 C:\WINDOWS\snuvcdsm.exe

1068 C:\Program Files\Apoint2K\Apoint.exe

1384 C:\WINDOWS\vsnp325.exe

1472 C:\Program Files\Apoint2K\ApMsgFwd.exe

1756 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

1800 C:\Program Files\Apoint2K\ApntEx.exe

1784 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1796 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

2080 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

2536 C:\WINDOWS\system32\ctfmon.exe

2880 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

2900 C:\Program Files\Launch Manager\dsiwmis.exe

2932 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

3028 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

3108 C:\WINDOWS\system32\hasplms.exe

3356 C:\Program Files\Java\jre6\bin\jqs.exe

3796 sqlservr.exe

3832 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

864 C:\WINDOWS\system32\svchost.exe

2372 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

2784 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

3244 C:\WINDOWS\system32\vmnat.exe

668 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2640 C:\WINDOWS\system32\vmnetdhcp.exe

452 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

3884 wmiprvse.exe

2928 alg.exe

2860 C:\Program Files\Launch Manager\LMworker.exe

4048 C:\WINDOWS\system32\wbem\unsecapp.exe

3828 C:\WINDOWS\system32\BD7EBD1C.exe

2236 C:\Program Files\Internet Explorer\iexplore.exe

636 C:\WINDOWS\system32\vsjitdebugger.exe

2172 C:\WINDOWS\system32\vsjitdebugger.exe

2204 C:\WINDOWS\system32\vsjitdebugger.exe

2228 C:\WINDOWS\system32\wscntfy.exe

3300 C:\Program Files\Prevx\prevx.exe

2728 C:\Documents and Settings\Waheb\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c0100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22A23T0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Share this post


Link to post
Share on other sites

Everything seems fine.

After ComboFix installed Recovery Console sp2, I get a two second boot screen where I can select between the Recovery Console, a second thing "I shouldn't select" and finally my Windows operating system.

Do you think that's the cause of the problem ?

I doubt it. However:

http://support.microsoft.com/kb/555032

- major: I can't get into Safemode (Normal nor Networking). I haven't checked if I can get into Safemode with Command Prompt.

See, when I select either Safemode or Safemode with Networking, the screen scrolls until system32/drivers/agqCPQ.sys and then I get a really really fast blue screen and the computer restarts. This's been happening since the first ComboFix scan, the one where it found four or five "infected" files.

Let's uninstall ComboFix and try again:

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Share this post


Link to post
Share on other sites

What are we looking for ? Rootkit ?

Could it be that the files are corrupt and I need to run that chkdsk thing ?

Share this post


Link to post
Share on other sites

We're looking for everything. I need more information about detections of PrevX.

Could it be that the files are corrupt and I need to run that chkdsk thing ?

Which files?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.