1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Browser Hijack/Unable to Use SKYPE other functions

Discussion in 'Malware and Virus Removal Archive' started by hlbull, 2011/07/20.

Page 1 of 6
  1. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    [Inactive] Browser Hijack/Unable to Use SKYPE other functions

    Malwarebytes 7/16 log
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7161

    Windows 6.0.6000
    Internet Explorer 8.0.6001.18904

    7/16/2011 11:06:07 AM
    mbam-log-2011-07-16 (11-06-07).txt

    Scan type: Full scan (C:\|R:\|)
    Objects scanned: 369699
    Time elapsed: 1 hour(s), 44 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Malwarebytes 7/20/11 log

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7213

    Windows 6.0.6000
    Internet Explorer 8.0.6001.18904

    7/20/2011 1:44:28 PM
    mbam-log-2011-07-20 (13-44-28).txt

    Scan type: Quick scan
    Objects scanned: 166205
    Time elapsed: 7 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7161

    Windows 6.0.6000
    Internet Explorer 8.0.6001.18904

    7/20/2011 8:18:50 AM
    mbam-log-2011-07-20 (08-18-50).txt

    Scan type: Full scan (C:\|R:\|)
    Objects scanned: 370204
    Time elapsed: 1 hour(s), 32 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7161

    Windows 6.0.6000
    Internet Explorer 8.0.6001.18904

    7/20/2011 6:40:34 AM
    mbam-log-2011-07-20 (06-40-34).txt

    Scan type: Quick scan
    Objects scanned: 1
    Time elapsed: 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER downloaded. Crashed once during complete scan. When run again, it restarted my system. After restart with returning to Windows normally, received message "Windows has recovered from unexpected shutdown, go online to find solution." Closed box.

    aswMBR failed 3x.
    DDS.txt failed, both Mirror 1 and 2

    On 7/15/11 MS Security Essentials found these problems, which I removed:

    TrojanDownloader

    Description: This program is dangerous and downloads other programs.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.


    containerfile:C:\Users\Hannah-Leigh Bull\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\306de57f-7be71530
    file:C:\Users\Hannah-Leigh Bull\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\306de57f-7be71530->bingo/efir.class

    VirTool: JS/Obfuscator.BT

    Category: Tool

    Description: This program is used to create viruses, worms or other malware.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    containerfile:C:\Cache\Cache\D\04\A0F21d01
    file:C:\Cache\Cache\D\04\A0F21d01->(GZip)

    Exploit: Java/CVE-2010-0890.EX

    Description: This program is dangerous and exploits the computer on which it is run.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    containerfile:C:\Users\Hannah-Leigh Bull\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\306de57f-7be71530
    file:C:\Users\Hannah-Leigh Bull\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\306de57f-7be71530->bingo/haskalu.class

    Trojan Clicker: Win32/Yabector.gen

    Category: Trojan Notifier

    Description: This program connects to the Internet in the background.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Can't see how to get log from that application.

    On 7/20/11, System File Checker found this corrupted file: tcpmon.ini.

    Kaspersky failed with error 404, couldn't download.

    Panda wants Service Pack 1 and IE upgrade. I run only Firefox for years now. I receive many Windows messages that Windows IE has stopped working. I am not running it IE, and dislike IE. When I try to upgrade IE per myriad people's suggestions, I am told I must update the service packs, which one day show they are installed, but today show that they are uninstalled.

    I want to uninstall IE 8 forever.

    SKYPE doesn't launch. I hear the characteristic launch and log off sounds and briefly see the contact icons before it disappears. Also receive Windows message to install more Windows updates. When I go to Windows Updates, there are no important updates to install.

    Several instances of IE, which I don't use, opening to Facebook, real estate pages, porno. Firefox cannot do a search without being rerouted to other websites. Often IE audios opening in the background, and more.

    Please ask if you need more info, as I suspect you will. Thank you so much!

    Hannah-Leigh
     
    hlbull,
    #1
  2. 2011/07/20
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    No problem. We have plenty of other tools.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".
     
    broni,
    #3
  5. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    Hijacked Browser: Ran RKUnhookerLE as requested, report

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6000
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8F0B9000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7630848 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.69 )
    0x82000000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
    0x82000000 PnpManager 3805184 bytes
    0x82000000 RAW 3805184 bytes
    0x82000000 WMIxWDM 3805184 bytes
    0x8EE8A000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
    0x97800000 Win32k 2097152 bytes
    0x97800000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x824F8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
    0x81ECB000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8FC9B000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
    0xA4B22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x8FE76000 C:\Windows\System32\drivers\tcpip.sys 876544 bytes (Microsoft Corporation, TCP/IP Driver)
    0x91142000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
    0x8064A000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
    0x8FF4C000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x80708000 C:\Windows\system32\drivers\iastorv.sys 655360 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
    0x8EAC1000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0xA2A22000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
    0xA2B12000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
    0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
    0x8248E000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xA1624000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8026C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x8FA3B000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
    0x8EE39000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
    0xA2255000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
    0x807A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8FE06000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8F95F000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8FD9E000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0x8EA84000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x80220000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
    0x9015C000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xA22DC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x81E67000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x81E31000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x823A1000 ACPI_HAL 212992 bytes
    0x823A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8F877000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x901CE000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x81FCF000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8FA0E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8EE0D000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
    0x8F99F000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x81EA0000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x9CE14000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x8F8AB000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0xA4A07000 C:\Program Files\WebDrive\wdfsd.sys 167936 bytes
    0xA534A000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0x8FC74000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0x8FDDB000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x82469000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x8043C000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xA22A6000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x8F90F000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x82448000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8FC53000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0xA2333000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x80624000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x8F9CA000 C:\Windows\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
    0xA2315000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x9B525000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0xA1609000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
    0xA23A7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8FC0C000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x8F9E8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x8EA3E000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
    0x90105000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
    0x8F93D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x900CE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xA59C4000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x901B8000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8FE61000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
    0xA2393000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8EA1C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
    0x8FE4D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8EA09000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x8F8FC000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9CE01000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x90197000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x900BC000 C:\Windows\system32\DRIVERS\BrSerId.sys 73728 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
    0x8EA64000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0xA22CA000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x81E02000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8B330000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
    0x80614000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x8B320000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x9AE50000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x80410000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x8B3F0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
    0x8B310000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x9AE81000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x81E13000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x81E22000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8268C000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8F8D5000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
    0x8042D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8EA56000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0x9B810000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8E624000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
    0x901AA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8FC25000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x807F2000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8EA30000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
    0x8EA76000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x8FB4A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8FB30000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x8F8E4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8FB3D000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
    0x8E617000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x80213000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x8FA02000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8EE02000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8E601000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8F8F1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8F932000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8E685000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8F954000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8B665000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8E60C000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x80420000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8EB9C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8EBEC000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
    0x8EB60000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8EBA6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8EB6A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x8EB88000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8EB74000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
    0x8E753000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x8243F000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x8E702000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8E6F0000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x80263000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8060B000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8E71D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x9B800000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8E70B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8269B000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x8020A000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x80642000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x8025B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8E7B8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x80202000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8E7E8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8E7F0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x80603000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x98C70000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x8B6FE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x8B705000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x80409000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x8B6F7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x80402000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8B7A2000 C:\Windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8B7BA000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC5536D1-1689-46C0-8768-DB7541AFE957}\MpKsl651001f2.sys 24576 bytes
    0xAB919000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2153AD0F-F995-47B0-92F5-C60996FA3DD2}\MpKslb7a385a6.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0x8B630000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0xA317C000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0x8B685000 C:\Windows\system32\DRIVERS\BrUsbSer.sys 12288 bytes (Brother Industries Ltd., Brother USB Serial Driver)
    0x8042A000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x802CC000 00000040 8192 bytes
    0x802CC000 C:\Windows\system32\kdcom.dll 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x8B252000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8B246000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    !!!!!!!!!!!Hidden driver: 0x855816D0 00000138 0 bytes
    ==============================================
    >Stealth
    ==============================================
    0x86BA364D Unknown page with executable code, 2483 bytes
    0x86BA8604 Unknown page with executable code, 2556 bytes
    0x86BA34A7 Unknown page with executable code, 2905 bytes
    0x86BA64A5 Unknown page with executable code, 2907 bytes
    0x86BA63F5 Unknown page with executable code, 3083 bytes
    0x86BA5DAA Unknown page with executable code, 598 bytes
    0x86BA60B3 Unknown thread object [ ETHREAD 0x855CAAD0 ] TID: 228, 600 bytes
    0x86BA77FB Unknown thread object [ ETHREAD 0x86BF0020 ] TID: 240, 600 bytes
    0x86BA3FB5 Unknown page with executable code, 75 bytes
    0x86BA5CCB Unknown page with executable code, 821 bytes
     
    hlbull,
    #4
  6. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #5
  7. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    Download failed twice with this message:

    C:\Users\HANNAH~1\AppData\Local\Temp\tdsskiller-1.exe could not be opened, because an unknown error occurred.

    Try saving to disk first and then opening the file.
    ---------

    I don't see the file in Temp and don't know how to redirect the download to the Desktop. Does not give me that option.
     
    hlbull,
    #6
  8. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
    broni,
    #7
  9. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    Same errors downloading FixTDSS.exe 2X. Is there a way to access an interface that bypasses the download folder and copies it to a specified location?
     
    hlbull,
    #8
  10. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you getting errors when downloading those tools, or when you're trying to run them?
     
    broni,
    #9
  11. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    When downloading.

    Thx so much!
     
    hlbull,
    #10
  12. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do you another working computer?
    If so, you can download them there and transfer programs to "sick" computer through USB stick.
    If not let me know.
     
    broni,
    #11
  13. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    No other working computer unfortunately, Broni. Some of the earlier applications did download and I was able to run them and send you the info. This seems an intermittent issue.

    Thx!
     
    hlbull,
    #12
  14. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'll upload those files to some other place for you.
    Hold on...
     
    broni,
    #13
  15. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #14
  16. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    tdskiller log

    Broni, this is from safe mode. After running tdskiller and reboot as instructed, computer went into endless restart cycle. Here's the report. Will wait before running second ap.

    Log:

    2011/07/20 19:24:09.0592 2708 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
    2011/07/20 19:24:10.0224 2708 ================================================================================
    2011/07/20 19:24:10.0224 2708 SystemInfo:
    2011/07/20 19:24:10.0224 2708
    2011/07/20 19:24:10.0225 2708 OS Version: 6.0.6000 ServicePack: 0.0
    2011/07/20 19:24:10.0225 2708 Product type: Workstation
    2011/07/20 19:24:10.0225 2708 ComputerName: HANNAH-LEIGH-PC
    2011/07/20 19:24:10.0225 2708 UserName: Hannah-Leigh Bull
    2011/07/20 19:24:10.0225 2708 Windows directory: C:\Windows
    2011/07/20 19:24:10.0225 2708 System windows directory: C:\Windows
    2011/07/20 19:24:10.0225 2708 Processor architecture: Intel x86
    2011/07/20 19:24:10.0225 2708 Number of processors: 2
    2011/07/20 19:24:10.0225 2708 Page size: 0x1000
    2011/07/20 19:24:10.0225 2708 Boot type: Normal boot
    2011/07/20 19:24:10.0226 2708 ================================================================================
    2011/07/20 19:24:11.0108 2708 Initialize success
    2011/07/20 19:24:26.0426 4376 ================================================================================
    2011/07/20 19:24:26.0426 4376 Scan started
    2011/07/20 19:24:26.0426 4376 Mode: Manual;
    2011/07/20 19:24:26.0426 4376 ================================================================================
    2011/07/20 19:24:26.0931 4376 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    2011/07/20 19:24:27.0015 4376 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/07/20 19:24:27.0059 4376 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/07/20 19:24:27.0109 4376 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/07/20 19:24:27.0156 4376 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/07/20 19:24:27.0247 4376 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2011/07/20 19:24:27.0297 4376 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
    2011/07/20 19:24:27.0340 4376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/07/20 19:24:27.0383 4376 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
    2011/07/20 19:24:27.0439 4376 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
    2011/07/20 19:24:27.0481 4376 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
    2011/07/20 19:24:27.0519 4376 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/07/20 19:24:27.0557 4376 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/07/20 19:24:27.0745 4376 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/07/20 19:24:27.0840 4376 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/07/20 19:24:27.0905 4376 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/07/20 19:24:27.0966 4376 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/07/20 19:24:28.0018 4376 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
    2011/07/20 19:24:28.0107 4376 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    2011/07/20 19:24:28.0373 4376 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2011/07/20 19:24:28.0500 4376 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2011/07/20 19:24:28.0566 4376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/07/20 19:24:28.0609 4376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/07/20 19:24:28.0660 4376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
    2011/07/20 19:24:28.0729 4376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/07/20 19:24:28.0774 4376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/07/20 19:24:28.0830 4376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
    2011/07/20 19:24:28.0902 4376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/07/20 19:24:28.0957 4376 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/07/20 19:24:29.0015 4376 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/07/20 19:24:29.0149 4376 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/07/20 19:24:29.0206 4376 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    2011/07/20 19:24:29.0259 4376 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/07/20 19:24:29.0296 4376 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
    2011/07/20 19:24:29.0319 4376 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/07/20 19:24:29.0351 4376 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/07/20 19:24:29.0389 4376 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/07/20 19:24:29.0455 4376 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
    2011/07/20 19:24:29.0542 4376 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/07/20 19:24:29.0596 4376 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2011/07/20 19:24:29.0671 4376 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2011/07/20 19:24:29.0732 4376 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
    2011/07/20 19:24:29.0784 4376 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2011/07/20 19:24:29.0831 4376 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/07/20 19:24:29.0890 4376 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
    2011/07/20 19:24:29.0925 4376 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/07/20 19:24:30.0013 4376 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2011/07/20 19:24:30.0091 4376 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/07/20 19:24:30.0211 4376 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2011/07/20 19:24:30.0250 4376 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/07/20 19:24:30.0303 4376 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2011/07/20 19:24:30.0336 4376 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2011/07/20 19:24:30.0398 4376 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/07/20 19:24:30.0437 4376 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2011/07/20 19:24:30.0474 4376 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/07/20 19:24:30.0518 4376 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/07/20 19:24:30.0573 4376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/07/20 19:24:30.0622 4376 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/07/20 19:24:30.0662 4376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/07/20 19:24:30.0689 4376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/07/20 19:24:30.0737 4376 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/07/20 19:24:30.0778 4376 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/07/20 19:24:30.0842 4376 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/07/20 19:24:30.0883 4376 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/07/20 19:24:30.0957 4376 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    2011/07/20 19:24:30.0999 4376 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/07/20 19:24:31.0044 4376 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/07/20 19:24:31.0099 4376 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
    2011/07/20 19:24:31.0145 4376 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/07/20 19:24:31.0216 4376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/07/20 19:24:31.0274 4376 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
    2011/07/20 19:24:31.0334 4376 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/07/20 19:24:31.0405 4376 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/07/20 19:24:31.0474 4376 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/07/20 19:24:31.0510 4376 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/07/20 19:24:31.0564 4376 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2011/07/20 19:24:31.0603 4376 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
    2011/07/20 19:24:31.0640 4376 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/07/20 19:24:31.0683 4376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/07/20 19:24:31.0725 4376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/07/20 19:24:31.0764 4376 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/07/20 19:24:31.0800 4376 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/07/20 19:24:31.0864 4376 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    2011/07/20 19:24:31.0941 4376 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/07/20 19:24:32.0001 4376 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/07/20 19:24:32.0038 4376 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/07/20 19:24:32.0110 4376 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/07/20 19:24:32.0152 4376 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2011/07/20 19:24:32.0213 4376 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/07/20 19:24:32.0251 4376 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/07/20 19:24:32.0305 4376 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2011/07/20 19:24:32.0340 4376 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    2011/07/20 19:24:32.0370 4376 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/07/20 19:24:32.0406 4376 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/07/20 19:24:32.0439 4376 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2011/07/20 19:24:32.0499 4376 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/07/20 19:24:32.0554 4376 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/07/20 19:24:32.0714 4376 MpKslb7a385a6 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2153AD0F-F995-47B0-92F5-C60996FA3DD2}\MpKslb7a385a6.sys
    2011/07/20 19:24:32.0787 4376 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/07/20 19:24:32.0852 4376 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2011/07/20 19:24:32.0907 4376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/07/20 19:24:32.0952 4376 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    2011/07/20 19:24:33.0015 4376 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/07/20 19:24:33.0057 4376 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/07/20 19:24:33.0092 4376 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/07/20 19:24:33.0138 4376 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
    2011/07/20 19:24:33.0180 4376 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/07/20 19:24:33.0233 4376 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2011/07/20 19:24:33.0278 4376 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
    2011/07/20 19:24:33.0340 4376 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/07/20 19:24:33.0383 4376 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/07/20 19:24:33.0404 4376 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2011/07/20 19:24:33.0452 4376 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2011/07/20 19:24:33.0486 4376 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/07/20 19:24:33.0521 4376 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2011/07/20 19:24:33.0555 4376 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2011/07/20 19:24:33.0603 4376 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/07/20 19:24:33.0661 4376 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2011/07/20 19:24:33.0713 4376 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/07/20 19:24:33.0749 4376 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/07/20 19:24:33.0787 4376 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/07/20 19:24:33.0822 4376 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    2011/07/20 19:24:33.0871 4376 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2011/07/20 19:24:33.0911 4376 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2011/07/20 19:24:34.0048 4376 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/07/20 19:24:34.0111 4376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/07/20 19:24:34.0149 4376 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2011/07/20 19:24:34.0181 4376 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2011/07/20 19:24:34.0250 4376 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    2011/07/20 19:24:34.0298 4376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/07/20 19:24:34.0335 4376 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2011/07/20 19:24:34.0594 4376 nvlddmkm (dc89868592d74de404406c9420c3f277) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/07/20 19:24:34.0775 4376 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/07/20 19:24:34.0820 4376 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/07/20 19:24:34.0862 4376 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
    2011/07/20 19:24:34.0972 4376 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/07/20 19:24:35.0048 4376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/07/20 19:24:35.0074 4376 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
    2011/07/20 19:24:35.0111 4376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/07/20 19:24:35.0152 4376 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
    2011/07/20 19:24:35.0182 4376 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
    2011/07/20 19:24:35.0234 4376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/07/20 19:24:35.0305 4376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/07/20 19:24:35.0402 4376 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/07/20 19:24:35.0438 4376 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/07/20 19:24:35.0550 4376 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    2011/07/20 19:24:35.0602 4376 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/07/20 19:24:35.0683 4376 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/07/20 19:24:35.0726 4376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/07/20 19:24:35.0778 4376 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2011/07/20 19:24:35.0886 4376 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/07/20 19:24:35.0939 4376 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/07/20 19:24:35.0974 4376 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/07/20 19:24:36.0024 4376 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/07/20 19:24:36.0062 4376 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/07/20 19:24:36.0094 4376 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/07/20 19:24:36.0165 4376 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
    2011/07/20 19:24:36.0188 4376 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2011/07/20 19:24:36.0240 4376 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
    2011/07/20 19:24:36.0324 4376 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/07/20 19:24:36.0370 4376 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/07/20 19:24:36.0408 4376 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/07/20 19:24:36.0504 4376 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/07/20 19:24:36.0571 4376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/07/20 19:24:36.0631 4376 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/07/20 19:24:36.0667 4376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/07/20 19:24:36.0716 4376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/07/20 19:24:36.0756 4376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/07/20 19:24:36.0793 4376 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    2011/07/20 19:24:36.0849 4376 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/07/20 19:24:36.0888 4376 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/07/20 19:24:36.0925 4376 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/07/20 19:24:36.0957 4376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/07/20 19:24:37.0011 4376 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
    2011/07/20 19:24:37.0047 4376 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/07/20 19:24:37.0080 4376 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/07/20 19:24:37.0138 4376 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
    2011/07/20 19:24:37.0183 4376 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2011/07/20 19:24:37.0239 4376 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    2011/07/20 19:24:37.0293 4376 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    2011/07/20 19:24:37.0339 4376 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/07/20 19:24:37.0393 4376 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    2011/07/20 19:24:37.0437 4376 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
    2011/07/20 19:24:37.0495 4376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/07/20 19:24:37.0530 4376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/07/20 19:24:37.0574 4376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/07/20 19:24:37.0687 4376 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
    2011/07/20 19:24:37.0744 4376 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/07/20 19:24:37.0787 4376 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2011/07/20 19:24:37.0828 4376 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2011/07/20 19:24:37.0861 4376 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2011/07/20 19:24:37.0901 4376 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2011/07/20 19:24:37.0929 4376 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
    2011/07/20 19:24:38.0063 4376 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/07/20 19:24:38.0123 4376 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/07/20 19:24:38.0186 4376 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/07/20 19:24:38.0295 4376 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/07/20 19:24:38.0351 4376 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2011/07/20 19:24:38.0480 4376 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
    2011/07/20 19:24:38.0523 4376 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/07/20 19:24:38.0575 4376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/07/20 19:24:38.0631 4376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/07/20 19:24:38.0678 4376 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2011/07/20 19:24:38.0733 4376 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/07/20 19:24:38.0788 4376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/07/20 19:24:38.0851 4376 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/07/20 19:24:38.0889 4376 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/07/20 19:24:38.0931 4376 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/07/20 19:24:38.0967 4376 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/07/20 19:24:39.0014 4376 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/07/20 19:24:39.0061 4376 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/07/20 19:24:39.0098 4376 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/07/20 19:24:39.0147 4376 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/07/20 19:24:39.0185 4376 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2011/07/20 19:24:39.0227 4376 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
    2011/07/20 19:24:39.0266 4376 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/07/20 19:24:39.0306 4376 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
    2011/07/20 19:24:39.0348 4376 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
    2011/07/20 19:24:39.0385 4376 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
    2011/07/20 19:24:39.0421 4376 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    2011/07/20 19:24:39.0473 4376 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/07/20 19:24:39.0531 4376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/07/20 19:24:39.0565 4376 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/20 19:24:39.0590 4376 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/07/20 19:24:39.0646 4376 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/07/20 19:24:39.0680 4376 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    2011/07/20 19:24:39.0795 4376 WebDriveFSD (9bab5184ea23e99481e1ceabad42fd87) C:\Program Files\WebDrive\wdfsd.sys
    2011/07/20 19:24:39.0876 4376 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/07/20 19:24:39.0976 4376 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/07/20 19:24:40.0079 4376 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/07/20 19:24:40.0116 4376 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/07/20 19:24:40.0176 4376 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/07/20 19:24:40.0235 4376 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/07/20 19:24:40.0296 4376 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
    2011/07/20 19:24:40.0303 4376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    2011/07/20 19:24:40.0318 4376 Boot (0x1200) (4150f60bf6aa686b70c23fc74b252800) \Device\Harddisk0\DR0\Partition0
    2011/07/20 19:24:40.0343 4376 Boot (0x1200) (ca83318582f47bc3f67ff416dc9d6c30) \Device\Harddisk0\DR0\Partition1
    2011/07/20 19:24:40.0349 4376 ================================================================================
    2011/07/20 19:24:40.0349 4376 Scan finished
    2011/07/20 19:24:40.0349 4376 ================================================================================
    2011/07/20 19:24:40.0364 4356 Detected object count: 1
    2011/07/20 19:24:40.0364 4356 Actual detected object count: 1
    2011/07/20 19:24:50.0672 4356 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
    2011/07/20 19:24:50.0673 4356 \Device\Harddisk0\DR0 - ok
    2011/07/20 19:24:50.0673 4356 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
    2011/07/20 19:25:17.0020 3192 Deinitialize success
     
    hlbull,
    #15
  17. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This is good.
    No need for the other program.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

    Also, see if DDS will run now.
     
    broni,
    #16
  18. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    RKUnhooker won't run in safe mode per message it sent.
     
    hlbull,
    #17
  19. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    PS: When RKUnhooker states it can't run in Safe Mode it is in a weirdly worded message, asking that we let it reboot. Instead I will try to reboot manually now and run it quickly as admin.

    Another error: Error loading driver, NTSTATUS code: OxC000035F.
     
    hlbull,
    #18
  20. 2011/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run it from normal mode.

    ...and see if DDS will run in normal mode.
     
    broni,
    #19
  21. 2011/07/20
    hlbull

    hlbull Inactive Thread Starter

    Joined:
    2011/07/20
    Messages:
    62
    Likes Received:
    0
    We can't run in normal mode at all.
    When I log in to windows other than safemode the computer blue screens before I can run anything.

    The technical information posted was:
    *** STOP: 0x0000008E (0xC00000005, 0x821F5C19,0x434D091C,0x00000000)
     
    hlbull,
    #20
Page 1 of 6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...