Tech Support Forum banner
Cancel

Search Engine Redirects (Yahoo/Google/etc. on IE/Firefox/Chrome)

Jump to Latest Follow
Status
Not open for further replies.
1 - 10 of 10 Posts
K

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Occurs: Search Engine Redirects (Yahoo/Google/etc. on IE/Firefox/Chrome)
Whenever I click on a link after using a search engine it redirects to spam/useless pages. I've tried numerous spyware removal programs with no success (include malwarebytes, spybot....) Any assistance is greatly appreciated. Thanks for your time. The following is my DDS log followed by the 2 requested attachments.



DDS (Ver_10-03-17.01) - NTFSx86
Run by MERAJUL ALAM at 11:22:39.29 on Thu 07/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1178 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MERAJUL ALAM\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [cdloader] "c:\users\merajul alam\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\meraju~1\appdata\roaming\mozilla\firefox\profiles\gkvawvuf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-9 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-9 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-9 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]

=============== Created Last 30 ================

2010-07-29 03:08:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 02:45:31 0 d-s---w- C:\ComboFix
2010-07-29 02:38:29 0 d-----w- c:\programdata\FrontLine Registry Cleaner
2010-07-29 02:38:13 0 d-----w- c:\program files\Frontline Registry Cleaner
2010-07-29 00:11:03 0 ----a-w- c:\users\merajul alam\defogger_reenable
2010-07-28 23:47:56 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-28 23:29:38 98816 ----a-w- c:\windows\sed.exe
2010-07-28 23:29:38 77312 ----a-w- c:\windows\MBR.exe
2010-07-28 23:29:38 256512 ----a-w- c:\windows\PEV.exe
2010-07-28 23:29:38 161792 ----a-w- c:\windows\SWREG.exe
2010-07-28 23:17:16 0 d-----w- c:\users\meraju~1\appdata\roaming\Uniblue
2010-07-28 22:22:15 0 d-----w- c:\program files\UnHackMe
2010-07-28 01:13:58 0 d-----w- c:\windows\system32\Wat
2010-07-28 00:56:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-28 00:56:46 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-28 00:56:46 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-28 00:56:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-28 00:56:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-28 00:13:16 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-07-28 00:11:40 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-07-28 00:10:46 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-28 00:10:38 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-07-28 00:10:38 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-07-28 00:10:38 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-07-28 00:10:38 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-07-28 00:10:38 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-07-28 00:10:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-07-28 00:10:38 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-07-28 00:10:38 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-07-28 00:00:35 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-07-28 00:00:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-28 00:00:35 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-07-27 23:48:35 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-07-27 23:48:33 132608 ----a-w- c:\windows\system32\cabview.dll
2010-07-25 21:18:08 0 d-----w- c:\users\meraju~1\appdata\roaming\Malwarebytes
2010-07-25 21:17:42 0 d-----w- c:\programdata\Malwarebytes
2010-07-25 17:51:47 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-25 16:55:07 0 d---a-w- c:\programdata\TEMP
2010-07-25 16:50:40 0 d-----w- c:\windows\system32\appmgmt
2010-07-25 16:15:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-25 16:15:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 14:46:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-15 14:46:59 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:46:13 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 19:10:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:23:18.85 ===============
 

Attachments

sjpritch25

· Registered
Joined
·
1,383 Posts
#2 ·
Welcome to TSF :)

Scan with RKUnHooker
  • Please download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.
  • Wait till the scanner has finished then click File, Save Report.
  • Save the report to your Desktop. Click Close.

In your next reply, copy and paste the contents of the log.

Note*** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!!
It is recommended to remove parasite, okay?"
 
Save Share
K

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
I just realized that this problem occurs in all my computers which are connected to the same internet (network.) Should i proceed with the RootkitUnhooker, or does this situation change anything?
 
sjpritch25

· Registered
Joined
·
1,383 Posts
#4 ·
I assume they are all connected via the same router? Have you changed any of the default settings on the router?

Yes please proceed with rootkitunhooker. Thanks
 
Save Share
K

· Registered
Joined
·
5 Posts
Discussion Starter · #5 ·
I am on a different computer right now with the same problem, on the same network (yes they are connected to the same router.) However, when i tried to run the rootkitu is gave me an error message: "Error loading driver NTSATUS code: 0xC000036B
 
K

· Registered
Joined
·
5 Posts
Discussion Starter · #7 ·
Ok, i still had the error when i disabled the internet and virus protection but i went back to the original computer (which my brother rebooted) and it worked. here is the log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8DC16000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5230592 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82840000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82840000 PnpManager 4259840 bytes
0x82840000 RAW 4259840 bytes
0x82840000 WMIxWDM 4259840 bytes
0x91018000 C:\Windows\system32\DRIVERS\LV302V32.SYS 2564096 bytes (Logitech Inc., Logitech QuickCam Driver)
0x82310000 Win32k 2400256 bytes
0x82310000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C012000 C:\Windows\system32\DRIVERS\LVMVDrv.sys 1949696 bytes (Logitech Inc., Logitech Machine Vision Engine Loader)
0x88A1E000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8862A000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8E113000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88801000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x82EF8000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x93613000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x912DB000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82E25000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8843C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x93782000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8BC0B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88797000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8D669000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x93731000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x90AB6000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x936E2000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BD01000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8857D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x884BB000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90A56000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82EB6000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D766000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88BA1000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x888B8000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x913AE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8BCC8000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82809000 ACPI_HAL 225280 bytes
0x82809000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82FA3000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90A14000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88948000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8D6C3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88B67000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90B06000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8891B000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88759000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88514000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8897A000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x888F6000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x88400000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9138B000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8BDDE000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x936B4000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8BC95000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82E00000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x889C4000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E1CA000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D6FC000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x825A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x90B92000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x90BAD000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D729000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9128A000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x91360000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90B35000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8BC6F000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8BD64000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8BD4C000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8BDBB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D7C7000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D7DF000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D600000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D647000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x90B79000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x90B63000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x885DD000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x912A4000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x88784000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x912C8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D743000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BDA9000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8BCB6000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x91379000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88A00000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91000000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x82FD7000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90A9A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88549000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x82E9D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x912B8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88BE8000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8D756000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8856D000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8DC00000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8BC87000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8D71B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D639000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x885CF000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88600000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x90A48000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x884AD000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8BD9C000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x937EC000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8BD7C000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BD89000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x936D5000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88617000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8D7BB000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x889F1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88562000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x93600000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x90B58000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x82FE8000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8BDD3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D65E000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E1E9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8853E000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x90B4E000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D7B1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D7A7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8BC00000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x936AA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E1F4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x88423000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x885F3000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x913F0000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8860E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C1EE000 C:\Windows\system32\DRIVERS\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0x8C1F7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82570000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88B98000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88503000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82EAE000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8855A000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x88BF8000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC1000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8850C000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x887F4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8842C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88434000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88BE0000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x889EA000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x885C8000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x889E3000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x913E9000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8D6F5000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8BD96000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9360B000 C:\Windows\system32\drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x8DC0F000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0x8E1FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90B90000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
 
sjpritch25

· Registered
Joined
·
1,383 Posts
#8 ·
Download TDSSKiller and extract TDSSKiller.exe to your desktop.
  • Double-Click on TDSSKiller.exe to run the tool.
  • Click on Start Scan.
  • When a rootkit is detected, click on Continue.
  • Click on Reboot to complete disinfection.
    Once complete, a log will be produced on your root drive (typically C:\).

For Example C:\TDSSKiller.2.3.0.0_24.05.2010_15.31.43_log.txt
 
Save Share
K

· Registered
Joined
·
5 Posts
Discussion Starter · #9 ·
Ok i tried the TDSSkiller on 2 of the infected computers. Found nothing. But heres a report from oneof the computers.

2010/08/07 15:55:02.0587 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/07 15:55:02.0587 ================================================================================
2010/08/07 15:55:02.0587 SystemInfo:
2010/08/07 15:55:02.0587
2010/08/07 15:55:02.0587 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/07 15:55:02.0587 Product type: Workstation
2010/08/07 15:55:02.0587 ComputerName: SYED-VAIO
2010/08/07 15:55:02.0587 UserName: Syed
2010/08/07 15:55:02.0587 Windows directory: C:\Windows
2010/08/07 15:55:02.0587 System windows directory: C:\Windows
2010/08/07 15:55:02.0587 Running under WOW64
2010/08/07 15:55:02.0587 Processor architecture: Intel x64
2010/08/07 15:55:02.0587 Number of processors: 2
2010/08/07 15:55:02.0587 Page size: 0x1000
2010/08/07 15:55:02.0587 Boot type: Normal boot
2010/08/07 15:55:02.0587 ================================================================================
2010/08/07 15:55:02.0587 Utility is running under WOW64, functionality is limited.
2010/08/07 15:55:03.0944 Initialize success
2010/08/07 15:55:05.0660 ================================================================================
2010/08/07 15:55:05.0660 Scan started
2010/08/07 15:55:05.0660 Mode: Manual;
2010/08/07 15:55:05.0660 ================================================================================
2010/08/07 15:55:06.0425 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2010/08/07 15:55:06.0674 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2010/08/07 15:55:06.0815 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2010/08/07 15:55:07.0017 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2010/08/07 15:55:07.0189 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2010/08/07 15:55:07.0361 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2010/08/07 15:55:07.0610 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/08/07 15:55:07.0782 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2010/08/07 15:55:07.0985 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2010/08/07 15:55:08.0203 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2010/08/07 15:55:08.0343 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2010/08/07 15:55:08.0640 amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/08/07 15:55:08.0952 amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/08/07 15:55:09.0108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2010/08/07 15:55:09.0264 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
2010/08/07 15:55:09.0404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2010/08/07 15:55:09.0560 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
2010/08/07 15:55:09.0779 ApfiltrService (c68a7c2d498034cf3eb3bf331fdb0553) C:\Windows\system32\drivers\Apfiltr.sys
2010/08/07 15:55:09.0950 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/08/07 15:55:10.0184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2010/08/07 15:55:10.0371 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2010/08/07 15:55:10.0527 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/07 15:55:10.0699 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2010/08/07 15:55:10.0917 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
2010/08/07 15:55:11.0136 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
2010/08/07 15:55:11.0510 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2010/08/07 15:55:11.0682 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/07 15:55:11.0900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/08/07 15:55:12.0212 BHDrvx64 (fcc22e6c949eaa745cb00ff0e7339c53) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx64.sys
2010/08/07 15:55:12.0431 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2010/08/07 15:55:12.0571 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/07 15:55:12.0727 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2010/08/07 15:55:12.0899 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2010/08/07 15:55:13.0101 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/08/07 15:55:13.0289 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/07 15:55:13.0476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/07 15:55:13.0632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/07 15:55:13.0788 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/07 15:55:13.0959 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2010/08/07 15:55:14.0115 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/07 15:55:14.0287 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2010/08/07 15:55:14.0505 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/07 15:55:14.0677 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
2010/08/07 15:55:14.0864 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys
2010/08/07 15:55:15.0067 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
2010/08/07 15:55:15.0239 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/07 15:55:15.0410 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/07 15:55:15.0597 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2010/08/07 15:55:15.0753 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/08/07 15:55:16.0003 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2010/08/07 15:55:16.0065 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2010/08/07 15:55:16.0159 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/08/07 15:55:16.0299 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2010/08/07 15:55:16.0658 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2010/08/07 15:55:16.0830 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2010/08/07 15:55:17.0111 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/08/07 15:55:17.0282 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/08/07 15:55:17.0438 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2010/08/07 15:55:17.0719 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/08/07 15:55:17.0813 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/07 15:55:18.0062 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2010/08/07 15:55:18.0327 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/08/07 15:55:18.0593 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2010/08/07 15:55:18.0764 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/07 15:55:18.0905 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2010/08/07 15:55:19.0170 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/08/07 15:55:19.0357 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/08/07 15:55:19.0575 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2010/08/07 15:55:19.0809 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/08/07 15:55:19.0997 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/08/07 15:55:20.0153 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2010/08/07 15:55:20.0324 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/08/07 15:55:20.0527 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/08/07 15:55:20.0714 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/07 15:55:20.0917 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/07 15:55:21.0073 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/07 15:55:21.0354 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/07 15:55:21.0525 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/08/07 15:55:21.0728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2010/08/07 15:55:21.0837 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2010/08/07 15:55:21.0993 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2010/08/07 15:55:22.0149 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2010/08/07 15:55:22.0321 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/07 15:55:22.0493 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2010/08/07 15:55:22.0680 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/08/07 15:55:22.0867 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/07 15:55:22.0943 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2010/08/07 15:55:23.0116 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2010/08/07 15:55:23.0396 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100805.004\IDSvia64.sys
2010/08/07 15:55:23.0568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2010/08/07 15:55:23.0896 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/07 15:55:24.0114 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2010/08/07 15:55:24.0270 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2010/08/07 15:55:24.0457 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/07 15:55:24.0676 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2010/08/07 15:55:24.0863 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/08/07 15:55:25.0019 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/08/07 15:55:25.0222 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2010/08/07 15:55:25.0409 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2010/08/07 15:55:25.0596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2010/08/07 15:55:25.0814 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2010/08/07 15:55:26.0017 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/07 15:55:26.0282 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/07 15:55:26.0470 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/08/07 15:55:26.0688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/07 15:55:26.0891 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/07 15:55:27.0094 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/07 15:55:27.0265 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2010/08/07 15:55:27.0640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/07 15:55:28.0248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/08/07 15:55:28.0435 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2010/08/07 15:55:28.0638 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2010/08/07 15:55:28.0825 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/08/07 15:55:28.0981 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/07 15:55:29.0122 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2010/08/07 15:55:29.0262 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
2010/08/07 15:55:29.0449 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/08/07 15:55:29.0574 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2010/08/07 15:55:29.0668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/07 15:55:29.0839 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/07 15:55:30.0011 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/07 15:55:30.0167 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/07 15:55:30.0323 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/07 15:55:30.0463 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2010/08/07 15:55:30.0635 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2010/08/07 15:55:30.0838 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/08/07 15:55:31.0025 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/07 15:55:31.0181 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2010/08/07 15:55:31.0399 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/07 15:55:31.0555 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/07 15:55:31.0633 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/08/07 15:55:31.0696 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/08/07 15:55:31.0867 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2010/08/07 15:55:32.0086 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/08/07 15:55:32.0164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2010/08/07 15:55:32.0335 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/08/07 15:55:32.0505 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/07 15:55:32.0656 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100807.004\ENG64.SYS
2010/08/07 15:55:32.0874 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100807.004\EX64.SYS
2010/08/07 15:55:33.0139 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/08/07 15:55:33.0311 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/07 15:55:33.0451 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/07 15:55:33.0576 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/07 15:55:33.0716 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/07 15:55:33.0857 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/08/07 15:55:34.0044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/07 15:55:34.0200 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/07 15:55:34.0465 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2010/08/07 15:55:34.0824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/08/07 15:55:35.0058 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/07 15:55:35.0244 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/08/07 15:55:35.0476 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/08/07 15:55:35.0664 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2010/08/07 15:55:35.0851 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2010/08/07 15:55:36.0038 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2010/08/07 15:55:36.0288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2010/08/07 15:55:36.0506 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2010/08/07 15:55:36.0600 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/08/07 15:55:37.0036 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2010/08/07 15:55:37.0177 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2010/08/07 15:55:37.0348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2010/08/07 15:55:37.0520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/08/07 15:55:37.0676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/08/07 15:55:38.0550 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/07 15:55:38.0690 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2010/08/07 15:55:38.0908 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/07 15:55:39.0033 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/08/07 15:55:39.0252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2010/08/07 15:55:39.0470 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2010/08/07 15:55:39.0642 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/07 15:55:39.0798 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/07 15:55:39.0938 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/07 15:55:40.0125 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/07 15:55:40.0312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/07 15:55:40.0437 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/07 15:55:40.0593 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/07 15:55:40.0749 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2010/08/07 15:55:40.0905 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/07 15:55:41.0077 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/07 15:55:41.0248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/07 15:55:41.0404 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/08/07 15:55:41.0576 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/08/07 15:55:41.0810 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/07 15:55:42.0075 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/07 15:55:42.0247 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys
2010/08/07 15:55:42.0387 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2010/08/07 15:55:42.0543 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/08/07 15:55:42.0808 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2010/08/07 15:55:42.0996 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/07 15:55:43.0245 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/07 15:55:44.0072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2010/08/07 15:55:44.0275 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2010/08/07 15:55:44.0446 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2010/08/07 15:55:44.0743 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
2010/08/07 15:55:44.0868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/07 15:55:45.0039 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/07 15:55:45.0211 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/07 15:55:45.0367 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2010/08/07 15:55:45.0601 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2010/08/07 15:55:45.0788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2010/08/07 15:55:45.0944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/08/07 15:55:46.0256 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/08/07 15:55:46.0646 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
2010/08/07 15:55:46.0880 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
2010/08/07 15:55:47.0036 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
2010/08/07 15:55:47.0208 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/07 15:55:47.0379 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/07 15:55:47.0598 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2010/08/07 15:55:47.0785 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2010/08/07 15:55:48.0034 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
2010/08/07 15:55:48.0253 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
2010/08/07 15:55:48.0471 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/08/07 15:55:48.0643 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
2010/08/07 15:55:48.0861 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
2010/08/07 15:55:49.0251 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2010/08/07 15:55:49.0516 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/07 15:55:49.0719 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/07 15:55:49.0906 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/08/07 15:55:50.0047 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/08/07 15:55:50.0203 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/07 15:55:50.0374 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2010/08/07 15:55:50.0702 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/07 15:55:50.0874 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/07 15:55:50.0967 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2010/08/07 15:55:51.0108 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/07 15:55:51.0404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/07 15:55:51.0576 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/07 15:55:51.0732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2010/08/07 15:55:51.0934 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/08/07 15:55:52.0106 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/07 15:55:52.0215 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2010/08/07 15:55:52.0309 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2010/08/07 15:55:52.0449 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
2010/08/07 15:55:52.0636 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2010/08/07 15:55:52.0761 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2010/08/07 15:55:52.0948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2010/08/07 15:55:53.0073 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/07 15:55:53.0167 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2010/08/07 15:55:53.0307 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/07 15:55:53.0713 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2010/08/07 15:55:53.0916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/07 15:55:54.0087 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/08/07 15:55:54.0243 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2010/08/07 15:55:54.0415 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2010/08/07 15:55:54.0571 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2010/08/07 15:55:54.0742 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/08/07 15:55:54.0898 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2010/08/07 15:55:55.0086 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2010/08/07 15:55:55.0335 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/07 15:55:55.0507 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/07 15:55:55.0725 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2010/08/07 15:55:55.0897 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/07 15:55:55.0959 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/07 15:55:56.0256 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2010/08/07 15:55:56.0365 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/07 15:55:56.0755 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/07 15:55:56.0880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/08/07 15:55:57.0207 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/07 15:55:57.0519 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/07 15:55:57.0769 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/08/07 15:55:57.0909 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/07 15:55:58.0081 ================================================================================
2010/08/07 15:55:58.0081 Scan finished
2010/08/07 15:55:58.0081 ================================================================================
 
sjpritch25

· Registered
Joined
·
1,383 Posts
#10 ·
I didn't realize you had two infected computers. One seems to be 64bit and the other is 32bit.


This program can be run on both, but please label each log. That way i know which is which. Thanks


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs.
  • Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • In your next reply, please include the log from MBRChecker.
Thanks
 
Save Share
1 - 10 of 10 Posts
Status
Not open for further replies.
About this Discussion
9 Replies
2 Participants
Last post:
sjpritch25
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top