Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems after virus removal

Started by 18928 , Jun 04 2011 08:33 PM

This topic is locked

#61
Render

Posted 15 June 2011 - 01:39 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please do these two steps:

Step 1

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2

Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

When completed the above, please post back the following in the order asked for:

aswMBR log

#62
18928

Posted 15 June 2011 - 01:59 PM

Member

Topic Starter
Member
41 posts

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-15 15:57:49
-----------------------------
15:57:49.577 OS Version: Windows 6.1.7600
15:57:49.578 Number of processors: 4 586 0x2502
15:57:49.579 ComputerName: ASTA-PC UserName: asta
15:57:50.850 Initialize success
15:58:18.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:58:18.153 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 8
15:58:18.158 Disk 0 MBR read error 0
15:58:18.162 Disk 0 MBR scan
15:58:18.166 Disk 0 unknown MBR code
15:58:18.170 MBR BIOS signature not found 0
15:58:18.176 Disk 0 scanning sectors +488394752
15:58:18.182 Disk 0 scanning C:\Windows\system32\drivers
15:58:23.401 Service scanning
15:58:26.435 Disk 0 trace - called modules:
15:58:26.443 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys >>UNKNOWN [0x889726f0]<<
15:58:26.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x889522c8]
15:58:26.461 3 CLASSPNP.SYS[83ba859e] -> nt!IofCallDriver -> [0x88952980]
15:58:26.469 5 stdfltn.sys[8c79770c] -> nt!IofCallDriver -> \IAAStorageDevice-1[0x86f00028]
15:58:26.493 \Driver\iaStor[0x86e47030] -> IRP_MJ_CREATE -> 0x889726f0
15:58:26.511 Scan finished successfully
15:58:35.750 Disk 0 MBR has been saved successfully to "C:\Users\asta\Desktop\MBR.dat"
15:58:35.756 The log file has been saved successfully to "C:\Users\asta\Desktop\aswMBR.txt"

#63
Render

Posted 15 June 2011 - 02:10 PM

Trusted Helper

Malware Removal
4,195 posts

Please run aswMBR once again and tell me what options (buttons) are available after the scan?

#64
Render

Posted 15 June 2011 - 02:14 PM

Trusted Helper

Malware Removal
4,195 posts

Actually there is a new version of the aswMBR. So please delete your copy of it from your desktop and do this:

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

#65
18928

Posted 15 June 2011 - 04:54 PM

Member

Topic Starter
Member
41 posts

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 18:49:44
-----------------------------
18:49:44.412 OS Version: Windows 6.1.7600
18:49:44.412 Number of processors: 4 586 0x2502
18:49:44.415 ComputerName: ASTA-PC UserName: asta
18:49:46.129 Initialize success
18:50:12.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:50:12.293 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 8
18:50:12.297 Disk 0 MBR read error 0
18:50:12.302 Disk 0 MBR scan
18:50:12.306 Disk 0 unknown MBR code
18:50:12.311 MBR BIOS signature not found 0
18:50:12.317 Disk 0 scanning sectors +488394752
18:50:12.321 Disk 0 scanning C:\Windows\system32\drivers
18:50:16.977 Service scanning
18:50:18.411 Disk 0 trace - called modules:
18:50:18.420 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys >>UNKNOWN [0x889726f0]<<
18:50:18.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x889522c8]
18:50:18.434 3 CLASSPNP.SYS[83ba859e] -> nt!IofCallDriver -> [0x88952980]
18:50:18.441 5 stdfltn.sys[8c79770c] -> nt!IofCallDriver -> \IAAStorageDevice-1[0x86f00028]
18:50:18.452 \Driver\iaStor[0x86e47030] -> IRP_MJ_CREATE -> 0x889726f0
18:50:18.461 Scan finished successfully
18:50:46.613 Disk 0 MBR has been saved successfully to "C:\Users\asta\Desktop\MBR.dat"
18:50:46.619 The log file has been saved successfully to "C:\Users\asta\Desktop\aswMBR2.txt"

#66
Render

Posted 15 June 2011 - 05:16 PM

Trusted Helper

Malware Removal
4,195 posts

Please delete your copy of TDSSKiller if present then download and run it again:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#67
18928

Posted 15 June 2011 - 05:47 PM

Member

Topic Starter
Member
41 posts

2011/06/15 19:40:16.0531 5752 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 19:40:17.0015 5752 ================================================================================
2011/06/15 19:40:17.0015 5752 SystemInfo:
2011/06/15 19:40:17.0015 5752
2011/06/15 19:40:17.0015 5752 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/15 19:40:17.0015 5752 Product type: Workstation
2011/06/15 19:40:17.0015 5752 ComputerName: ASTA-PC
2011/06/15 19:40:17.0015 5752 UserName: asta
2011/06/15 19:40:17.0015 5752 Windows directory: C:\Windows
2011/06/15 19:40:17.0015 5752 System windows directory: C:\Windows
2011/06/15 19:40:17.0015 5752 Processor architecture: Intel x86
2011/06/15 19:40:17.0015 5752 Number of processors: 4
2011/06/15 19:40:17.0016 5752 Page size: 0x1000
2011/06/15 19:40:17.0016 5752 Boot type: Normal boot
2011/06/15 19:40:17.0016 5752 ================================================================================
2011/06/15 19:40:17.0459 5752 Initialize success
2011/06/15 19:40:20.0134 3688 ================================================================================
2011/06/15 19:40:20.0134 3688 Scan started
2011/06/15 19:40:20.0134 3688 Mode: Manual;
2011/06/15 19:40:20.0134 3688 ================================================================================
2011/06/15 19:40:20.0536 3688 08965451 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\08965451.sys
2011/06/15 19:40:20.0605 3688 08965452 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\08965452.sys
2011/06/15 19:40:20.0700 3688 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/15 19:40:20.0773 3688 83872931 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\83872931.sys
2011/06/15 19:40:20.0820 3688 83872932 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\83872932.sys
2011/06/15 19:40:20.0875 3688 86781391 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\86781391.sys
2011/06/15 19:40:20.0941 3688 86781392 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\86781392.sys
2011/06/15 19:40:21.0011 3688 86824071 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\86824071.sys
2011/06/15 19:40:21.0056 3688 86824072 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\86824072.sys
2011/06/15 19:40:21.0123 3688 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
2011/06/15 19:40:21.0182 3688 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/15 19:40:21.0221 3688 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/15 19:40:21.0250 3688 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/15 19:40:21.0297 3688 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/15 19:40:21.0329 3688 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/15 19:40:21.0404 3688 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/15 19:40:21.0424 3688 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/15 19:40:21.0490 3688 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/15 19:40:21.0542 3688 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/15 19:40:21.0577 3688 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/15 19:40:21.0603 3688 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/15 19:40:21.0629 3688 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/15 19:40:21.0646 3688 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/15 19:40:21.0717 3688 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/15 19:40:21.0776 3688 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/15 19:40:21.0809 3688 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/15 19:40:21.0862 3688 ApfiltrService (83299c470907b54bb861b7ad55011871) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/15 19:40:21.0885 3688 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/15 19:40:21.0945 3688 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/15 19:40:21.0985 3688 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/15 19:40:22.0019 3688 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 19:40:22.0081 3688 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/15 19:40:22.0149 3688 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/15 19:40:22.0192 3688 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/15 19:40:22.0235 3688 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
2011/06/15 19:40:22.0331 3688 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/15 19:40:22.0396 3688 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/15 19:40:22.0443 3688 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/15 19:40:22.0518 3688 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 19:40:22.0556 3688 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/15 19:40:22.0576 3688 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/15 19:40:22.0614 3688 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/15 19:40:22.0634 3688 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/15 19:40:22.0650 3688 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/15 19:40:22.0667 3688 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/15 19:40:22.0690 3688 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/15 19:40:22.0815 3688 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 19:40:22.0841 3688 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 19:40:22.0867 3688 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/15 19:40:22.0902 3688 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/15 19:40:22.0970 3688 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/15 19:40:23.0000 3688 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/15 19:40:23.0031 3688 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/15 19:40:23.0057 3688 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/15 19:40:23.0081 3688 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/15 19:40:23.0119 3688 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/15 19:40:23.0173 3688 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/15 19:40:23.0228 3688 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
2011/06/15 19:40:23.0272 3688 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/06/15 19:40:23.0316 3688 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
2011/06/15 19:40:23.0388 3688 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 19:40:23.0438 3688 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/15 19:40:23.0454 3688 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/15 19:40:23.0509 3688 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 19:40:23.0598 3688 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 19:40:23.0654 3688 e1kexpress (a13f07a0422e4a04e7ff6f6f3b05e729) C:\Windows\system32\DRIVERS\e1k6232.sys
2011/06/15 19:40:23.0745 3688 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/15 19:40:23.0848 3688 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/15 19:40:23.0868 3688 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/15 19:40:23.0904 3688 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/15 19:40:23.0934 3688 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 19:40:23.0988 3688 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 19:40:24.0063 3688 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 19:40:24.0111 3688 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 19:40:24.0134 3688 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 19:40:24.0169 3688 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 19:40:24.0221 3688 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/15 19:40:24.0246 3688 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 19:40:24.0301 3688 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/15 19:40:24.0334 3688 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/15 19:40:24.0383 3688 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/15 19:40:24.0456 3688 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/15 19:40:24.0494 3688 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 19:40:24.0539 3688 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
2011/06/15 19:40:24.0574 3688 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/15 19:40:24.0602 3688 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/15 19:40:24.0628 3688 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/15 19:40:24.0653 3688 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 19:40:24.0688 3688 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/15 19:40:24.0751 3688 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/15 19:40:24.0822 3688 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/15 19:40:24.0880 3688 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 19:40:24.0924 3688 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/15 19:40:24.0992 3688 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 19:40:25.0038 3688 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/15 19:40:25.0114 3688 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/15 19:40:25.0181 3688 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/15 19:40:25.0227 3688 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
2011/06/15 19:40:25.0270 3688 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/15 19:40:25.0296 3688 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 19:40:25.0323 3688 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/15 19:40:25.0340 3688 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/15 19:40:25.0387 3688 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/15 19:40:25.0417 3688 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/15 19:40:25.0464 3688 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 19:40:25.0529 3688 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 19:40:25.0569 3688 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 19:40:25.0626 3688 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 19:40:25.0682 3688 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/15 19:40:25.0737 3688 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 19:40:25.0782 3688 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/15 19:40:25.0809 3688 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/15 19:40:25.0827 3688 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/15 19:40:25.0854 3688 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/15 19:40:25.0878 3688 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/15 19:40:25.0966 3688 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/15 19:40:25.0996 3688 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/15 19:40:26.0026 3688 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/15 19:40:26.0055 3688 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/15 19:40:26.0080 3688 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 19:40:26.0107 3688 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 19:40:26.0135 3688 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 19:40:26.0169 3688 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 19:40:26.0199 3688 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/15 19:40:26.0224 3688 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 19:40:26.0340 3688 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/06/15 19:40:26.0445 3688 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/06/15 19:40:26.0478 3688 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 19:40:26.0554 3688 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 19:40:26.0588 3688 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 19:40:26.0613 3688 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 19:40:26.0668 3688 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/15 19:40:26.0705 3688 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/15 19:40:26.0754 3688 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 19:40:26.0792 3688 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/15 19:40:26.0830 3688 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/15 19:40:26.0864 3688 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 19:40:26.0892 3688 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 19:40:26.0918 3688 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 19:40:26.0947 3688 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 19:40:26.0969 3688 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 19:40:26.0991 3688 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 19:40:27.0008 3688 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/15 19:40:27.0037 3688 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/15 19:40:27.0066 3688 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\Windows\system32\Drivers\iqvw32.sys
2011/06/15 19:40:27.0134 3688 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 19:40:27.0175 3688 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/15 19:40:27.0205 3688 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/15 19:40:27.0246 3688 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 19:40:27.0273 3688 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 19:40:27.0300 3688 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 19:40:27.0323 3688 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 19:40:27.0367 3688 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 19:40:27.0416 3688 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 19:40:27.0465 3688 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/15 19:40:27.0514 3688 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 19:40:27.0540 3688 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 19:40:27.0639 3688 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 19:40:27.0708 3688 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/15 19:40:27.0750 3688 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\Windows\system32\drivers\nvhda32v.sys
2011/06/15 19:40:27.0938 3688 nvlddmkm (cb6e5b5a946c6a4fca80978080add429) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/15 19:40:28.0033 3688 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 19:40:28.0088 3688 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 19:40:28.0139 3688 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/15 19:40:28.0175 3688 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 19:40:28.0278 3688 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/15 19:40:28.0305 3688 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 19:40:28.0345 3688 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/15 19:40:28.0386 3688 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/06/15 19:40:28.0435 3688 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/15 19:40:28.0467 3688 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/15 19:40:28.0495 3688 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/15 19:40:28.0551 3688 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/15 19:40:28.0605 3688 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/15 19:40:28.0744 3688 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 19:40:28.0790 3688 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/15 19:40:28.0849 3688 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 19:40:28.0916 3688 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/15 19:40:28.0968 3688 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/15 19:40:29.0020 3688 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/15 19:40:29.0119 3688 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 19:40:29.0141 3688 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 19:40:29.0185 3688 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/15 19:40:29.0222 3688 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 19:40:29.0251 3688 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 19:40:29.0278 3688 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/15 19:40:29.0315 3688 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 19:40:29.0339 3688 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/15 19:40:29.0363 3688 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 19:40:29.0406 3688 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 19:40:29.0437 3688 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 19:40:29.0473 3688 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/15 19:40:29.0508 3688 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 19:40:29.0572 3688 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/15 19:40:29.0627 3688 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
2011/06/15 19:40:29.0671 3688 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys
2011/06/15 19:40:29.0706 3688 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
2011/06/15 19:40:29.0767 3688 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 19:40:29.0806 3688 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/15 19:40:29.0927 3688 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/15 19:40:30.0000 3688 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
2011/06/15 19:40:30.0035 3688 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/15 19:40:30.0072 3688 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 19:40:30.0111 3688 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/15 19:40:30.0135 3688 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/15 19:40:30.0152 3688 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/15 19:40:30.0227 3688 setup_9.0.0.722_06.06.2011_01-08[1]drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\8678139.sys
2011/06/15 19:40:30.0291 3688 setup_9.0.0.722_12.06.2011_17-12drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\0896545.sys
2011/06/15 19:40:30.0314 3688 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/15 19:40:30.0335 3688 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/15 19:40:30.0353 3688 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/15 19:40:30.0371 3688 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/15 19:40:30.0396 3688 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/15 19:40:30.0413 3688 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/15 19:40:30.0440 3688 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/15 19:40:30.0457 3688 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 19:40:30.0507 3688 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/15 19:40:30.0572 3688 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 19:40:30.0653 3688 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 19:40:30.0699 3688 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 19:40:30.0759 3688 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys
2011/06/15 19:40:30.0786 3688 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/15 19:40:30.0830 3688 STHDA (2b50cfed920d4cd973adbaaad3fe704f) C:\Windows\system32\DRIVERS\stwrt.sys
2011/06/15 19:40:30.0912 3688 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/15 19:40:30.0956 3688 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/15 19:40:30.0988 3688 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 19:40:31.0076 3688 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 19:40:31.0130 3688 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 19:40:31.0158 3688 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 19:40:31.0209 3688 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 19:40:31.0226 3688 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 19:40:31.0264 3688 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 19:40:31.0286 3688 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 19:40:31.0350 3688 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 19:40:31.0371 3688 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 19:40:31.0397 3688 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/15 19:40:31.0436 3688 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 19:40:31.0489 3688 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/15 19:40:31.0542 3688 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 19:40:31.0587 3688 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/15 19:40:31.0691 3688 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/15 19:40:31.0750 3688 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 19:40:31.0796 3688 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/15 19:40:31.0837 3688 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
2011/06/15 19:40:31.0903 3688 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 19:40:31.0956 3688 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
2011/06/15 19:40:31.0988 3688 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 19:40:32.0033 3688 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 19:40:32.0082 3688 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
2011/06/15 19:40:32.0122 3688 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/15 19:40:32.0172 3688 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/15 19:40:32.0224 3688 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 19:40:32.0248 3688 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/15 19:40:32.0285 3688 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/15 19:40:32.0305 3688 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/15 19:40:32.0331 3688 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/15 19:40:32.0369 3688 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/15 19:40:32.0415 3688 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/15 19:40:32.0447 3688 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/15 19:40:32.0475 3688 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/15 19:40:32.0506 3688 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 19:40:32.0561 3688 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/15 19:40:32.0601 3688 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/15 19:40:32.0630 3688 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/15 19:40:32.0666 3688 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/15 19:40:32.0692 3688 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/15 19:40:32.0725 3688 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/15 19:40:32.0753 3688 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 19:40:32.0764 3688 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 19:40:32.0809 3688 WavxDMgr (b5a4dc2aa19f0d4594f7897e87a10d21) C:\Windows\system32\DRIVERS\WavxDMgr.sys
2011/06/15 19:40:32.0859 3688 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/15 19:40:32.0888 3688 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 19:40:32.0937 3688 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/15 19:40:32.0963 3688 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/15 19:40:33.0024 3688 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/15 19:40:33.0130 3688 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/15 19:40:33.0171 3688 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/15 19:40:33.0213 3688 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 19:40:33.0279 3688 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
2011/06/15 19:40:33.0315 3688 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 19:40:33.0357 3688 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/06/15 19:40:33.0407 3688 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/15 19:40:33.0411 3688 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/15 19:40:33.0414 3688 ================================================================================
2011/06/15 19:40:33.0415 3688 Scan finished
2011/06/15 19:40:33.0415 3688 ================================================================================
2011/06/15 19:40:33.0423 4896 Detected object count: 1
2011/06/15 19:40:33.0423 4896 Actual detected object count: 1
2011/06/15 19:41:48.0644 4896 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/15 19:41:48.0645 4896 \Device\Harddisk0\DR0 - ok
2011/06/15 19:41:48.0651 4896 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/15 19:42:35.0258 5788 Deinitialize success

#68
Render

Posted 15 June 2011 - 05:59 PM

Trusted Helper

Malware Removal
4,195 posts

Please follow the steps below:

Step 1

Please re-run aswMBR.exe.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Delete your copy of OTL.exe on your desktop.

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

aswMBR log
OTL scan log

#69
18928

Posted 15 June 2011 - 06:45 PM

Member

Topic Starter
Member
41 posts

Hi Render, step 1

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 20:03:06
-----------------------------
20:03:06.806 OS Version: Windows 6.1.7600
20:03:06.806 Number of processors: 4 586 0x2502
20:03:06.808 ComputerName: ASTA-PC UserName: asta
20:03:08.081 Initialize success
20:03:10.398 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:10.402 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 8
20:03:10.419 Disk 0 MBR read successfully
20:03:10.424 Disk 0 MBR scan
20:03:10.429 Disk 0 Windows 7 default MBR code
20:03:10.436 Disk 0 scanning sectors +488394752
20:03:10.474 Disk 0 scanning C:\Windows\system32\drivers
20:03:15.419 Service scanning
20:03:16.822 Disk 0 trace - called modules:
20:03:16.837 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys iaStor.sys halmacpi.dll
20:03:16.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88552550]
20:03:16.852 3 CLASSPNP.SYS[8c1b959e] -> nt!IofCallDriver -> [0x88552af0]
20:03:16.860 5 stdfltn.sys[8c60170c] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86aae028]
20:03:16.867 Scan finished successfully
20:03:28.865 Disk 0 MBR has been saved successfully to "C:\Users\asta\Desktop\MBR.dat"
20:03:28.869 The log file has been saved successfully to "C:\Users\asta\Desktop\aswMBR.txt"

Step 2 : I reinstalled OTL, but it's the same thing. Not responding on XAudio

#70
Render

Posted 15 June 2011 - 06:50 PM

Trusted Helper

Malware Removal
4,195 posts

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt.

#71
18928

Posted 15 June 2011 - 07:00 PM

Member

Topic Starter
Member
41 posts

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by asta at 20:55:53 on 2011-06-15
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3318.2307 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
C:\ProgramData\QuestScan\questscan137.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\QuestScan\questscan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\config\systemprofile\AppData\Local\leq.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Content Filter\mfp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\asta\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [ICF] c:\program files\internet content filter\mfp.exe -noact
mRun: [Online Backup Auto Update] "c:\program files\verizon\online backup & sharing\auto update\OnlineBackup.UpdateSystemTray.exe"
mRun: [Vault Explorer Cache Watcher] c:\program files\verizon\online backup & sharing\vewatch.exe
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [cleanddm] c:\windows\system32\config\systemprofile\appdata\local\cleanddm.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [1556424587] c:\windows\system32\config\systemprofile\appdata\local\leq.exe
StartupFolder: c:\users\asta\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\asta\desktop\virus removal tool3\setup_9.0.0.722_12.06.2011_17-12\startup.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\icf.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{647D569B-701C-4236-83CD-020732119A8C} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{647D569B-701C-4236-83CD-020732119A8C}\0484F6D65644237303 : DhcpNameServer = 192.168.1.1 71.252.0.12 0.0.0.0
TCP: Interfaces\{647D569B-701C-4236-83CD-020732119A8C}\3647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{647D569B-701C-4236-83CD-020732119A8C}\C696E6B6379737 : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: tropeln - c:\windows\system32\config\systemprofile\appdata\local\tropeln.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\asta\appdata\roaming\mozilla\firefox\profiles\jdd79h3g.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\asta\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\asta\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\asta\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files\mozilla firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 08965452;08965452 Boot Guard Driver;c:\windows\system32\drivers\08965452.sys [2011-6-12 37392]
R0 83872932;83872932 Boot Guard Driver;c:\windows\system32\drivers\83872932.sys [2011-6-12 37392]
R0 86781392;86781392 Boot Guard Driver;c:\windows\system32\drivers\86781392.sys [2011-6-5 37392]
R0 86824072;86824072 Boot Guard Driver;c:\windows\system32\drivers\86824072.sys [2011-6-12 37392]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-6-25 17072]
R1 08965451;08965451;c:\windows\system32\drivers\08965451.sys [2011-6-12 128016]
R1 83872931;83872931;c:\windows\system32\drivers\83872931.sys [2011-6-12 128016]
R1 86781391;86781391;c:\windows\system32\drivers\86781391.sys [2011-6-5 128016]
R1 86824071;86824071;c:\windows\system32\drivers\86824071.sys [2011-6-12 128016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-6-6 98392]
R1 setup_9.0.0.722_06.06.2011_01-08[1]drv;setup_9.0.0.722_06.06.2011_01-08[1]drv;c:\windows\system32\drivers\8678139.sys [2011-6-5 311312]
R1 setup_9.0.0.722_12.06.2011_17-12drv;setup_9.0.0.722_12.06.2011_17-12drv;c:\windows\system32\drivers\0896545.sys [2011-6-12 311312]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-6-25 81920]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R2 FilesystemWatcher;Filesystem Watcher;c:\program files\verizon\online backup & sharing\filesystem watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-2-2 24576]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\internet content filter\UpdateService.exe [2010-8-25 228352]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-6-25 13336]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-6-25 60928]
R2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\verizon\online backup & sharing\scheduler\OnlineBackup.SchedulerService.exe [2010-2-10 20480]
R2 QuestScan Service;QuestScan Service;c:\programdata\questscan\questscan137.exe [2011-6-14 40960]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-25 59904]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-2-13 689464]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-25 42672]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-6-25 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-25 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-6-25 68200]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-9 136176]
S2 McShield;McAfee Real-time Scanner; [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-6-25 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-25 143968]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-9 136176]
S3 McSysmon;McAfee SystemGuards; [x]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-25 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-25 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-14 1343400]
.
=============== File Associations ===============
.
exefile="c:\windows\system32\config\systemprofile\appdata\local\leq.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-06-14 23:05:36 -------- dc----w- c:\program files\iPod
2011-06-14 23:05:35 -------- dc----w- c:\program files\iTunes
2011-06-14 23:03:29 -------- dc----w- c:\program files\Bonjour
2011-06-14 22:41:18 -------- d-----w- c:\users\asta\appdata\roaming\DiskAid
2011-06-14 22:41:15 -------- dc----w- c:\program files\DigiDNA
2011-06-14 19:29:26 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-14 17:26:21 -------- dc----w- c:\program files\iPhoneBrowser
2011-06-14 03:53:25 -------- dc----w- c:\program files\Blinkx
2011-06-14 03:53:22 83248 -c--a-w- c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
2011-06-14 03:53:22 -------- dc----w- c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-06-14 03:53:21 -------- dc----w- c:\programdata\HBLiteSA
2011-06-14 03:53:21 -------- dc----w- c:\program files\HBLite
2011-06-14 03:53:21 -------- d-----w- c:\users\asta\appdata\roaming\HBLite
2011-06-14 03:53:15 -------- dc----w- c:\programdata\QuestScan
2011-06-14 03:53:15 -------- dc----w- c:\program files\QuestScan
2011-06-14 03:53:12 -------- dc----w- c:\program files\ShoppingReport2
2011-06-14 01:22:54 668160 ----a-w- c:\windows\system32\autochk.exe
2011-06-13 22:41:44 668160 ----a-w- c:\windows\system32\autochk.exe.exe
2011-06-12 22:57:31 -------- dcs---w- C:\Combo-Fix
2011-06-12 22:08:35 98816 ----a-w- c:\windows\sed.exe
2011-06-12 22:08:35 518144 ----a-w- c:\windows\SWREG.exe
2011-06-12 22:08:35 256512 ----a-w- c:\windows\PEV.exe
2011-06-12 22:08:35 208896 ----a-w- c:\windows\MBR.exe
2011-06-12 22:08:28 -------- dcs---w- C:\ComboFix
2011-06-12 13:40:59 37392 ----a-w- c:\windows\system32\drivers\08965452.sys
2011-06-12 13:40:59 311312 ----a-w- c:\windows\system32\drivers\0896545.sys
2011-06-12 13:40:59 128016 ----a-w- c:\windows\system32\drivers\08965451.sys
2011-06-12 13:36:09 37392 ----a-w- c:\windows\system32\drivers\86824072.sys
2011-06-12 13:36:09 311312 ----a-w- c:\windows\system32\drivers\8682407.sys
2011-06-12 13:36:09 128016 ----a-w- c:\windows\system32\drivers\86824071.sys
2011-06-12 13:30:24 37392 ----a-w- c:\windows\system32\drivers\83872932.sys
2011-06-12 13:30:24 311312 ----a-w- c:\windows\system32\drivers\8387293.sys
2011-06-12 13:30:24 128016 ----a-w- c:\windows\system32\drivers\83872931.sys
2011-06-11 17:12:37 -------- dc----w- C:\_OTL
2011-06-09 03:11:51 -------- dc----w- c:\programdata\oJ28321DfBpE28321
2011-06-07 16:51:28 66520 -c--a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-06-07 16:51:28 25048 -c--a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-06-07 16:51:28 140248 -c--a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-06-06 23:51:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-06 23:51:34 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-06-06 23:51:29 -------- dc----w- C:\VIPRERESCUE
2011-06-06 19:42:36 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2011-06-06 19:42:36 -------- d-----w- c:\users\asta\appdata\roaming\SUPERAntiSpyware.com
2011-06-06 19:20:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 22:08:46 -------- dc----w- c:\programdata\Kaspersky Lab
2011-06-05 22:08:05 37392 ----a-w- c:\windows\system32\drivers\86781392.sys
2011-06-05 22:08:05 128016 ----a-w- c:\windows\system32\drivers\86781391.sys
2011-06-05 22:08:04 311312 ----a-w- c:\windows\system32\drivers\8678139.sys
2011-06-05 20:29:13 -------- dc-h--w- C:\$AVG
2011-05-31 12:25:37 -------- dc----w- c:\programdata\Skype Extras
2011-05-26 12:44:43 -------- d-----w- c:\users\asta\appdata\roaming\AVG
2011-05-26 12:15:56 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-26 11:46:19 6962000 -c--a-w- c:\programdata\microsoft\windows defender\definition updates\{9486c773-adfc-4a69-8da1-137f78671fed}\mpengine.dll
2011-05-26 00:25:02 -------- d-----w- c:\users\asta\appdata\roaming\Malwarebytes
2011-05-26 00:24:56 -------- dc----w- c:\programdata\Malwarebytes
2011-05-26 00:24:53 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 13:56:25 -------- dc----w- c:\programdata\Common Files
2011-05-25 03:12:44 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 02:35:46 -------- dc----w- c:\users\asta\appdata\local\MigWiz
2011-05-19 11:33:47 123904 ----a-w- c:\windows\system32\poqexec.exe
.
==================== Find3M ====================
.
2011-06-16 00:32:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-15 23:43:31 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-15 12:18:37 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 03:07:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06:47 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06:39 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06:37 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06:34 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 20:56:40.02 ===============

Attached Files

Attach.txt 19.78KB 165 downloads

#72
Render

Posted 16 June 2011 - 10:26 AM

Trusted Helper

Malware Removal
4,195 posts

I need to look into that. It'll probably take a while.

#73
Render

Posted 17 June 2011 - 09:49 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

We will do a new OTL scan. This time please leave OTL to do its job for at least 2 hours:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.