Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35
  1. #1
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default Security Center Disabled + Browser redirects

    Hi, I don't know how I got infected but it is driving me nuts. The security center will not start, if I try to start it, it won't let me (the action center says "The windows security center service cannot be started.) also my search results randomly redirect in all browsers and search engines. I've been infected for about a week.

    Two days ago the computer forced me to re-enter my Windows Genuine product number.

    Computer:
    Hewlett-Packard HP Pavilion P6000 Series
    Windows 7 Home Premium (x64) Service Pack 1 (build 7601)
    2.50 gigahertz Intel Core2 Quad Q8300
    8158 Megabytes Usable Installed Memory

    Avast Anti-Virus ver 6.0.1125 updates every day
    Avast full system scan came up clean (if there is a log, I don't know where it is)
    I run CCleaner just about everyday. Windows updates every Sunday.

    I ran Spybot S&D and it came up clear except for 2 registry entries dealing with the Security center, it said it fixed them, but when I ran it again the same entries came up. (if there are logs, again I don't know where they are)

    LOGS:
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/20/2011 at 09:20 PM

    Application Version : 4.54.1000

    Core Rules Database Version : 7265
    Trace Rules Database Version: 5077

    Scan type : Complete Scan
    Total Scan Time : 00:41:54

    Memory items scanned : 570
    Memory threats detected : 0
    Registry items scanned : 13093
    Registry threats detected : 0
    File items scanned : 35078
    File threats detected : 0
    ===========================================
    Malwarebytes' Anti-Malware 1.51.0.1200
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6863

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    6/20/2011 9:23:11 PM
    mbam-log-2011-06-20 (21-23-11).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 362373
    Time elapsed: 43 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ===========================================
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:27:30 PM, on 6/20/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\All Programs\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Users\KVC\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\All Programs\SAS\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 7491 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a log from aswMbr.exe

    Please first disable any CD emulation programs using the steps found in this topic:



    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by KVC at 21:26:17 on 2011-06-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6844 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\userinit.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    uRun: [Google Update] "C:\Users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Subscribe in RSS Bandit - C:\Users\KVC\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{8E02AEA7-BAC7-4470-884A-7B22918D0916} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\KVC\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\KVC\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\All Programs\SAS\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\All Programs\SAS\saskutil64.sys [2010-2-17 12360]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-26 42184]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-18 1153368]
    S3 !SASCORE;SAS Core Service;C:\All Programs\SAS\SASCore64.exe [2011-5-4 128384]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MBAMService;MBAMService;C:\All Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-14 366640]
    .
    =============== Created Last 30 ================
    .
    2011-06-18 15:09:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-06-18 15:09:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-06-15 01:36:56 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-06-15 01:36:56 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 01:36:53 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-15 01:36:53 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-06-15 01:36:53 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-06-15 01:36:51 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-15 01:36:48 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-06-15 01:36:48 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-06-15 01:36:48 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-06-15 01:35:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-06-15 01:35:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-15 01:35:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-06-15 01:35:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-06-14 20:59:41 -------- d-----w- C:\Users\KVC\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-14 20:59:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-06-14 20:59:36 -------- d-----w- C:\ProgramData\!SASCORE
    2011-06-14 14:27:26 5110 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
    2011-06-14 05:01:08 388096 ----a-r- C:\Users\KVC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-14 04:09:17 -------- d-----w- C:\Users\KVC\AppData\Roaming\Malwarebytes
    2011-06-14 04:09:14 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-14 04:09:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-14 04:09:11 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-14 04:07:49 0 ----a-w- C:\Windows\FileLock.bin
    2011-06-14 02:47:42 -------- d-----w- C:\Program Files (x86)\MediaMan
    2011-06-14 02:24:19 136704 --sha-r- C:\Windows\SysWow64\oflcw.dll
    2011-06-10 12:56:22 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FB76C06-410D-4F6C-A95B-5B7DB72C3C62}\mpengine.dll
    2011-05-28 15:58:48 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2011-05-28 15:56:41 -------- d-----w- C:\Users\KVC\AppData\Local\DosBlaster
    2011-05-28 15:56:41 -------- d-----w- C:\Program Files (x86)\DosBlaster 3.0
    2011-05-28 15:40:00 -------- d-----w- C:\Users\KVC\AppData\Roaming\.dbox
    2011-05-28 15:29:41 -------- d-----w- C:\Users\KVC\AppData\Local\DOSBox
    2011-05-28 15:28:44 -------- d-----w- C:\Games
    2011-05-26 23:20:12 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-05-25 13:47:17 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    .
    ==================== Find3M ====================
    .
    2011-05-16 21:36:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr
    2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-04-03 20:50:38 108144 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
    .
    ============= FINISH: 21:29:15.51 ===============


    After DDS I downloaded aswMBR.exe when run it crashed to a blue screen and re-booted the computer. After that I downloaded and ran Defogger.exe, but it didn't tell me it shut anything down..here is the Defogger.exe log:

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 21:02 on 23/06/2011 (KVC)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...


    -=E.O.F=-

    I then ran aswMRB.exe twice and it crashed to a blue screen both times. I really don't feel comfortable trying again. Do I need to run defogger after a re-boot, did it shut anything down?? I don't have any virtual drives (unless windows or HP created one,) and I don't use Deamon tools or anything like that.

  4. #4
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default Attached DSS File

    Sorry, forgot to attach the second DDS file.
    Attached Files

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Let's run a few tools and see what they find.

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.5.5.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    2011/06/26 19:42:48.0646 3728 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/26 19:42:48.0973 3728 ================================================================================
    2011/06/26 19:42:48.0973 3728 SystemInfo:
    2011/06/26 19:42:48.0973 3728
    2011/06/26 19:42:48.0973 3728 OS Version: 6.1.7601 ServicePack: 1.0
    2011/06/26 19:42:48.0973 3728 Product type: Workstation
    2011/06/26 19:42:48.0973 3728 ComputerName: KVC-HP
    2011/06/26 19:42:48.0973 3728 UserName: KVC
    2011/06/26 19:42:48.0973 3728 Windows directory: C:\Windows
    2011/06/26 19:42:48.0973 3728 System windows directory: C:\Windows
    2011/06/26 19:42:48.0973 3728 Running under WOW64
    2011/06/26 19:42:48.0973 3728 Processor architecture: Intel x64
    2011/06/26 19:42:48.0973 3728 Number of processors: 4
    2011/06/26 19:42:48.0973 3728 Page size: 0x1000
    2011/06/26 19:42:48.0973 3728 Boot type: Normal boot
    2011/06/26 19:42:48.0973 3728 ================================================================================
    2011/06/26 19:42:49.0847 3728 Initialize success
    2011/06/26 19:42:53.0560 3968 ================================================================================
    2011/06/26 19:42:53.0560 3968 Scan started
    2011/06/26 19:42:53.0560 3968 Mode: Manual;
    2011/06/26 19:42:53.0560 3968 ================================================================================
    2011/06/26 19:42:54.0184 3968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/06/26 19:42:54.0215 3968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/06/26 19:42:54.0246 3968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/06/26 19:42:54.0277 3968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/26 19:42:54.0308 3968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/26 19:42:54.0340 3968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/26 19:42:54.0418 3968 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/06/26 19:42:54.0464 3968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/06/26 19:42:54.0496 3968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/06/26 19:42:54.0511 3968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/06/26 19:42:54.0542 3968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/26 19:42:54.0589 3968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/26 19:42:54.0605 3968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/06/26 19:42:54.0667 3968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/26 19:42:54.0698 3968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/06/26 19:42:54.0761 3968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/06/26 19:42:54.0792 3968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/26 19:42:54.0808 3968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/26 19:42:54.0854 3968 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/06/26 19:42:54.0901 3968 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/06/26 19:42:54.0932 3968 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
    2011/06/26 19:42:54.0979 3968 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
    2011/06/26 19:42:54.0995 3968 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
    2011/06/26 19:42:55.0010 3968 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
    2011/06/26 19:42:55.0088 3968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/26 19:42:55.0120 3968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/06/26 19:42:55.0182 3968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/06/26 19:42:55.0198 3968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/06/26 19:42:55.0229 3968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/06/26 19:42:55.0322 3968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/26 19:42:55.0385 3968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/26 19:42:55.0416 3968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/26 19:42:55.0432 3968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/26 19:42:55.0463 3968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/26 19:42:55.0478 3968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/26 19:42:55.0541 3968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/26 19:42:55.0588 3968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/26 19:42:55.0619 3968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/26 19:42:55.0650 3968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/26 19:42:55.0681 3968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/26 19:42:55.0712 3968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/26 19:42:55.0790 3968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/06/26 19:42:55.0853 3968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/26 19:42:55.0884 3968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/06/26 19:42:55.0931 3968 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/06/26 19:42:55.0978 3968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/26 19:42:56.0009 3968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/06/26 19:42:56.0056 3968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/26 19:42:56.0134 3968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/26 19:42:56.0149 3968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/06/26 19:42:56.0165 3968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/26 19:42:56.0243 3968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/26 19:42:56.0290 3968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/26 19:42:56.0368 3968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/06/26 19:42:56.0508 3968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/26 19:42:56.0555 3968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/06/26 19:42:56.0602 3968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/06/26 19:42:56.0633 3968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/06/26 19:42:56.0648 3968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/26 19:42:56.0680 3968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/26 19:42:56.0758 3968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/06/26 19:42:56.0789 3968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/26 19:42:56.0836 3968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/26 19:42:56.0882 3968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/26 19:42:56.0898 3968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/26 19:42:56.0976 3968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/26 19:42:57.0023 3968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/26 19:42:57.0070 3968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/26 19:42:57.0116 3968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/26 19:42:57.0194 3968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/06/26 19:42:57.0226 3968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/26 19:42:57.0257 3968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/26 19:42:57.0288 3968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/26 19:42:57.0335 3968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/26 19:42:57.0460 3968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/06/26 19:42:57.0522 3968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/06/26 19:42:57.0553 3968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/26 19:42:57.0600 3968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/06/26 19:42:57.0647 3968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/06/26 19:42:57.0834 3968 igfx (2835c0808ba40fa8bc141e6015eb2414) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/06/26 19:42:57.0943 3968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/26 19:42:58.0021 3968 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
    2011/06/26 19:42:58.0099 3968 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/06/26 19:42:58.0130 3968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/06/26 19:42:58.0162 3968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/26 19:42:58.0240 3968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/26 19:42:58.0271 3968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/06/26 19:42:58.0286 3968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/06/26 19:42:58.0333 3968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/06/26 19:42:58.0349 3968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/06/26 19:42:58.0396 3968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/06/26 19:42:58.0458 3968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/26 19:42:58.0474 3968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/06/26 19:42:58.0520 3968 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/26 19:42:58.0567 3968 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/26 19:42:58.0598 3968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/26 19:42:58.0692 3968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/26 19:42:58.0739 3968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/26 19:42:58.0754 3968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/26 19:42:58.0786 3968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/26 19:42:58.0801 3968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/26 19:42:58.0848 3968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/06/26 19:42:58.0942 3968 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
    2011/06/26 19:42:58.0973 3968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/26 19:42:58.0988 3968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/26 19:42:59.0020 3968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/06/26 19:42:59.0051 3968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/26 19:42:59.0113 3968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/26 19:42:59.0160 3968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/26 19:42:59.0207 3968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/26 19:42:59.0238 3968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/06/26 19:42:59.0254 3968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/26 19:42:59.0285 3968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/26 19:42:59.0332 3968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/26 19:42:59.0347 3968 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/26 19:42:59.0410 3968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/26 19:42:59.0441 3968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/06/26 19:42:59.0456 3968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/06/26 19:42:59.0503 3968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/06/26 19:42:59.0519 3968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/26 19:42:59.0534 3968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/26 19:42:59.0644 3968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/26 19:42:59.0659 3968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/26 19:42:59.0675 3968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/26 19:42:59.0722 3968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/26 19:42:59.0753 3968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/06/26 19:42:59.0815 3968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/26 19:42:59.0846 3968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/26 19:42:59.0878 3968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/06/26 19:42:59.0924 3968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/26 19:42:59.0971 3968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/06/26 19:43:00.0002 3968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/06/26 19:43:00.0065 3968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/26 19:43:00.0096 3968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/26 19:43:00.0143 3968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/26 19:43:00.0174 3968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/26 19:43:00.0205 3968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/26 19:43:00.0252 3968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/26 19:43:00.0346 3968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/06/26 19:43:00.0377 3968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/06/26 19:43:00.0408 3968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/26 19:43:00.0455 3968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/26 19:43:00.0502 3968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/06/26 19:43:00.0564 3968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/06/26 19:43:00.0595 3968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/06/26 19:43:00.0642 3968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/26 19:43:00.0658 3968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/26 19:43:00.0720 3968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/26 19:43:00.0767 3968 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/06/26 19:43:00.0814 3968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/06/26 19:43:00.0860 3968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/06/26 19:43:00.0876 3968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/26 19:43:00.0907 3968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/06/26 19:43:00.0954 3968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/06/26 19:43:01.0079 3968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/26 19:43:01.0110 3968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/26 19:43:01.0188 3968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/26 19:43:01.0235 3968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/26 19:43:01.0328 3968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/26 19:43:01.0360 3968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/26 19:43:01.0375 3968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/26 19:43:01.0438 3968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/26 19:43:01.0469 3968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/26 19:43:01.0531 3968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/26 19:43:01.0547 3968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/26 19:43:01.0578 3968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/26 19:43:01.0594 3968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/26 19:43:01.0640 3968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/26 19:43:01.0703 3968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/26 19:43:01.0718 3968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/26 19:43:01.0765 3968 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/26 19:43:01.0828 3968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/26 19:43:01.0874 3968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/26 19:43:01.0952 3968 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/06/26 19:43:02.0015 3968 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\All Programs\SAS\SASDIFSV64.SYS
    2011/06/26 19:43:02.0030 3968 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\All Programs\SAS\SASKUTIL64.SYS
    2011/06/26 19:43:02.0077 3968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/26 19:43:02.0140 3968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/26 19:43:02.0218 3968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/26 19:43:02.0280 3968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/26 19:43:02.0311 3968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/26 19:43:02.0342 3968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/26 19:43:02.0389 3968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/26 19:43:02.0405 3968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/26 19:43:02.0452 3968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/26 19:43:02.0498 3968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/26 19:43:02.0530 3968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/26 19:43:02.0545 3968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/26 19:43:02.0592 3968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/26 19:43:02.0701 3968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/06/26 19:43:02.0764 3968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/26 19:43:02.0779 3968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/26 19:43:02.0810 3968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/26 19:43:02.0888 3968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/26 19:43:02.0951 3968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/06/26 19:43:03.0029 3968 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
    2011/06/26 19:43:03.0107 3968 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/26 19:43:03.0154 3968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/26 19:43:03.0185 3968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/26 19:43:03.0216 3968 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/26 19:43:03.0263 3968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/26 19:43:03.0310 3968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/06/26 19:43:03.0388 3968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/26 19:43:03.0434 3968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/06/26 19:43:03.0497 3968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/26 19:43:03.0544 3968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/26 19:43:03.0575 3968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/26 19:43:03.0653 3968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/26 19:43:03.0684 3968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/06/26 19:43:03.0700 3968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/26 19:43:03.0731 3968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/26 19:43:03.0762 3968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/06/26 19:43:03.0793 3968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/26 19:43:03.0840 3968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/26 19:43:03.0887 3968 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/26 19:43:03.0934 3968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/26 19:43:03.0965 3968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/26 19:43:03.0996 3968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/06/26 19:43:04.0043 3968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/26 19:43:04.0090 3968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/06/26 19:43:04.0136 3968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/26 19:43:04.0168 3968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/06/26 19:43:04.0199 3968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/06/26 19:43:04.0230 3968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/06/26 19:43:04.0277 3968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/06/26 19:43:04.0308 3968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/26 19:43:04.0355 3968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/06/26 19:43:04.0402 3968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/26 19:43:04.0433 3968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/06/26 19:43:04.0480 3968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/26 19:43:04.0558 3968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/26 19:43:04.0573 3968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/26 19:43:04.0636 3968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/26 19:43:04.0667 3968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/26 19:43:04.0776 3968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/26 19:43:04.0792 3968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/06/26 19:43:04.0885 3968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/26 19:43:04.0932 3968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/26 19:43:04.0994 3968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/26 19:43:05.0057 3968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/26 19:43:05.0104 3968 MBR (0x1B8) (ab83f5c13f7b99d72bef88d9c90c64d0) \Device\Harddisk0\DR0
    2011/06/26 19:43:05.0244 3968 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk1\DR1
    2011/06/26 19:43:05.0260 3968 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6
    2011/06/26 19:43:05.0275 3968 ================================================================================
    2011/06/26 19:43:05.0275 3968 Scan finished
    2011/06/26 19:43:05.0275 3968 ================================================================================
    2011/06/26 19:43:05.0291 2724 Detected object count: 0
    2011/06/26 19:43:05.0291 2724 Actual detected object count: 0


    ComboFix 11-06-26.01 - KVC 06/26/2011 19:48:04.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6726 [GMT -4:00]
    Running from: C:\Users\KVC\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Users\KVC\AppData\Roaming\Adobe\plugs
    C:\Users\KVC\AppData\Roaming\Adobe\shed


    ((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))


    2011-06-26 23:52:15 . 2011-06-26 23:52:15 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-06-26 02:23:53 . 2011-06-26 02:23:53 -------- d-----w- C:\Users\KVC\AppData\Roaming\Thinstall
    2011-06-26 02:23:53 . 2011-06-26 02:23:53 -------- d-----w- C:\Users\KVC\AppData\Local\Thinstall
    2011-06-24 23:26:09 . 2011-06-24 23:26:09 -------- d-----w- C:\Users\KVC\.thumbnails
    2011-06-24 23:22:54 . 2011-06-24 23:51:31 -------- d-----w- C:\Users\KVC\.gimp-2.6
    2011-06-18 15:09:42 . 2011-06-26 23:44:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-06-18 15:09:42 . 2011-06-18 15:10:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-06-15 01:36:56 . 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2011-06-15 01:36:56 . 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\system32\drivers\afd.sys
    2011-06-15 01:36:53 . 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:36:53 . 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:36:53 . 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:36:51 . 2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\system32\win32k.sys
    2011-06-15 01:36:48 . 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\system32\drivers\srv.sys
    2011-06-15 01:36:48 . 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\system32\drivers\srv2.sys
    2011-06-15 01:36:48 . 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\system32\drivers\srvnet.sys
    2011-06-15 01:35:42 . 2011-02-25 06:22:22 861696 ----a-w- C:\Windows\system32\oleaut32.dll
    2011-06-15 01:35:42 . 2011-02-25 05:34:36 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-15 01:35:41 . 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\system32\inetcomm.dll
    2011-06-15 01:35:41 . 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-06-14 20:59:41 . 2011-06-14 20:59:41 -------- d-----w- C:\Users\KVC\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-14 20:59:41 . 2011-06-14 20:59:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-06-14 20:59:36 . 2011-06-14 20:59:36 -------- d-----w- C:\ProgramData\!SASCORE
    2011-06-14 14:27:26 . 2011-06-26 14:02:21 5110 ----a-w- C:\Windows\system32\PerfStringBackup.TMP
    2011-06-14 05:01:08 . 2011-06-14 05:01:08 388096 ----a-r- C:\Users\KVC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-14 04:09:17 . 2011-06-14 04:09:17 -------- d-----w- C:\Users\KVC\AppData\Roaming\Malwarebytes
    2011-06-14 04:09:14 . 2011-06-14 04:09:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-14 04:09:14 . 2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-14 04:09:11 . 2011-05-29 13:11:20 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-06-14 04:07:49 . 2011-06-14 04:21:27 0 ----a-w- C:\Windows\FileLock.bin
    2011-06-14 02:47:42 . 2011-06-14 02:49:15 -------- d-----w- C:\Program Files (x86)\MediaMan
    2011-06-14 02:24:19 . 2011-06-14 02:24:19 136704 --sha-r- C:\Windows\SysWow64\oflcw.dll
    2011-06-10 12:56:22 . 2011-05-09 22:00:16 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FB76C06-410D-4F6C-A95B-5B7DB72C3C62}\mpengine.dll
    2011-05-28 15:58:48 . 2011-05-29 14:08:03 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2011-05-28 15:56:41 . 2011-05-28 16:00:56 -------- d-----w- C:\Program Files (x86)\DosBlaster 3.0
    2011-05-28 15:56:41 . 2011-05-28 15:57:26 -------- d-----w- C:\Users\KVC\AppData\Local\DosBlaster
    2011-05-28 15:40:00 . 2011-05-28 15:49:20 -------- d-----w- C:\Users\KVC\AppData\Roaming\.dbox
    2011-05-28 15:29:41 . 2011-05-28 15:29:41 -------- d-----w- C:\Users\KVC\AppData\Local\DOSBox
    2011-05-28 15:28:44 . 2011-05-28 15:45:00 -------- d-----w- C:\Games
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-05-16 21:36:55 . 2011-05-16 21:36:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-10 12:10:59 . 2010-12-25 22:16:19 40112 ----a-w- C:\Windows\avastSS.scr
    2011-05-10 12:10:55 . 2010-12-25 22:16:19 199304 ----a-w- C:\Windows\SysWow64\aswBoot.exe
    2011-05-10 12:10:44 . 2011-01-15 10:47:22 253888 ----a-w- C:\Windows\system32\aswBoot.exe
    2011-05-10 12:04:08 . 2011-05-26 23:20:12 600920 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
    2011-05-10 12:04:07 . 2010-12-25 22:16:54 287576 ----a-w- C:\Windows\system32\drivers\aswSP.sys
    2011-05-10 12:02:41 . 2010-12-25 22:16:50 53592 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59:59 . 2010-12-25 22:16:53 31064 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59:48 . 2010-12-25 22:16:46 64344 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59:37 . 2010-12-25 22:16:55 22360 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
    2011-04-22 22:15:29 . 2011-05-25 13:47:17 27520 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
    2011-04-13 22:40:10 . 2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-09 07:02:55 . 2011-05-11 12:53:45 5562240 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2011-04-09 06:58:56 . 2011-05-11 17:41:26 142336 ----a-w- C:\Windows\system32\poqexec.exe
    2011-04-09 06:02:25 . 2011-05-11 12:53:45 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 . 2011-05-11 12:53:45 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 . 2011-05-11 17:41:26 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-04-03 20:50:38 . 2011-04-03 20:50:38 108144 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 21:50:04 54576]
    "Malwarebytes' Anti-Malware"="C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 13:11:28 449584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
    R3 !SASCORE;SAS Core Service;C:\All Programs\SAS\SASCORE64.EXE [2011-05-04 17:55:09 128384]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys [x]
    R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MBAMService;MBAMService;C:\All Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 13:11:28 366640]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;C:\All Programs\SAS\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]
    S1 SASKUTIL;SASKUTIL;C:\All Programs\SAS\SASKUTIL64.SYS [2010-02-17 18:23:05 12360]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 21:40:22 92216]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 19:31:10 1153368]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


    Contents of the 'Scheduled Tasks' folder

    2011-06-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000Core.job
    - C:\Users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 15:46:07 . 2011-02-19 15:46:06]

    2011-06-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000UA.job
    - C:\Users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 15:46:07 . 2011-02-19 15:46:06]

    Seems my security center is working...but searches still redirect.

    You have any guess why aswMRB.exe would crash the system but a full Avast scan through the anti-virus main program comes up clean?

  7. #7
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    Spoke too soon - Security center just shut down

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Lets try another tool to see whats going on. Can you Burn CD's and have a USB Flash Drive You can use?


    1.
    Please uninstall Spybot - Search & Destroy. We will reinstall it when we are finished. Then try aswMBr. Are you able to boot into safemode? If so try AswMbr also in safemode.


    Please download MBRCheck to your desktop.

    1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
    2. It will open a black window, please do not fix anything (if it gives you an option).
    3. Exit that window and it will produce a log (MBRCheck_date_time).
    4. Please post that log when you reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    Can you Burn CD's and have a USB Flash Drive You can use?

    Yes and Yes.

    Safemode allowed asw to finish here is the log:
    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-27 21:26:22
    -----------------------------
    21:26:22.834 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:26:22.834 Number of processors: 4 586 0x170A
    21:26:22.834 ComputerName: KVC-HP UserName: KVC
    21:26:31.040 Initialize success
    21:26:31.398 AVAST engine defs: 11062701
    21:26:41.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    21:26:41.694 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3BF Size: 953869MB BusType: 3
    21:26:41.694 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    21:26:41.694 Disk 1 Vendor: ST3320833AS 3.AAH Size: 305245MB BusType: 3
    21:26:41.710 Disk 0 MBR read successfully
    21:26:41.710 Disk 0 MBR scan
    21:26:41.866 Disk 0 unknown MBR code
    21:26:41.882 Service scanning
    21:26:43.551 Disk 0 trace - called modules:
    21:26:43.598 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    21:26:43.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800774c790]
    21:26:43.598 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa8006720520]
    21:26:43.613 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800671d060]
    21:26:48.200 AVAST engine scan C:\Windows
    21:44:46.099 AVAST engine scan C:\Users\KVC
    21:47:33.285 AVAST engine scan C:\ProgramData
    21:48:08.369 Scan finished successfully
    21:48:28.072 Disk 0 MBR has been saved successfully to "C:\Users\KVC\Desktop\MBR.dat"
    21:48:28.072 The log file has been saved successfully to "C:\Users\KVC\Desktop\aswMBR.txt"

    It also produced a .DAT file - Attached

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion P6000 Series
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 182):
    0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
    0x03008000 \SystemRoot\system32\hal.dll
    0x00BC3000 \SystemRoot\system32\kdcom.dll
    0x00C7C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CCB000 \SystemRoot\system32\PSHED.dll
    0x00CDF000 \SystemRoot\system32\CLFS.SYS
    0x00D3D000 \SystemRoot\system32\CI.dll
    0x00EA3000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F47000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F56000 \SystemRoot\system32\drivers\ACPI.sys
    0x00FAD000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00FB6000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00FC0000 \SystemRoot\system32\drivers\pci.sys
    0x00FF3000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E86000 \SystemRoot\system32\drivers\pciide.sys
    0x00E8D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00C1A000 \SystemRoot\system32\drivers\atapi.sys
    0x00C23000 \SystemRoot\system32\drivers\ataport.SYS
    0x00C4D000 \SystemRoot\system32\drivers\amdxata.sys
    0x010B6000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01102000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01116000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013BC000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01174000 \SystemRoot\System32\Drivers\cng.sys
    0x013D7000 \SystemRoot\System32\drivers\pcw.sys
    0x013E8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014F4000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0167B000 \SystemRoot\System32\drivers\tcpip.sys
    0x0187F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018C9000 \SystemRoot\system32\drivers\volsnap.sys
    0x01915000 \SystemRoot\System32\Drivers\spldr.sys
    0x0191D000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01957000 \SystemRoot\System32\Drivers\mup.sys
    0x01969000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01972000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x019AC000 \SystemRoot\system32\DRIVERS\disk.sys
    0x019C2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01628000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01000000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x01652000 \SystemRoot\System32\Drivers\Null.SYS
    0x0165B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01662000 \SystemRoot\System32\drivers\vga.sys
    0x0148B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x014B0000 \SystemRoot\System32\drivers\watchdog.sys
    0x01670000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x014C0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x014C9000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x014D2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x014DD000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00C58000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x015E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01200000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02C25000 \SystemRoot\system32\drivers\afd.sys
    0x02CAE000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02CB8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02CFD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D06000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D2C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02D3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02D56000 \SystemRoot\system32\drivers\termdd.sys
    0x02D6A000 \??\C:\All Programs\SAS\SASKUTIL64.SYS
    0x02D74000 \??\C:\All Programs\SAS\SASDIFSV64.SYS
    0x02D7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02DCF000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02DDB000 \SystemRoot\system32\drivers\mssmbios.sys
    0x02DE6000 \SystemRoot\System32\drivers\discache.sys
    0x02C00000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01098000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03A28000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03A75000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03A9B000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04867000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x03AB1000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04800000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x03BA5000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04836000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04295000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x042EB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x042FC000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x04320000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04377000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x04387000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0439D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x043C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x043CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0421B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0423C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04256000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04265000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04274000 \SystemRoot\system32\drivers\swenum.sys
    0x0407B000 \SystemRoot\system32\drivers\ks.sys
    0x040BE000 \SystemRoot\system32\drivers\umbus.sys
    0x040D0000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0412A000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06691000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x068EE000 \SystemRoot\system32\drivers\portcls.sys
    0x0692B000 \SystemRoot\system32\drivers\drmk.sys
    0x0694D000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00030000 \SystemRoot\System32\win32k.sys
    0x06953000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0695F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x0696D000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0697B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x06987000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x06990000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x069A3000 \SystemRoot\system32\drivers\USBSTOR.SYS
    0x069BE000 \SystemRoot\system32\drivers\USBD.SYS
    0x069C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x069DD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x06600000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06619000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x06622000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x06630000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00530000 \SystemRoot\System32\TSDDD.dll
    0x00750000 \SystemRoot\System32\cdd.dll
    0x00930000 \SystemRoot\System32\ATMFD.DLL
    0x0663D000 \SystemRoot\system32\drivers\luafv.sys
    0x0413F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x06660000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x06669000 \SystemRoot\system32\drivers\WudfPf.sys
    0x069EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04179000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02AEC000 \SystemRoot\system32\drivers\HTTP.sys
    0x02BB5000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02BD3000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x046C7000 \SystemRoot\system32\drivers\peauth.sys
    0x0476D000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x04778000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x047A9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x062BB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06353000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x77900000 \Windows\System32\ntdll.dll
    0x47B60000 \Windows\System32\smss.exe
    0xFFC20000 \Windows\System32\apisetschema.dll
    0xFF340000 \Windows\System32\autochk.exe
    0x77AD0000 \Windows\System32\psapi.dll
    0xFFB90000 \Windows\System32\difxapi.dll
    0xFFA60000 \Windows\System32\rpcrt4.dll
    0xFF9E0000 \Windows\System32\shlwapi.dll
    0xFF8D0000 \Windows\System32\msctf.dll
    0xFF8A0000 \Windows\System32\imm32.dll
    0xFF800000 \Windows\System32\clbcatq.dll
    0xFF7B0000 \Windows\System32\ws2_32.dll
    0x776F0000 \Windows\System32\iertutil.dll
    0xFF710000 \Windows\System32\msvcrt.dll
    0xFF530000 \Windows\System32\setupapi.dll
    0xFF510000 \Windows\System32\sechost.dll
    0xFF470000 \Windows\System32\comdlg32.dll
    0xFF410000 \Windows\System32\Wldap32.dll
    0xFF400000 \Windows\System32\lpk.dll
    0x77AC0000 \Windows\System32\normaliz.dll
    0xFF320000 \Windows\System32\advapi32.dll
    0xFF300000 \Windows\System32\imagehlp.dll
    0x775F0000 \Windows\System32\user32.dll
    0xFF0F0000 \Windows\System32\ole32.dll
    0xFF010000 \Windows\System32\oleaut32.dll
    0xFEF40000 \Windows\System32\usp10.dll
    0xFEF30000 \Windows\System32\nsi.dll
    0x774D0000 \Windows\System32\kernel32.dll
    0xFEEC0000 \Windows\System32\gdi32.dll
    0x77370000 \Windows\System32\wininet.dll
    0xFE130000 \Windows\System32\shell32.dll
    0x77220000 \Windows\System32\urlmon.dll
    0xFE0F0000 \Windows\System32\cfgmgr32.dll
    0xFE050000 \Windows\System32\comctl32.dll
    0xFE030000 \Windows\System32\devobj.dll
    0xFDFC0000 \Windows\System32\KernelBase.dll
    0xFDF80000 \Windows\System32\wintrust.dll
    0xFDE10000 \Windows\System32\crypt32.dll
    0xFDE00000 \Windows\System32\msasn1.dll

    Processes (total 54):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    428 csrss.exe
    496 C:\Windows\System32\wininit.exe
    516 csrss.exe
    552 C:\Windows\System32\services.exe
    584 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\winlogon.exe
    612 C:\Windows\System32\lsm.exe
    732 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\audiodg.exe
    520 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1104 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1360 C:\Windows\System32\dwm.exe
    1384 C:\Windows\explorer.exe
    1580 C:\Windows\System32\taskeng.exe
    1616 C:\Windows\System32\rundll32.exe
    1656 C:\Windows\System32\spoolsv.exe
    1688 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\taskhost.exe
    1920 C:\Windows\SysWOW64\rundll32.exe
    1952 C:\Windows\System32\svchost.exe
    1076 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    1080 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1720 C:\Windows\System32\lxcrcoms.exe
    984 C:\Windows\System32\svchost.exe
    2108 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    2124 C:\Windows\System32\hkcmd.exe
    2132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2140 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2164 C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    2204 C:\Windows\System32\igfxpers.exe
    2288 C:\Windows\System32\igfxsrvc.exe
    2720 C:\Windows\System32\SearchIndexer.exe
    2936 WUDFHost.exe
    3024 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    2360 C:\Windows\System32\svchost.exe
    2652 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2852 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3088 C:\Windows\System32\SearchProtocolHost.exe
    3112 C:\Windows\System32\SearchFilterHost.exe
    3568 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3692 C:\Windows\System32\taskeng.exe
    2896 C:\Users\KVC\Desktop\MBRCheck.exe
    2424 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    2772 C:\Windows\System32\sppsvc.exe
    1120 C:\Windows\System32\conhost.exe
    2232 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`0ca00000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: HitachiHDS721010CLA332, Rev: JP4OA3BF
    PhysicalDrive1 Model Number: ST3320833AS, Rev: 3.AAH

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 400F936D9EE32201892AD99B4E147B0CC75B1599
    298 GB \\.\PhysicalDrive1 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    (Sorry about getting to this so late - My brother had surgery today.)
    Attached Files

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:
    • What is Whistler Bootkit
    • Bootkit: Example of infected master boot record
    • MBR Rootkit, A New Breed of Malware

      Rerun MBRCheck.exe again by double-clicking on it. Vista/Windows 7 users right-click and select Run As Administrator.
    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Enter 'Y' and then press Enter.
    • When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
    • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
    • Enter [0] (for PhysicalDrive0) and press the Enter key.
    • The program will show Available MBR codes followed by a list of operating systems as shown below.
      Available MBR codes:
      [ 0] Default (Windows XP)
      [ 1] Windows XP
      [ 2] Windows Server 2003
      [ 3] Windows Vista
      [ 4] Windows 2008
      [ 5] Windows 7
      [-1] Cancel
      Please select the MBR code to write to this drive:
    • Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, type 5 for Windows 7, etc)you will enter 5 for Windows 7 and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
    • When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
    • Left-click on the title bar (where program name and path is written).
    • From the menu chose Edit -> Select All.
    • Press the Enter key on your keyboard to copy selected text.
    • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
    • If your computer does not restart on its own, please restart it manually.

    Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:


    How is your machine running now? Still getting redirected?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 4 123 ... LastLast