Author Topic: white smoke translator help! (Read 14862 times)

suzanangram · « **on:** December 27, 2010, 12:53:08 PM »

Hi - I need help understanding what Whitesmoke Translator will do to my machine and how do I remove it? I am not particularly computer-savvy, but I did follow the directions on one of these posts and installed/ran Superantispyware, Malwarebytes anti-malware, and I have installed Hijackthis. The Malwarebytes program removed some infected files related to Whitesmoke, but Firefox is still redirecting to bing. I don't know what to do about this and I am hoping that someone can help me get my computer back and running.

Dr Jay · « **Reply #1 on:** December 27, 2010, 12:58:41 PM »

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not attach logs or post them in Quote/Code boxes unless requested.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3[/list]

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

suzanangram · « **Reply #2 on:** December 27, 2010, 05:54:40 PM »

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows 7 Professional
Windows Information:       (build 7600), 32-bit
Base Board Manufacturer:   Dell Inc.
BIOS Manufacturer:      Dell Inc.
System Manufacturer:      Dell Inc.
System Product Name:      Latitude E5500
Logical Drives Mask:      0x0000000c

Kernel Drivers (total 203):
0x82A1F000 \SystemRoot\system32\ntkrnlpa.exe
0x82E2F000 \SystemRoot\system32\halmacpi.dll
0x80B99000 \SystemRoot\system32\kdcom.dll
0x88820000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88898000 \SystemRoot\system32\PSHED.dll
0x888A9000 \SystemRoot\system32\BOOTVID.dll
0x888B1000 \SystemRoot\system32\CLFS.SYS
0x888F3000 \SystemRoot\system32\CI.dll
0x8899E000 \SystemRoot\System32\drivers\wgkqiv.sys
0x88A2F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88AA0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88AAE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88AF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88AFF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88B07000 \SystemRoot\system32\DRIVERS\pci.sys
0x88B31000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88B3C000 \SystemRoot\System32\drivers\partmgr.sys
0x88B4D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88B55000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88B60000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88B70000 \SystemRoot\System32\drivers\volmgrx.sys
0x88BBB000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88BE9000 \SystemRoot\System32\drivers\mountmgr.sys
0x88C2D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88D07000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88D10000 \SystemRoot\system32\drivers\fltmgr.sys
0x88D44000 \SystemRoot\system32\drivers\fileinfo.sys
0x88D55000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88E22000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F51000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F7C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88F8F000 \SystemRoot\System32\Drivers\cng.sys
0x88FEC000 \SystemRoot\System32\drivers\pcw.sys
0x88E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8901F000 \SystemRoot\system32\drivers\ndis.sys
0x890D6000 \SystemRoot\system32\drivers\NETIO.SYS
0x89114000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8922E000 \SystemRoot\System32\drivers\tcpip.sys
0x89377000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x893A8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x893B1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x893F0000 \SystemRoot\System32\Drivers\spldr.sys
0x89200000 \SystemRoot\System32\drivers\rdyboost.sys
0x89139000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x89144000 \SystemRoot\System32\Drivers\mup.sys
0x893F8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89154000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89186000 \SystemRoot\system32\DRIVERS\disk.sys
0x89197000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x891BC000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x891C8000 \SystemRoot\System32\Drivers\AVGIDSwx.sys
0x8E4FE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E51D000 \SystemRoot\System32\Drivers\Null.SYS
0x8E524000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E52B000 \SystemRoot\System32\drivers\vga.sys
0x8E537000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E558000 \SystemRoot\System32\drivers\watchdog.sys
0x8E565000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E56D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E575000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E57D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E588000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E596000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E5AD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E5B8000 \SystemRoot\System32\Drivers\avgtdix.sys
0x88D5F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x88D91000 \SystemRoot\system32\drivers\afd.sys
0x8E5F2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x891DE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x89000000 \SystemRoot\system32\DRIVERS\netbios.sys
0x88E09000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8900E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88A00000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E5F9000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x889AC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x88C1A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x88DEB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88A22000 \SystemRoot\System32\drivers\discache.sys
0x8EA16000 \SystemRoot\system32\drivers\csc.sys
0x8EA7A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EA92000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EAA0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8EAA6000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8EADA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F20B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F82D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F8E4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F91D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F928000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F973000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F982000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9002F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x902BC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x902C6000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x90307000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x90333000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9034C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9035D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90375000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x903AE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x903BB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x903D2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x903D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x903DC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x903E5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9000D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F9A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9001F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F9B9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F9DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EAFB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F9F3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9002A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EB29000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EB5D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB6B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EBAF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91637000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9169F000 \SystemRoot\system32\DRIVERS\portcls.sys
0x916CE000 \SystemRoot\system32\DRIVERS\drmk.sys
0x916E7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9170A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91715000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91728000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9172F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91731000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x91738000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82510000 \SystemRoot\System32\win32k.sys
0x91743000 \SystemRoot\System32\drivers\Dxapi.sys
0x9174D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E411000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9175A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9176B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82770000 \SystemRoot\System32\TSDDD.dll
0x827A0000 \SystemRoot\System32\cdd.dll
0x91776000 \SystemRoot\system32\drivers\luafv.sys
0x91791000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x917C9000 \SystemRoot\system32\drivers\WudfPf.sys
0x917E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92C23000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92C69000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92C79000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x92C8C000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
0x92C95000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
0x92C9F000 \SystemRoot\system32\drivers\HTTP.sys
0x92D24000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
0x92D4C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x92D65000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92D77000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x92D9A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x92DD5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB430000 \SystemRoot\system32\drivers\peauth.sys
0xAB4C7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB4D1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB4F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB4FF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB54E000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB59F000 \SystemRoot\system32\drivers\BCM42RLY.sys
0xAB5A7000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAB5D9000 \SystemRoot\system32\DRIVERS\serial.sys
0xAB5F3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x777C0000 \Windows\System32\ntdll.dll
0x47BF0000 \Windows\System32\smss.exe
0x77A00000 \Windows\System32\apisetschema.dll
0x00550000 \Windows\System32\autochk.exe
0x77940000 \Windows\System32\rpcrt4.dll
0x77930000 \Windows\System32\nsi.dll
0x77780000 \Windows\System32\ws2_32.dll
0x776D0000 \Windows\System32\msvcrt.dll
0x76A80000 \Windows\System32\shell32.dll
0x77910000 \Windows\System32\sechost.dll
0x769E0000 \Windows\System32\advapi32.dll
0x769B0000 \Windows\System32\imagehlp.dll
0x76960000 \Windows\System32\gdi32.dll
0x77900000 \Windows\System32\psapi.dll
0x76760000 \Windows\System32\iertutil.dll
0x76710000 \Windows\System32\Wldap32.dll
0x76680000 \Windows\System32\clbcatq.dll
0x76660000 \Windows\System32\imm32.dll
0x76590000 \Windows\System32\msctf.dll
0x76510000 \Windows\System32\comdlg32.dll
0x76440000 \Windows\System32\user32.dll
0x763E0000 \Windows\System32\difxapi.dll
0x763D0000 \Windows\System32\normaliz.dll
0x76230000 \Windows\System32\setupapi.dll
0x760D0000 \Windows\System32\ole32.dll
0x75FF0000 \Windows\System32\kernel32.dll
0x75EB0000 \Windows\System32\urlmon.dll
0x75DB0000 \Windows\System32\wininet.dll
0x75D10000 \Windows\System32\usp10.dll
0x75C80000 \Windows\System32\oleaut32.dll
0x75C20000 \Windows\System32\shlwapi.dll
0x75C10000 \Windows\System32\lpk.dll
0x75B80000 \Windows\System32\comctl32.dll
0x75B50000 \Windows\System32\wintrust.dll
0x75A30000 \Windows\System32\crypt32.dll
0x759E0000 \Windows\System32\KernelBase.dll
0x759C0000 \Windows\System32\devobj.dll
0x75990000 \Windows\System32\cfgmgr32.dll
0x75980000 \Windows\System32\msasn1.dll

Processes (total 91):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
416 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
488 C:\Program Files\AVG\AVG9\avgchsvx.exe
520 C:\Windows\System32\winlogon.exe
532 C:\Program Files\AVG\AVG9\avgrsx.exe
624 C:\Windows\System32\services.exe
632 C:\Program Files\AVG\AVG9\avgcsrvx.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\svchost.exe
988 C:\Program Files\Fingerprint Sensor\AtService.exe
1016 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
1464 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\svchost.exe
1796 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1804 C:\Windows\System32\wlanext.exe
1812 C:\Windows\System32\conhost.exe
1840 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1980 C:\Windows\System32\spoolsv.exe
2024 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1424 C:\Windows\System32\svchost.exe
1208 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
2148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2176 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2200 C:\Program Files\Bonjour\mDNSResponder.exe
2228 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2280 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2328 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2336 WmiPrvSE.exe
2416 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2600 C:\Windows\System32\svchost.exe
2692 unsecapp.exe
2864 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2884 C:\Program Files\AVG\AVG9\avgam.exe
2916 C:\Program Files\AVG\AVG9\avgnsx.exe
3424 WmiPrvSE.exe
3852 C:\Windows\System32\dwm.exe
3876 C:\Windows\System32\taskhost.exe
3896 C:\Windows\explorer.exe
3932 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3232 C:\Windows\System32\svchost.exe
3632 C:\Program Files\DellTPad\Apoint.exe
3656 C:\Program Files\IDT\WDM\sttray.exe
3680 C:\Windows\System32\hkcmd.exe
3720 C:\Windows\System32\igfxpers.exe
3768 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3756 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
2408 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
3096 C:\Windows\System32\igfxsrvc.exe
3060 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
3536 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
3528 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
4208 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4284 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4336 C:\Program Files\Napster\napster.exe
4364 C:\Program Files\AVG\AVG9\avgtray.exe
4432 C:\Program Files\DellTPad\ApMsgFwd.exe
4440 C:\Program Files\iTunes\iTunesHelper.exe
4544 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
4624 C:\Program Files\DellTPad\hidfind.exe
4676 C:\Program Files\DellTPad\ApntEx.exe
4700 C:\Windows\System32\conhost.exe
4896 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4960 C:\Windows\System32\conhost.exe
4968 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
5172 C:\Windows\System32\SearchIndexer.exe
5276 C:\Program Files\iPod\bin\iPodService.exe
6012 C:\Windows\System32\igfxext.exe
6136 C:\Program Files\Windows Sidebar\sidebar.exe
2384 C:\Program Files\Windows Media Player\wmpnetwk.exe
3132 C:\Windows\System32\wuauclt.exe
5096 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
1356 C:\Program Files\Mozilla Firefox\firefox.exe
3056 C:\Program Files\Mozilla Firefox\plugin-container.exe
5288 C:\Windows\System32\notepad.exe
3748 C:\Windows\System32\SearchProtocolHost.exe
4308 C:\Windows\System32\SearchFilterHost.exe
3844 C:\Windows\System32\taskeng.exe
3396 C:\Windows\System32\audiodg.exe
1740 dllhost.exe
1336 dllhost.exe
5184 C:\Users\Sue\Desktop\MBRCheck.exe
4964 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344 B

Done!

Dr Jay · « **Reply #3 on:** December 29, 2010, 03:13:15 AM »

Sorry for my small delay.

Please take a look at this tutorial for WhiteSmoke Translator removal, that I composed a couple days ago: http://www.helpmyos.com/t2433-how-to-remove-or-uninstall-whitesmoke-translator-other-products (follow all but step 4)

suzanangram · « **Reply #4 on:** December 29, 2010, 05:56:56 AM »

I followed all of the steps and none of the programs found any trace of Whitesmoke. However, when I click on a link in an email, my browser gets redirected (but AVG warns me and stops it from happening). My homepage is also still being hijacked to bing. How do I fix that?

suzanangram · « **Reply #5 on:** December 29, 2010, 06:26:31 AM »

hey dmj - thanks for the reply. my machine looks clean. i figured out the homepage situation and was able to change it back to my original settings. i am still concerned about being redirected when i click on links that are included in my gmail. i am not redirected through any other method.

this site is truly awesome and what you guys are doing is a real service.

suzanangram · « **Reply #6 on:** December 29, 2010, 10:54:02 AM »

i just wanted to update this: i am being redirected now even when i enter urls in the navigation bar.....anything else you can suggest here?

Dr Jay · « **Reply #7 on:** December 29, 2010, 12:00:26 PM »

I see. Let us take a look with this tool...

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

suzanangram · « **Reply #8 on:** December 29, 2010, 03:31:25 PM »

hey dmj - it says that it didn't find any threats...should i be running this stuff in safe mode?

2010/12/29 17:28:34.0295   TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 17:28:34.0295   ================================================================================
2010/12/29 17:28:34.0295   SystemInfo:
2010/12/29 17:28:34.0295
2010/12/29 17:28:34.0296   OS Version: 6.1.7600 ServicePack: 0.0
2010/12/29 17:28:34.0296   Product type: Workstation
2010/12/29 17:28:34.0296   ComputerName: SUE01W01
2010/12/29 17:28:34.0300   UserName: Sue
2010/12/29 17:28:34.0300   Windows directory: C:\Windows
2010/12/29 17:28:34.0300   System windows directory: C:\Windows
2010/12/29 17:28:34.0300   Processor architecture: Intel x86
2010/12/29 17:28:34.0300   Number of processors: 2
2010/12/29 17:28:34.0300   Page size: 0x1000
2010/12/29 17:28:34.0300   Boot type: Normal boot
2010/12/29 17:28:34.0300   ================================================================================
2010/12/29 17:28:34.0720   Initialize success
2010/12/29 17:28:48.0677   ================================================================================
2010/12/29 17:28:48.0677   Scan started
2010/12/29 17:28:48.0677   Mode: Manual;
2010/12/29 17:28:48.0677   ================================================================================
2010/12/29 17:28:51.0243   1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/29 17:28:51.0725   ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/29 17:28:52.0145   AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/29 17:28:52.0674   adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/29 17:28:52.0965   adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/29 17:28:53.0464   adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/29 17:28:53.0834   AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/29 17:28:54.0207   agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/29 17:28:55.0826   aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/29 17:28:56.0357   aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/29 17:28:56.0808   amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/29 17:28:57.0264   amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/29 17:28:57.0826   AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/29 17:28:58.0401   AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/29 17:28:58.0752   amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/29 17:28:58.0898   amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/29 17:28:58.0970   amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/29 17:28:59.0449   ApfiltrService (c51ec0615ef781b00b7389521f397132) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/29 17:28:59.0951   AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/29 17:29:00.0279   arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/29 17:29:00.0686   arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/29 17:29:00.0983   AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/29 17:29:01.0025   atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/29 17:29:01.0387   AVGIDSDriverw7x (9e6b5bc75fd68b0d56a6f68a2d967241) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
2010/12/29 17:29:01.0942   AVGIDSErHrw7x (25d906e3419ec2e7813d0627dd054032) C:\Windows\system32\Drivers\AVGIDSwx.sys
2010/12/29 17:29:02.0266   AVGIDSFilterw7x (57b9a71774c9e334dc8ef97657ff18a1) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
2010/12/29 17:29:02.0314   AVGIDSShimw7x (c996c03d160137938a122a951305d645) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
2010/12/29 17:29:02.0839   AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/12/29 17:29:03.0357   AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/12/29 17:29:03.0752   AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
2010/12/29 17:29:04.0101   AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/12/29 17:29:04.0561   b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/29 17:29:04.0930   b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/29 17:29:05.0104   BCM42RLY (57a52ee74fd55c590f209925088cb68b) C:\Windows\system32\drivers\BCM42RLY.sys
2010/12/29 17:29:05.0444   BCM43XX (edf86011d8a8366c476a9356cb9523b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/29 17:29:06.0695   Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/29 17:29:06.0823   blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/29 17:29:06.0943   Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
2010/12/29 17:29:07.0264   bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/29 17:29:07.0370   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/29 17:29:07.0443   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/29 17:29:07.0553   Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/29 17:29:07.0585   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/29 17:29:07.0674   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/29 17:29:07.0691   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/29 17:29:07.0741   BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/29 17:29:08.0011   cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/29 17:29:08.0189   cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/29 17:29:08.0542   circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/29 17:29:08.0773   CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/29 17:29:09.0285   CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/29 17:29:09.0477   cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/29 17:29:09.0570   CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/29 17:29:09.0703   Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/29 17:29:10.0045   CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/29 17:29:10.0405   crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/29 17:29:10.0720   CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/29 17:29:11.0115   DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/29 17:29:11.0287   discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/29 17:29:11.0581   Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/29 17:29:11.0971   drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/29 17:29:12.0538   DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/29 17:29:13.0073   ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/29 17:29:13.0548   elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/29 17:29:13.0922   ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/29 17:29:14.0373   exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/29 17:29:14.0776   fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/29 17:29:15.0189   fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/29 17:29:15.0417   FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/29 17:29:15.0817   Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/29 17:29:16.0133   flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/29 17:29:16.0534   FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/29 17:29:18.0192   FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/29 17:29:18.0510   Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/29 17:29:18.0935   fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/29 17:29:19.0359   gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/29 17:29:19.0906   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/29 17:29:20.0201   hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/29 17:29:20.0240   HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/29 17:29:20.0306   HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/29 17:29:20.0348   HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/29 17:29:20.0414   HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/29 17:29:20.0494   HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/29 17:29:20.0559   HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/29 17:29:20.0642   HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/29 17:29:20.0727   hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/29 17:29:20.0870   i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/29 17:29:20.0957   iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/29 17:29:21.0053   iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/29 17:29:21.0297   igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/29 17:29:21.0749   iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/29 17:29:21.0853   IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/29 17:29:22.0042   intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/29 17:29:22.0494   intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/29 17:29:22.0906   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/29 17:29:23.0376   IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/29 17:29:23.0744   IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/29 17:29:24.0155   IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/29 17:29:24.0624   isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/29 17:29:25.0065   iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/29 17:29:25.0596   kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/29 17:29:25.0892   kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/29 17:29:26.0167   KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/29 17:29:26.0739   KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/29 17:29:27.0407   lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/29 17:29:29.0249   LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/29 17:29:29.0599   LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/29 17:29:30.0126   LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/29 17:29:30.0530   LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/29 17:29:31.0029   luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/29 17:29:31.0424   megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/29 17:29:32.0249   MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/29 17:29:32.0739   Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/29 17:29:33.0309   monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/29 17:29:33.0653   mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/29 17:29:34.0515   mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/29 17:29:35.0237   mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/29 17:29:35.0665   mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/29 17:29:36.0216   mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/29 17:29:36.0923   MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/29 17:29:37.0785   mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/29 17:29:38.0381   mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/29 17:29:38.0741   mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/29 17:29:40.0520   msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/29 17:29:40.0930   msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/29 17:29:41.0443   Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/29 17:29:41.0748   mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/29 17:29:42.0012   msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/29 17:29:42.0767   MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/29 17:29:43.0368   MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/29 17:29:44.0059   MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/29 17:29:44.0624   MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/29 17:29:45.0138   mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/29 17:29:45.0575   MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/29 17:29:46.0338   MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/29 17:29:46.0983   Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/29 17:29:47.0680   NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/29 17:29:48.0520   NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/29 17:29:48.0813   NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/29 17:29:49.0424   NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/29 17:29:49.0900   Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/29 17:29:51.0751   NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/29 17:29:52.0321   NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/29 17:29:52.0594   NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/29 17:29:53.0290   NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/29 17:29:53.0818   nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/29 17:29:54.0158   Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/29 17:29:54.0450   nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/29 17:29:54.0943   Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/29 17:29:55.0492   NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/29 17:29:56.0073   Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/29 17:29:56.0611   nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/29 17:29:56.0890   nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/29 17:29:57.0371   nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/29 17:29:57.0547   ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/29 17:29:57.0773   Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/29 17:29:57.0821   partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/29 17:29:57.0847   Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/29 17:29:57.0924   PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2010/12/29 17:29:57.0980   pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/29 17:29:58.0035   pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/29 17:29:58.0078   pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/29 17:29:58.0119   pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/29 17:29:58.0167   PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/29 17:29:58.0547   PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/29 17:29:58.0698   Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/29 17:29:58.0876   Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/29 17:29:59.0067   PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/29 17:29:59.0220   ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/29 17:29:59.0392   ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/29 17:29:59.0505   QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/29 17:29:59.0539   RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/29 17:29:59.0655   RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/29 17:29:59.0703   Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/29 17:29:59.0753   RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/29 17:29:59.0804   RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/29 17:29:59.0855   rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/29 17:29:59.0910   rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/29 17:29:59.0949   RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/29 17:30:00.0000   RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/29 17:30:00.0063   RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/29 17:30:00.0105   RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/29 17:30:00.0153   RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/29 17:30:00.0200   rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/29 17:30:00.0533   Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2010/12/29 17:30:00.0657   rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/29 17:30:00.0713   rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
2010/12/29 17:30:00.0749   rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/29 17:30:00.0794   risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
2010/12/29 17:30:00.0828   rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/29 17:30:00.0876   rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
2010/12/29 17:30:00.0971   rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/29 17:30:01.0004   s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/29 17:30:01.0206   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/29 17:30:01.0277   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/29 17:30:01.0431   sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/29 17:30:01.0505   scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/29 17:30:01.0731   sdbus (e0a643c2446bd7d275ffe247191cd51c) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/29 17:30:02.0967   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/29 17:30:03.0459   Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/29 17:30:03.0749   Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/29 17:30:04.0282   sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/29 17:30:04.0818   sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/29 17:30:05.0142   sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/29 17:30:05.0637   sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/29 17:30:05.0841   sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/29 17:30:05.0965   sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/29 17:30:06.0006   SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/29 17:30:06.0050   SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/29 17:30:06.0118   Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/29 17:30:06.0186   spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/29 17:30:06.0424   srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/29 17:30:07.0097   srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/29 17:30:07.0383   srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/29 17:30:07.0701   stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/29 17:30:08.0022   STHDA (674be634b14a6c773d2f4f46b7a1628b) C:\Windows\system32\DRIVERS\stwrt.sys
2010/12/29 17:30:08.0353   storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/29 17:30:08.0534   storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/29 17:30:08.0648   swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/29 17:30:08.0873   Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/29 17:30:09.0010   TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/29 17:30:09.0075   tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/29 17:30:09.0184   TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/29 17:30:09.0225   TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/29 17:30:09.0264   tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/29 17:30:09.0324   TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/29 17:30:09.0436   tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/29 17:30:09.0549   tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/29 17:30:09.0606   uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/29 17:30:09.0666   udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/29 17:30:09.0754   uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/29 17:30:09.0817   umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/29 17:30:09.0850   UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/29 17:30:09.0930   usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/29 17:30:09.0988   usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/29 17:30:10.0022   usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/29 17:30:10.0061   usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/29 17:30:10.0164   usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/29 17:30:10.0257   usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/29 17:30:10.0447   usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/29 17:30:10.0522   USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/29 17:30:10.0596   usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/29 17:30:10.0663   vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/29 17:30:10.0709   vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/29 17:30:10.0752   VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/29 17:30:10.0789   vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/29 17:30:10.0904   viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/29 17:30:10.0926   ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/29 17:30:10.0966   viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/29 17:30:11.0029   vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/29 17:30:11.0062   VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/29 17:30:11.0095   volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/29 17:30:11.0145   volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/29 17:30:11.0215   volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/29 17:30:11.0298   vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/29 17:30:11.0361   vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/29 17:30:11.0409   vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/29 17:30:11.0451   WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/29 17:30:11.0523   WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/29 17:30:11.0547   Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/29 17:30:11.0626   WavxDMgr (52abd9e0e6f37eaae78097d9e2772208) C:\Windows\system32\DRIVERS\WavxDMgr.sys
2010/12/29 17:30:11.0703   Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/29 17:30:11.0747   Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/29 17:30:11.0818   WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/29 17:30:11.0845   WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/29 17:30:11.0950   WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/29 17:30:12.0020   WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/29 17:30:12.0093   ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/29 17:30:12.0167   WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/29 17:30:12.0238   WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/29 17:30:12.0378   ================================================================================
2010/12/29 17:30:12.0378   Scan finished
2010/12/29 17:30:12.0378   ================================================================================

Dr Jay · « **Reply #9 on:** December 31, 2010, 08:36:16 PM »

Looks fine.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

suzanangram · « **Reply #10 on:** January 02, 2011, 06:55:19 PM »

hey, sorry about my delays. there was no randomly named exe in that rku file. i did everything up to that point, but i can't go any further because the random file did not show up.

suzanangram · « **Reply #11 on:** January 02, 2011, 07:22:29 PM »

no, it's working.....stay tuned

suzanangram · « **Reply #12 on:** January 02, 2011, 08:12:21 PM »

there was an error and the program closed. that said, all of the files related to avg identity protection were "hooked". i'm going to run it again.

suzanangram · « **Reply #13 on:** January 02, 2011, 08:21:54 PM »

here goes!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x82CC55C1-->8FA25730 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x82CA5BCD-->8FA257E0 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x82CB8974-->8FA25880 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x82CCB645-->8FA25920 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x825DA27B-->8FA24CB0 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x826BCA78-->8FA24BF0 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0x825E6333-->8FA24C40 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x825F8533-->8FA24B60 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys]
==============================================
>Processes
==============================================
0x861A4AD8 [300] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x86C6ED40 [348] C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG IDS application)
0x86E619B0 [412] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x870CE5A0 [456] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x870E6390 [476] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x870EDD40 [488] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x87107670 [504] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x870F7D40 [564] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x87137D40 [572] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x870F69E0 [584] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x871598F0 [680] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x86D17368 [752] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87229D40 [972] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x87E37370 [1028] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc., Dell ControlPoint)
0x872B2D40 [1092] C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc., AFSS Service)
0x872BCAC0 [1120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87300D40 [1176] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87347D40 [1288] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87384BE8 [1340] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86216528 [1348] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x873894B0 [1376] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc., IDT PC Audio)
0x873C6918 [1560] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87750C38 [1600] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8732ED40 [1724] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8744AD40 [1868] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x87409C88 [1876] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x874091F8 [1884] C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
0x8740BD40 [1920] C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Dell Inc., DW WLAN Card Wireless Network Controller)
0x86C2AD40 [2020] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x877F5D40 [2076] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc., SMManager Application)
0x87806B58 [2184] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x878015C0 [2208] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8781F4D0 [2256] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x87829238 [2276] C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc., Dell ControlPoint - Button Service)
0x87850030 [2324] C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc., Dell ControlPoint - System Manager Service)
0x866CF260 [2364] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x866CF7D0 [2372] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)
0x87886D40 [2440] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x86CC2D40 [2548] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879264F0 [2664] C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp., TDM Service)
0x87D4E458 [2684] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc., IDT PC Audio)
0x86BA0030 [2836] C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation, Sink to receive asynchronous callbacks for WMI client application)
0x87E4F4D8 [2884] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc., Dell.UCM)
0x8740F030 [2932] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x86D9C3A0 [3012] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x8787CD40 [3040] C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o., AVG Alert Manager)
0x8787C400 [3060] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x87E18030 [3276] C:\Windows\System32\igfxext.exe (Intel Corporation, igfxext Module)
0x864D4030 [3404] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp., CyberLink PowerDVD Resident Program)
0x87DF5530 [3536] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0x87D5AD40 [3588] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation, Event Monitor User Notification Tool)
0x87D572B8 [3644] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x87D5A5C0 [3652] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x87D5DD40 [3672] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc., DW WLAN Card Wireless Network Tray Applet)
0x87B5DD40 [3720] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x87E633E8 [3908] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp., WavX Document Manager Application)
0x87811D40 [3928] C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation, Microsoft Office Word)
0x87E68AC0 [3940] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation, Dell Security Device and Task Status)
0x86215728 [3992] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x87BD6D40 [4040] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x87BDC6A8 [4076] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x873B05C8 [4208] C:\Program Files\Napster\napster.exe (Napster, Napster)
0x865DDD40 [4240] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x86494728 [4276] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x87456240 [4520] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x878DFB40 [4536] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x86CAAD40 [4756] C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o., AVG IDS application)
0x86237C08 [4768] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x879CF030 [4848] C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc., DCP System Manager)
0x86479D40 [4872] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Desktop Gadgets)
0x87D76630 [5044] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x87DBD520 [5236] C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp., TdmNotify Module)
0x84C38B38 [5280] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x86728D40 [5396] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x87DD32D8 [5860] C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd., ApMsgFwd)
0x87DD4030 [5944] C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0x8809A030 [5952] C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver for Windows NT/2000/XP/Vista)
0x87E3EB38 [6004] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x84A91558 [6220] C:\Windows\System32\DeviceDisplayObjectProvider.exe (Microsoft Corporation, Device Display Object Function Discovery Provider)
0x84D8C900 [6908] C:\Windows\System32\Dxpserver.exe (Microsoft Corporation, Device Stage Platform Server)
0x852C8D40 [7240] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85240D40 [7580] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x8762DD40 [7696] C:\Windows\System32\MustBeRandomlyNamed\2ceQX.exe (UG North, RKULE, SR2 Normandy)
0x85264540 [7940] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x849EFD40 [4] System
0x86347D40 [7588] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

suzanangram · « **Reply #14 on:** January 02, 2011, 08:22:39 PM »

>Drivers
==============================================
0x8F035000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6430720 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A44000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A44000 PnpManager 4259840 bytes
0x82A44000 RAW 4259840 bytes
0x82A44000 WMIxWDM 4259840 bytes
0x8FE3A000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2674688 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x82570000 Win32k 2404352 bytes
0x82570000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88E3B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x88C2E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x89047000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x88A04000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F657000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88B36000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x886D3000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x97155000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x97004000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88600000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8877E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8FA34000 C:\Windows\system32\DRIVERS\stwrt.sys 425984 bytes (IDT, Inc., IDT PC Audio)
0x8E410000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88D9B000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8DC9E000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xACA61000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xACA12000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82420000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F752000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x888C4000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88802000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8E5BA000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8E565000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88691000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x900D1000 C:\Windows\system32\DRIVERS\b57nd60x.sys 266240 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0x8DDA2000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8FB1C000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x88FBE000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88953000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x970FF000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8DC32000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x90180000 C:\Windows\system32\DRIVERS\Apfiltr.sys 233472 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8F70E000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8FB95000 C:\Windows\system32\DRIVERS\WavxDMgr.sys 229376 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0x82A0D000 ACPI_HAL 225280 bytes
0x82A0D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8E4A0000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x88AE7000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E523000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x889B6000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8DC6C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88F84000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FA9C000 C:\Windows\system32\DRIVERS\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8890F000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x88E08000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x90112000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x88D5D000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xACABA000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8885B000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x97089000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8900D000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88991000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8FAE4000 C:\Windows\system32\drivers\IntcHdmi.sys 143360 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0x970DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F000000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8DD7A000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8DC0C000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E4D4000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89178000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xACBC5000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8913F000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F7AC000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8DCFF000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82400000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FB7A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9713A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xACB4E000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8FBCD000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x970B1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FACB000 C:\Windows\system32\DRIVERS\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9013E000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8E474000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90168000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F7CB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F7E3000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E4F5000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E50C000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x891D7000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0xACBAF000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8893D000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xACB7D000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88D88000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8FA10000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DD57000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FE1F000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8FE00000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x970CA000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x889E8000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FB69000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88B1B000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E5A9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88890000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88678000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90157000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8DD1E000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8FBE7000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88BED000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8FA00000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8DD6A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x888B4000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F79D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E48C000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8DD2F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x891C9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88C00000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8E557000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x887EF000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8FE12000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8FB5C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x901C6000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x901B9000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xACA05000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89199000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x89032000 C:\Windows\System32\Drivers\avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8DC00000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8916C000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x888A9000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0xACB72000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACAE4000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0xACB99000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x891BE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x901F0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88C17000 C:\Windows\system32\DRIVERS\PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0x891EE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8F747000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88885000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8E400000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8FB07000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8DDED000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DDE3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88B2C000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F022000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x971EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xACB68000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x900C7000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x88ADE000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xACBEF000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8FA23000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8903E000 C:\Windows\System32\Drivers\AVGIDSwx.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x88C0E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xACB00000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x827D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88FB5000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0xACB38000 C:\Windows\system32\DRIVERS\WinUsb.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x901E7000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8884A000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xACAB2000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
0x88689000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x888A1000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x88C22000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC3000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0xACAEF000 C:\Windows\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x88853000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x891A6000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x891AE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x891B6000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88E00000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89165000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x971F6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xACB92000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x8915E000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DCF8000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E49A000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x901DD000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DD9C000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x901E3000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x901FB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xACB90000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00820000 Hidden Image-->SmithMicro.Message.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 118784 bytes
0x005E0000 Hidden Image-->SmithMicro.Common.dll [ EPROCESS 0x87E37370 ] PID: 1028, 143360 bytes
0x06390000 Hidden Image-->SmithMicro.Common.dll [ EPROCESS 0x87E37370 ] PID: 1028, 143360 bytes
0x00600000 Hidden Image-->SmithMicro.Common.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 143360 bytes
0x01AB0000 Hidden Image-->SMBIOSController.dll [ EPROCESS 0x877F5D40 ] PID: 2076, 188416 bytes
0x05370000 Hidden Image-->Dell.UCM.Plugin.dll [ EPROCESS 0x87E37370 ] PID: 1028, 217088 bytes
0x03C20000 Hidden Image-->SmithMicro.Application.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 249856 bytes
0x00A80000 Hidden Image-->Dell.DcpPlugin.dll [ EPROCESS 0x87E37370 ] PID: 1028, 28672 bytes
0x03D80000 Hidden Image-->Interop.Wavx_PluginManagerLib.dll [ EPROCESS 0x87E68AC0 ] PID: 3940, 28672 bytes
0x04A60000 Hidden Image-->Interop.Wavx_PluginManagerLib.dll [ EPROCESS 0x87E68AC0 ] PID: 3940, 28672 bytes
0x05300000 Hidden Image-->PrebootManager.dll [ EPROCESS 0x87E68AC0 ] PID: 3940, 307200 bytes
0x04C10000 Hidden Image-->Dell.SystemOverview.Plugin.dll [ EPROCESS 0x87E37370 ] PID: 1028, 339968 bytes
0x045B0000 Hidden Image-->Dell.SharedUI.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 3919872 bytes
0x04B30000 Hidden Image-->SmithMicro.VpnController.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 45056 bytes
0x058E0000 Hidden Image-->SmithMicro.AsyncOperations.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 45056 bytes
0x04CD0000 Hidden Image-->Interop.PBMCredentialManager.dll [ EPROCESS 0x87E68AC0 ] PID: 3940, 45056 bytes
0x055D0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x8740BD40 ] PID: 1920, 5148672 bytes
0x03D40000 Hidden Image-->SmithMicro.Controls.dll [ EPROCESS 0x87E37370 ] PID: 1028, 569344 bytes
0x06FD0000 Hidden Image-->SmithMicro.Controls.dll [ EPROCESS 0x87E37370 ] PID: 1028, 569344 bytes
0x03B90000 Hidden Image-->SmithMicro.Controls.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 569344 bytes
0x04130000 Hidden Image-->SmithMicro.Message.XmlSerializers.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 585728 bytes
0xACB0EF2E Unknown thread object [ ETHREAD 0x8566F020 ] , 600 bytes
0xACB0EF2E Unknown thread object [ ETHREAD 0x87D78AA8 ] , 600 bytes
0x04D40000 Hidden Image-->VpnWrapper.dll [ EPROCESS 0x87E4F4D8 ] PID: 2884, 65536 bytes
0x03F50000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8740BD40 ] PID: 1920, 77824 bytes
0x01960000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87D5DD40 ] PID: 3672, 77824 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
[1624]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77ADF625-->00000000 [firefox.exe]
[2492]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x77104B3B-->00000000 [xul.dll]
[3928]WINWORD.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3928]WINWORD.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[3928]WINWORD.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x772A3162-->00000000 [MSO.DLL]
[3928]WINWORD.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Computer Hope Forum

News:

Author Topic: white smoke translator help! (Read 14862 times)

suzanangram

white smoke translator help!

Dr Jay

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

Dr Jay

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

Dr Jay

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

Dr Jay

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!

suzanangram

Re: white smoke translator help!