Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Running super slow, intermittent internet, testendonline popups, shop

Started by Maxihup , Nov 10 2011 09:18 PM

  • This topic is locked This topic is locked

#46
maliprog
Posted 23 November 2011 - 01:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looks like infection is back :(... OK. We have work to do.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Dr.Web log
It would be helpful if you could post each log in separate post
  • 0

Advertisements

#47
Maxihup
Posted 25 November 2011 - 07:31 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
No OTL log was saved

Getting warnings of Mal_Xed-24 virus on restart.

Getting dialog box: privacy.exe has encountered an error and needs to close.


Dr. Web log in next post
  • 0

#48
Maxihup
Posted 25 November 2011 - 07:32 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Process in memory: C:\WINDOWS\system32\svchost.exe:252;;BackDoor.Tdss.565;Eradicated.;
otl.exe;c:\documents and settings\user1\desktop;Trojan.Siggen3.20406;Incurable.Moved.;
Process in memory: C:\WINDOWS\System32\ping.exe:964;;BackDoor.Tdss.565;Eradicated.;
htt1961.tmp;C:\Program Files\Trend Micro\OfficeScan Client\Temp\TmpxTmp;Trojan.Siggen2.49458;Incurable.Moved.;
A0003046.exe;C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2;Trojan.Siggen3.20406;Incurable.Moved.;
OHopb2gG.com;C:\WINDOWS\system32;Trojan.MulDrop3.16237;Deleted.;
setup.exe;C:\WINDOWS\temp\udtouc;Trojan.MulDrop3.16237;Deleted.;
  • 0

#49
maliprog
Posted 26 November 2011 - 05:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Process in memory: C:\WINDOWS\system32\svchost.exe:252;;BackDoor.Tdss.565;Eradicated.;


Infection is definitely back. Let's rescan system to see what we have here...

Step 1

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will create C:\DiskReport.txt log please post results from that log here to me.

Step 2

Please download new version of Combofix and run it as you did before. Post log after the scan.

Step 3

Please don't forget to include these items in your reply:

  • DiskReport.txt
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#50
Maxihup
Posted 26 November 2011 - 08:30 AM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Can you attach GetPartitions.bat here. I am unable to download it.
  • 0

#51
maliprog
Posted 26 November 2011 - 04:10 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Of yourse I can. Here it is:

Attached Files


  • 0

#52
Maxihup
Posted 26 November 2011 - 04:17 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Looks like that privacy.exe is part of a scareware virus. It has an icon on my desktop as well.

GetPartition log:


Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.
On computer: L1

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 F DVD-ROM 0 B
Volume 2 E DVD-ROM 0 B
Volume 3 G DVD-ROM 0 B
Volume 4 C XP-042809 NTFS Partition 149 GB Healthy System






No I do not have 4 DVD drives

Running combofix now

Edited by Maxihup, 26 November 2011 - 04:20 PM.

  • 0

#53
Maxihup
Posted 26 November 2011 - 07:41 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Combofix found rootkit and rebooted, It scanned again, rebooted and produced this log:

ComboFix 11-11-26.04 - user1 11/26/2011 18:47:47.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1414 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\privacy.exe
c:\documents and settings\All Users\Desktop\Privacy Protection.lnk
c:\windows\$NtUninstallKB18020$\3095921390
c:\windows\$NtUninstallKB18020$\925200705\@
c:\windows\$NtUninstallKB18020$\925200705\bckfg.tmp
c:\windows\$NtUninstallKB18020$\925200705\cfg.ini
c:\windows\$NtUninstallKB18020$\925200705\Desktop.ini
c:\windows\$NtUninstallKB18020$\925200705\kwrd.dll
c:\windows\$NtUninstallKB18020$\925200705\L\cbnuiuud
c:\windows\$NtUninstallKB18020$\925200705\lsflt7.ver
c:\windows\$NtUninstallKB18020$\925200705\U\00000001.@
c:\windows\$NtUninstallKB18020$\925200705\U\00000002.@
c:\windows\$NtUninstallKB18020$\925200705\U\00000004.@
c:\windows\$NtUninstallKB18020$\925200705\U\80000000.@
c:\windows\$NtUninstallKB18020$\925200705\U\80000004.@
c:\windows\$NtUninstallKB18020$\925200705\U\80000032.@
c:\windows\CSC\d6
c:\windows\svcs.exe
c:\windows\system32\0.35658658577462654.exe
c:\windows\system32\0.49672985443144646.exe
c:\windows\system32\6to4ex.dll
c:\windows\$NtUninstallKB18020$ . . . . Failed to delete
.
c:\windows\system32\upnphost.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_NetworkLog
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2067-05-27 20:16 . 2011-11-08 15:56 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-22 03:35 . 2003-06-05 22:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2011-11-26 12:22 . 2011-11-26 12:23 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-11-25 22:30 . 2011-11-25 22:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-25 16:01 . 2011-11-25 17:36 -------- d-----w- c:\documents and settings\user1\DoctorWeb
2011-11-25 15:37 . 2011-11-25 15:37 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\uTorrent
2011-11-23 15:06 . 2011-11-23 15:06 -------- d-----w- C:\_OTL
2011-11-22 19:08 . 2004-03-09 22:45 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-21 14:34 . 2011-11-21 14:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-21 14:32 . 2011-11-21 14:32 -------- d-----w- c:\documents and settings\user1\Application Data\Itsth
2011-11-21 14:31 . 2011-11-21 14:31 -------- d-----w- c:\program files\Easy2Sync for Outlook
2011-11-21 14:26 . 2011-11-21 14:26 3584 ----a-r- c:\documents and settings\user1\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-21 14:26 . 2011-11-21 14:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-17 14:24 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\54562378.sys
2011-11-17 02:24 . 2011-11-17 02:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-16 23:06 . 2011-11-16 23:06 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2011-11-16 15:14 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\82388117.sys
2011-11-16 14:42 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\42497254.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-10 20:18 . 2011-11-10 20:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-10 20:18 . 2011-11-10 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-11-10 20:04 . 2011-11-10 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-09 03:30 . 2011-11-25 15:41 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----w- c:\program files\Common Files\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----r- c:\program files\Skype
2011-11-09 03:13 . 2011-11-09 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\German\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\French\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 389120 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\english\Insect\ModText.dll
2011-11-05 02:21 . 2010-07-07 01:36 301696 ----a-w- c:\windows\system32\UCI32A59.dll
2011-11-05 01:57 . 2011-11-05 01:57 -------- d-----w- c:\documents and settings\user1\TruePianos Settings
2011-11-05 01:55 . 2011-11-05 01:56 -------- d-----w- c:\documents and settings\user1\Application Data\Cakewalk
2011-11-05 01:53 . 2011-11-05 01:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Digidesign
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2011-11-05 01:51 . 2011-11-05 01:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-11-05 01:50 . 2011-11-05 01:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Native Instruments
2011-11-05 01:21 . 2006-02-24 14:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-11-05 01:21 . 2006-02-24 14:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\program files\Cakewalk
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2011-11-04 22:59 . 2011-11-04 23:18 -------- d-----w- c:\documents and settings\user1\Application Data\ImgBurn
2011-11-04 22:50 . 2011-11-04 22:50 -------- d-----w- c:\program files\ImgBurn
2011-11-03 03:18 . 2011-11-03 03:18 -------- d-----w- c:\documents and settings\user1\Application Data\Voxatron
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:17 . 2011-09-20 17:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-08-31 23:00 . 2009-06-10 18:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 03:08 . 2011-10-18 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-17 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 09:42 . 022A00180AE900C90AA9BA5DE8BD961C . 185856 . . [------] . . c:\windows\system32\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-25 642424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-12-30 874832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3776512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user1\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 08:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-11 15:17 172032 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\user1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:RAdmin
"48900:UDP"= 48900:UDP:RAdmin-UDP
"54601:TCP"= 54601:TCP:Trend Micro OfficeScan Listener
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 42497254;42497254;c:\windows\system32\drivers\42497254.sys [11/16/2011 8:42 AM 133208]
R0 54562378;54562378;c:\windows\system32\drivers\54562378.sys [11/17/2011 8:24 AM 133208]
R1 82388117;82388117;c:\windows\system32\drivers\82388117.sys [11/16/2011 9:14 AM 133208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 2:48 AM 1680632]
R2 DB2MGMTSVC_TAEVAL10;DB2 Management Service (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe [11/6/2006 6:33 PM 35880]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 2:53 AM 98304]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 7:32 AM 3576320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/2/2010 12:19 PM 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 7:42 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 7:42 PM 36624]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/17/2008 8:34 AM 243856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/23/2010 3:25 PM 28160]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/23/2009 7:21 AM 341584]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [1/23/2009 7:17 AM 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [1/23/2009 7:17 AM 689416]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [5/14/2009 4:19 PM 33920]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 2:52 AM 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/7/2009 2:26 AM 482176]
S3 DB2NTSECSERVER_TAEVAL10;DB2 Security Server (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe [11/6/2006 6:35 PM 14376]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/8/2009 10:01 AM 10752]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 2:55 AM 118784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/16/2011 8:24 PM 41272]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 6:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [8/10/2011 10:53 PM 229376]
S4 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CWBNETNT
*NewlyCreated* - MDM
*NewlyCreated* - OSE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:34]
.
2011-11-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-20 20:43]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hyperionics.com/index.asp?Page=hsdx/changelog.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 19:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5148)
c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\program files\Common Files\New Boundary\PrismXL\PrismXL.sys
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-26 19:31:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 01:31
.
Pre-Run: 95,641,882,624 bytes free
Post-Run: 96,161,468,416 bytes free
.
- - End Of File - - F4A2143D0F7D659F0289BEE173EAA83C

Edited by Maxihup, 26 November 2011 - 07:45 PM.

  • 0

#54
maliprog
Posted 28 November 2011 - 12:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Combofix did good job but there are still infected files and we need to find it.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2


Please download and run BDRemovalTool from Here
Please write his findings for me and remove everything it founds.

Step 3


Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4


Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.
Step 5


Please don't forget to include these items in your reply:


  • TDSSKiller log
  • BDRemoval report
  • aswMBR log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#55
Maxihup
Posted 28 November 2011 - 04:13 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
TDSSKiller log below. Nothing found, no reboot needed:

6:09:33.0984 2116 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:09:35.0171 2116 ============================================================
16:09:35.0171 2116 Current date / time: 2011/11/28 16:09:35.0171
16:09:35.0171 2116 SystemInfo:
16:09:35.0171 2116
16:09:35.0171 2116 OS Version: 5.1.2600 ServicePack: 3.0
16:09:35.0171 2116 Product type: Workstation
16:09:35.0171 2116 ComputerName: L1
16:09:35.0171 2116 UserName: user1
16:09:35.0171 2116 Windows directory: C:\WINDOWS
16:09:35.0171 2116 System windows directory: C:\WINDOWS
16:09:35.0171 2116 Processor architecture: Intel x86
16:09:35.0171 2116 Number of processors: 2
16:09:35.0171 2116 Page size: 0x1000
16:09:35.0171 2116 Boot type: Normal boot
16:09:35.0171 2116 ============================================================
16:09:36.0000 2116 Initialize success
16:09:39.0484 4276 ============================================================
16:09:39.0484 4276 Scan started
16:09:39.0484 4276 Mode: Manual;
16:09:39.0484 4276 ============================================================
16:09:44.0218 4276 42497254 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\42497254.sys
16:09:44.0296 4276 42497254 - ok
16:09:44.0437 4276 54562378 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\54562378.sys
16:09:44.0531 4276 54562378 - ok
16:09:44.0625 4276 82388117 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\82388117.sys
16:09:44.0765 4276 82388117 - ok
16:09:44.0796 4276 Abiosdsk - ok
16:09:44.0843 4276 abp480n5 - ok
16:09:44.0937 4276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:09:44.0953 4276 ACPI - ok
16:09:45.0031 4276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:09:45.0062 4276 ACPIEC - ok
16:09:45.0093 4276 adpu160m - ok
16:09:45.0203 4276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:09:45.0265 4276 aec - ok
16:09:45.0312 4276 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
16:09:45.0359 4276 AFD - ok
16:09:45.0484 4276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:09:45.0546 4276 agp440 - ok
16:09:45.0671 4276 Aha154x - ok
16:09:45.0750 4276 aic78u2 - ok
16:09:45.0781 4276 aic78xx - ok
16:09:45.0828 4276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:09:45.0843 4276 AliIde - ok
16:09:45.0875 4276 amsint - ok
16:09:45.0968 4276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:09:46.0015 4276 Arp1394 - ok
16:09:46.0046 4276 asc - ok
16:09:46.0093 4276 asc3350p - ok
16:09:46.0218 4276 asc3550 - ok
16:09:46.0375 4276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:09:46.0390 4276 AsyncMac - ok
16:09:46.0515 4276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:09:46.0546 4276 atapi - ok
16:09:46.0625 4276 Atdisk - ok
16:09:46.0906 4276 ati2mtag (2b6f1b90dd34910f329b5a655140032b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:09:47.0328 4276 ati2mtag - ok
16:09:47.0500 4276 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:09:47.0531 4276 atksgt - ok
16:09:47.0625 4276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:09:47.0640 4276 Atmarpc - ok
16:09:47.0796 4276 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
16:09:47.0828 4276 ATSwpWDF - ok
16:09:47.0953 4276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:09:47.0953 4276 audstub - ok
16:09:48.0046 4276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:09:48.0062 4276 Beep - ok
16:09:48.0109 4276 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
16:09:48.0109 4276 BrScnUsb - ok
16:09:48.0140 4276 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
16:09:48.0156 4276 BrSerIf - ok
16:09:48.0187 4276 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
16:09:48.0203 4276 BrUsbSer - ok
16:09:48.0281 4276 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:09:48.0406 4276 BTKRNL - ok
16:09:48.0453 4276 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
16:09:48.0468 4276 BTWUSB - ok
16:09:48.0484 4276 catchme - ok
16:09:48.0515 4276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:09:48.0531 4276 cbidf2k - ok
16:09:48.0562 4276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:09:48.0578 4276 CCDECODE - ok
16:09:48.0593 4276 cd20xrnt - ok
16:09:48.0625 4276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:09:48.0640 4276 Cdaudio - ok
16:09:48.0703 4276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:09:48.0718 4276 Cdfs - ok
16:09:48.0734 4276 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:09:48.0765 4276 Cdrom - ok
16:09:48.0765 4276 Changer - ok
16:09:48.0828 4276 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:09:48.0843 4276 CmBatt - ok
16:09:48.0890 4276 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:09:48.0890 4276 CmdIde - ok
16:09:48.0968 4276 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys
16:09:49.0031 4276 CnxtHdAudService - ok
16:09:49.0078 4276 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:09:49.0093 4276 Compbatt - ok
16:09:49.0109 4276 Cpqarray - ok
16:09:49.0125 4276 dac2w2k - ok
16:09:49.0140 4276 dac960nt - ok
16:09:49.0171 4276 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
16:09:49.0187 4276 Disk - ok
16:09:49.0250 4276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:09:49.0312 4276 dmboot - ok
16:09:49.0312 4276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:09:49.0343 4276 dmio - ok
16:09:49.0375 4276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:09:49.0390 4276 dmload - ok
16:09:49.0484 4276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:09:49.0500 4276 DMusic - ok
16:09:49.0515 4276 dpti2o - ok
16:09:49.0562 4276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:09:49.0562 4276 drmkaud - ok
16:09:49.0671 4276 e1express (33dc2a5b6298633f4dd8e4d407cdf8b4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:09:49.0687 4276 e1express - ok
16:09:49.0796 4276 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
16:09:49.0828 4276 e1yexpress - ok
16:09:49.0906 4276 f5ipfw (06babcfbe83453d1673878afa5d5b8c2) C:\WINDOWS\system32\drivers\urfltw2k.sys
16:09:49.0921 4276 f5ipfw - ok
16:09:49.0968 4276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:09:50.0000 4276 Fastfat - ok
16:09:50.0031 4276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:09:50.0046 4276 Fdc - ok
16:09:50.0078 4276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:09:50.0093 4276 Fips - ok
16:09:50.0109 4276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:09:50.0125 4276 Flpydisk - ok
16:09:50.0187 4276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:09:50.0203 4276 FltMgr - ok
16:09:50.0234 4276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:09:50.0250 4276 Fs_Rec - ok
16:09:50.0250 4276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:09:50.0281 4276 Ftdisk - ok
16:09:50.0343 4276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:09:50.0359 4276 GEARAspiWDM - ok
16:09:50.0406 4276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:09:50.0437 4276 Gpc - ok
16:09:50.0500 4276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:09:50.0515 4276 HDAudBus - ok
16:09:50.0578 4276 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
16:09:50.0593 4276 HECI - ok
16:09:50.0656 4276 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:09:50.0656 4276 hidusb - ok
16:09:50.0671 4276 hpn - ok
16:09:50.0718 4276 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:09:50.0765 4276 HPZid412 - ok
16:09:50.0796 4276 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:09:50.0812 4276 HPZipr12 - ok
16:09:50.0843 4276 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:09:50.0859 4276 HPZius12 - ok
16:09:50.0921 4276 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:09:50.0953 4276 HSFHWAZL - ok
16:09:50.0968 4276 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:09:51.0109 4276 HSF_DPV - ok
16:09:51.0171 4276 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:09:51.0203 4276 HTTP - ok
16:09:51.0218 4276 i2omgmt - ok
16:09:51.0218 4276 i2omp - ok
16:09:51.0265 4276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:09:51.0281 4276 i8042prt - ok
16:09:51.0546 4276 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:09:51.0937 4276 ialm - ok
16:09:52.0062 4276 iaStor (abfebc5f846c71afebd7f8f6ba740c03) C:\WINDOWS\system32\Drivers\iaStor.sys
16:09:52.0062 4276 iaStor - ok
16:09:52.0125 4276 IBMPMDRV (ff2dbf3b183516eec87dad241ec50e7a) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
16:09:52.0140 4276 IBMPMDRV - ok
16:09:52.0203 4276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:09:52.0218 4276 Imapi - ok
16:09:52.0234 4276 ini910u - ok
16:09:52.0312 4276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:09:52.0328 4276 IntelIde - ok
16:09:52.0343 4276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:09:52.0343 4276 intelppm - ok
16:09:52.0375 4276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:09:52.0406 4276 Ip6Fw - ok
16:09:52.0421 4276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:09:52.0437 4276 IpFilterDriver - ok
16:09:52.0453 4276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:09:52.0468 4276 IpInIp - ok
16:09:52.0500 4276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:09:52.0515 4276 IpNat - ok
16:09:52.0546 4276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:09:52.0593 4276 IPSec - ok
16:09:52.0640 4276 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
16:09:52.0687 4276 irda - ok
16:09:52.0750 4276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:09:52.0781 4276 IRENUM - ok
16:09:52.0828 4276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:09:52.0921 4276 isapnp - ok
16:09:53.0000 4276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:09:53.0031 4276 Kbdclass - ok
16:09:53.0093 4276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:09:53.0125 4276 kbdhid - ok
16:09:53.0203 4276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:09:53.0218 4276 kmixer - ok
16:09:53.0281 4276 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
16:09:53.0312 4276 KSecDD - ok
16:09:53.0328 4276 lbrtfdc - ok
16:09:53.0375 4276 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\drivers\libusb0.sys
16:09:53.0406 4276 libusb0 - ok
16:09:53.0468 4276 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:09:53.0500 4276 lirsgt - ok
16:09:53.0593 4276 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:09:53.0625 4276 MBAMSwissArmy - ok
16:09:53.0734 4276 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
16:09:54.0000 4276 mcdbus - ok
16:09:54.0125 4276 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:09:54.0140 4276 mdmxsdk - ok
16:09:54.0203 4276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:09:54.0203 4276 mnmdd - ok
16:09:54.0281 4276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:09:54.0296 4276 Modem - ok
16:09:54.0375 4276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:09:54.0390 4276 Mouclass - ok
16:09:54.0437 4276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:09:54.0453 4276 mouhid - ok
16:09:54.0468 4276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:09:54.0484 4276 MountMgr - ok
16:09:54.0484 4276 mraid35x - ok
16:09:54.0500 4276 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:09:54.0515 4276 MRxDAV - ok
16:09:54.0609 4276 MRxSmb (6b57a9489b4bf60213a25a3ba86050b2) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:09:54.0640 4276 MRxSmb - ok
16:09:54.0656 4276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:09:54.0671 4276 Msfs - ok
16:09:54.0734 4276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:09:54.0750 4276 MSKSSRV - ok
16:09:54.0796 4276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:09:54.0812 4276 MSPCLOCK - ok
16:09:54.0843 4276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:09:54.0843 4276 MSPQM - ok
16:09:54.0921 4276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:09:54.0921 4276 mssmbios - ok
16:09:54.0953 4276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:09:54.0968 4276 MSTEE - ok
16:09:55.0000 4276 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
16:09:55.0031 4276 Mup - ok
16:09:55.0078 4276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:09:55.0109 4276 NABTSFEC - ok
16:09:55.0187 4276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:09:55.0218 4276 NDIS - ok
16:09:55.0265 4276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:09:55.0281 4276 NdisIP - ok
16:09:55.0312 4276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:09:55.0328 4276 NdisTapi - ok
16:09:55.0343 4276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:09:55.0359 4276 Ndisuio - ok
16:09:55.0359 4276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:09:55.0390 4276 NdisWan - ok
16:09:55.0406 4276 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:09:55.0421 4276 NDProxy - ok
16:09:55.0453 4276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:09:55.0468 4276 NetBIOS - ok
16:09:55.0500 4276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:09:55.0515 4276 NetBT - ok
16:09:55.0703 4276 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:09:55.0859 4276 NETw5x32 - ok
16:09:55.0937 4276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:09:55.0937 4276 NIC1394 - ok
16:09:56.0000 4276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:09:56.0015 4276 Npfs - ok
16:09:56.0078 4276 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
16:09:56.0125 4276 NSCIRDA - ok
16:09:56.0140 4276 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
16:09:56.0218 4276 Ntfs - ok
16:09:56.0281 4276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:09:56.0312 4276 Null - ok
16:09:56.0343 4276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:09:56.0375 4276 NwlnkFlt - ok
16:09:56.0390 4276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:09:56.0437 4276 NwlnkFwd - ok
16:09:56.0484 4276 ohci1394 (29afb382b68bfd768651a68b12a550a5) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:09:56.0500 4276 ohci1394 - ok
16:09:56.0562 4276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:09:56.0578 4276 Parport - ok
16:09:56.0593 4276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:09:56.0593 4276 PartMgr - ok
16:09:56.0640 4276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:09:56.0640 4276 ParVdm - ok
16:09:56.0687 4276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:09:56.0703 4276 PCI - ok
16:09:56.0718 4276 PCIDump - ok
16:09:56.0750 4276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:09:56.0765 4276 PCIIde - ok
16:09:56.0765 4276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:09:56.0781 4276 Pcmcia - ok
16:09:56.0796 4276 PDCOMP - ok
16:09:56.0812 4276 PDFRAME - ok
16:09:56.0812 4276 PDRELI - ok
16:09:56.0828 4276 PDRFRAME - ok
16:09:56.0843 4276 perc2 - ok
16:09:56.0843 4276 perc2hib - ok
16:09:56.0875 4276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:09:56.0890 4276 PptpMiniport - ok
16:09:56.0921 4276 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:09:56.0937 4276 psadd - ok
16:09:56.0937 4276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:09:56.0953 4276 PSched - ok
16:09:57.0000 4276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:09:57.0015 4276 Ptilink - ok
16:09:57.0078 4276 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:09:57.0093 4276 PxHelp20 - ok
16:09:57.0093 4276 ql1080 - ok
16:09:57.0125 4276 Ql10wnt - ok
16:09:57.0140 4276 ql12160 - ok
16:09:57.0156 4276 ql1240 - ok
16:09:57.0156 4276 ql1280 - ok
16:09:57.0218 4276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:09:57.0234 4276 RasAcd - ok
16:09:57.0281 4276 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:09:57.0312 4276 Rasirda - ok
16:09:57.0343 4276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:09:57.0359 4276 Rasl2tp - ok
16:09:57.0375 4276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:09:57.0390 4276 RasPppoe - ok
16:09:57.0421 4276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:09:57.0437 4276 Raspti - ok
16:09:57.0515 4276 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:09:57.0531 4276 Rdbss - ok
16:09:57.0593 4276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:09:57.0609 4276 RDPCDD - ok
16:09:57.0671 4276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:09:57.0703 4276 rdpdr - ok
16:09:57.0765 4276 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
16:09:57.0781 4276 RDPWD - ok
16:09:57.0828 4276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:09:57.0843 4276 redbook - ok
16:09:57.0906 4276 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:09:57.0937 4276 rimmptsk - ok
16:09:57.0937 4276 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:09:57.0968 4276 rimsptsk - ok
16:09:58.0015 4276 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:09:58.0031 4276 RimVSerPort - ok
16:09:58.0093 4276 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:09:58.0109 4276 rismxdp - ok
16:09:58.0171 4276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:09:58.0187 4276 ROOTMODEM - ok
16:09:58.0250 4276 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:09:58.0281 4276 rspndr - ok
16:09:58.0453 4276 SASDIFSV - ok
16:09:58.0468 4276 SASKUTIL - ok
16:09:58.0578 4276 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:09:58.0593 4276 sdbus - ok
16:09:58.0656 4276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:09:58.0671 4276 Secdrv - ok
16:09:58.0687 4276 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:09:58.0703 4276 Serenum - ok
16:09:58.0703 4276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:09:58.0750 4276 Serial - ok
16:09:58.0796 4276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:09:58.0812 4276 Sfloppy - ok
16:09:58.0828 4276 Simbad - ok
16:09:58.0906 4276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:09:58.0937 4276 SLIP - ok
16:09:58.0953 4276 Sparrow - ok
16:09:59.0046 4276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:09:59.0078 4276 splitter - ok
16:09:59.0156 4276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:09:59.0203 4276 sr - ok
16:09:59.0250 4276 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
16:09:59.0406 4276 Srv - ok
16:09:59.0484 4276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:09:59.0500 4276 streamip - ok
16:09:59.0546 4276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:09:59.0546 4276 swenum - ok
16:09:59.0609 4276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:09:59.0625 4276 swmidi - ok
16:09:59.0625 4276 symc810 - ok
16:09:59.0640 4276 symc8xx - ok
16:09:59.0656 4276 sym_hi - ok
16:09:59.0671 4276 sym_u3 - ok
16:09:59.0734 4276 SynTP (820d28f30ac01ce86860a35dcc7bfaab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:09:59.0750 4276 SynTP - ok
16:09:59.0812 4276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:09:59.0828 4276 sysaudio - ok
16:09:59.0906 4276 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:09:59.0968 4276 Tcpip - ok
16:10:00.0062 4276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:10:00.0093 4276 TDPIPE - ok
16:10:00.0156 4276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:10:00.0171 4276 TDTCP - ok
16:10:00.0250 4276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:10:00.0296 4276 TermDD - ok
16:10:00.0406 4276 tmactmon (0868d7c7a793987dc9a1e3a3b6904466) C:\WINDOWS\system32\drivers\tmactmon.sys
16:10:00.0421 4276 tmactmon - ok
16:10:00.0468 4276 tmcfw (61a50f88d4794e61ff0ae465acfdafb5) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
16:10:00.0515 4276 tmcfw - ok
16:10:00.0593 4276 tmcomm (c4ddce6124bf6a711ab14d8153eac61d) C:\WINDOWS\system32\drivers\tmcomm.sys
16:10:00.0609 4276 tmcomm - ok
16:10:00.0640 4276 tmevtmgr (63660bb99905a6d78024467b3ec022a1) C:\WINDOWS\system32\drivers\tmevtmgr.sys
16:10:00.0656 4276 tmevtmgr - ok
16:10:00.0796 4276 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
16:10:00.0843 4276 TmFilter - ok
16:10:00.0906 4276 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:10:00.0921 4276 TmPreFilter - ok
16:10:01.0062 4276 tmtdi (5f7f63884a8547981ee379b8c0fb3312) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
16:10:01.0062 4276 tmtdi - ok
16:10:01.0140 4276 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:10:01.0171 4276 TosIde - ok
16:10:01.0234 4276 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
16:10:01.0265 4276 tpm - ok
16:10:01.0328 4276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:10:01.0375 4276 Udfs - ok
16:10:01.0390 4276 ultra - ok
16:10:01.0484 4276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:10:01.0562 4276 Update - ok
16:10:01.0640 4276 urvpndrv (e6264b89c494d2efbf0a51629089da0e) C:\WINDOWS\system32\DRIVERS\covpndrv.sys
16:10:01.0671 4276 urvpndrv - ok
16:10:01.0734 4276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:10:01.0765 4276 USBAAPL - ok
16:10:01.0812 4276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:10:01.0859 4276 usbaudio - ok
16:10:01.0906 4276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:10:01.0937 4276 usbccgp - ok
16:10:02.0000 4276 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:10:02.0031 4276 usbehci - ok
16:10:02.0125 4276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:10:02.0171 4276 usbhub - ok
16:10:02.0281 4276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:10:02.0312 4276 usbprint - ok
16:10:02.0406 4276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:10:02.0437 4276 usbscan - ok
16:10:02.0500 4276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:10:02.0531 4276 USBSTOR - ok
16:10:02.0578 4276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:10:02.0609 4276 usbuhci - ok
16:10:02.0671 4276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:10:02.0718 4276 usbvideo - ok
16:10:02.0765 4276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:10:02.0781 4276 VgaSave - ok
16:10:02.0843 4276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:10:02.0875 4276 ViaIde - ok
16:10:02.0906 4276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:10:02.0953 4276 VolSnap - ok
16:10:03.0140 4276 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
16:10:03.0281 4276 VSApiNt - ok
16:10:03.0421 4276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:10:03.0468 4276 Wanarp - ok
16:10:03.0562 4276 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:10:03.0734 4276 Wdf01000 - ok
16:10:03.0765 4276 WDICA - ok
16:10:03.0828 4276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:10:03.0859 4276 wdmaud - ok
16:10:03.0984 4276 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:10:04.0125 4276 winachsf - ok
16:10:04.0218 4276 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:10:04.0234 4276 WmiAcpi - ok
16:10:04.0296 4276 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:10:04.0312 4276 WpdUsb - ok
16:10:04.0468 4276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:10:04.0500 4276 WSTCODEC - ok
16:10:04.0656 4276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:10:04.0703 4276 WudfPf - ok
16:10:04.0781 4276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:10:04.0812 4276 WudfRd - ok
16:10:04.0890 4276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:10:06.0375 4276 \Device\Harddisk0\DR0 - ok
16:10:06.0406 4276 Boot (0x1200) (818c7f2e69af538a6ba780a70ffc3b8d) \Device\Harddisk0\DR0\Partition0
16:10:06.0406 4276 \Device\Harddisk0\DR0\Partition0 - ok
16:10:06.0406 4276 ============================================================
16:10:06.0406 4276 Scan finished
16:10:06.0406 4276 ============================================================
16:10:06.0421 4760 Detected object count: 0
16:10:06.0421 4760 Actual detected object count: 0
  • 0

Advertisements

#56
Maxihup
Posted 28 November 2011 - 04:16 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
BDRemovalTool ran (was a suspicious popup before the program loaded, maybe said 'preparing files') program then loaded and ran"

0 cleaned
0 infected

Edited by Maxihup, 28 November 2011 - 04:16 PM.

  • 0

#57
Maxihup
Posted 28 November 2011 - 04:58 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 16:15:45
-----------------------------
16:15:45.500 OS Version: Windows 5.1.2600 Service Pack 3
16:15:45.500 Number of processors: 2 586 0x170A
16:15:45.500 ComputerName: L1 UserName: user1
16:15:46.906 Initialize success
16:17:32.140 AVAST engine defs: 11112802
16:18:00.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:18:00.500 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
16:18:00.546 Disk 0 MBR read successfully
16:18:00.546 Disk 0 MBR scan
16:18:00.593 Disk 0 Windows XP default MBR code
16:18:00.609 Disk 0 scanning sectors +312575760
16:18:00.687 Disk 0 scanning C:\WINDOWS\system32\drivers
16:18:11.421 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:18:20.734 Service scanning
16:18:22.203 Modules scanning
16:18:29.968 Disk 0 trace - called modules:
16:18:29.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
16:18:29.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab159c0]
16:18:29.984 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\000000a4[0x8ab18678]
16:18:30.000 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ab16028]
16:18:30.968 AVAST engine scan C:\WINDOWS
16:18:41.437 AVAST engine scan C:\WINDOWS\system32
16:22:14.500 AVAST engine scan C:\WINDOWS\system32\drivers
16:22:24.796 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
16:22:36.359 AVAST engine scan C:\Documents and Settings\user1
16:35:13.250 File: C:\Documents and Settings\user1\My Documents\qkmz.exe **INFECTED** Win32:Sirefef-EX [Trj]
16:35:28.671 AVAST engine scan C:\Documents and Settings\All Users
16:42:12.796 Scan finished successfully
16:54:38.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
16:54:38.937 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"
  • 0

#58
Maxihup
Posted 28 November 2011 - 04:59 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
MBRCheck log
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0E8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E1D000 iaStor.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DFD000 fltMgr.sys
0xB9DEB000 sr.sys
0xBA118000 PxHelp20.sys
0xB9DD4000 KSecDD.sys
0xB9DC1000 WudfPf.sys
0xB9D34000 Ntfs.sys
0xB9D07000 NDIS.sys
0xBA128000 Combo-Fix.sys
0xB9CED000 Mup.sys
0xBA138000 agp440.sys
0xB97CB000 54562378.sys
0xB92A9000 42497254.sys
0xB89BA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7062000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB704E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB89AA000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB7010000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6FEC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6FC4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6C4C000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xAECF4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xAECE3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xAECCF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xAEC7D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB4D88000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xAEC45000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xABA1F000 \SystemRoot\system32\DRIVERS\tpm.sys
0xAA8F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xAA04F000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xA963C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xA960C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xA8848000 \SystemRoot\system32\DRIVERS\ks.sys
0xA9CAF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xA9C75000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xA8757000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xA9524000 \SystemRoot\system32\DRIVERS\audstub.sys
0xAA7D0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xA9CA7000 \SystemRoot\System32\Drivers\Modem.SYS
0xA9C9F000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xA9C97000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xA912F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xA9C6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA8740000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xA90FF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xA90DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xA872F000 \SystemRoot\system32\DRIVERS\psched.sys
0xA90BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xA9572000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xA956A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA9562000 \SystemRoot\system32\DRIVERS\covpndrv.sys
0xA955A000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xA86FF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xA8B96000 \SystemRoot\system32\DRIVERS\termdd.sys
0xA86E2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xA86CA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xA9552000 \SystemRoot\system32\DRIVERS\psadd.sys
0xAA7CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA866C000 \SystemRoot\system32\DRIVERS\update.sys
0xA941F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA84B3000 \SystemRoot\system32\DRIVERS\TM_CFW.sys
0xA95DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA95BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98140000 \SystemRoot\system32\drivers\CHDAU32.sys
0x9811C000 \SystemRoot\system32\drivers\portcls.sys
0xA910F000 \SystemRoot\system32\drivers\drmk.sys
0x980E8000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0x97FF7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0x97F44000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xAA7C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB05DA000 \SystemRoot\System32\Drivers\Null.SYS
0xAA196000 \SystemRoot\System32\Drivers\Beep.SYS
0xA91A9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA91A1000 \SystemRoot\System32\drivers\vga.sys
0xAA194000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAA192000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9199000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9191000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB217B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x97F11000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x97EB8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x97E90000 \SystemRoot\system32\DRIVERS\netbt.sys
0x97E6A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x97E48000 \SystemRoot\System32\drivers\afd.sys
0xAF778000 \SystemRoot\system32\DRIVERS\netbios.sys
0x97E33000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xAF768000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x97E08000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x97DEF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF758000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA318000 \SystemRoot\System32\Drivers\Fips.SYS
0x978CD000 \SystemRoot\system32\DRIVERS\82388117.sys
0xB76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7697000 \SystemRoot\System32\Drivers\btwusb.sys
0xB7677000 \SystemRoot\system32\drivers\libusb0.sys
0x977FD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8355000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA448000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA750000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF297000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB55EB000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
0x97627000 \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
0x975D6000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
0x97520000 \SystemRoot\system32\DRIVERS\irda.sys
0x975AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB22EF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97404000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x973AD000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xA95FC000 \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
0x9736C000 \??\C:\WINDOWS\system32\drivers\tmactmon.sys
0x97329000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xBA358000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9725A000 \SystemRoot\system32\DRIVERS\srv.sys
0x972C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x96A49000 \SystemRoot\System32\Drivers\HTTP.sys
0x968CC000 \SystemRoot\system32\drivers\wdmaud.sys
0x969D1000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA348000 \??\C:\ComboFix\catchme.sys
0xABBAD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x95F12000 \SystemRoot\System32\Drivers\Udfs.SYS
0x94B2C000 \SystemRoot\system32\DRIVERS\serial.sys
0x940AD000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93D68000 \SystemRoot\system32\DRIVERS\parport.sys
0x942A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96166000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93F46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x93ED7000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x96062000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96126000 \SystemRoot\system32\DRIVERS\nic1394.sys
0x9276B000 \SystemRoot\system32\DRIVERS\TrufosAlt.sys
0x96981000 \??\C:\DOCUME~1\user1\LOCALS~1\Temp\aswMBR.sys
0x92740000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
  • 0

#59
Maxihup
Posted 28 November 2011 - 05:00 PM

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Also generated a MBR.dat file:

3ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë½¾±8n | uƒÅâôÍ‹õƒÆIt8,tö µ´‹ð¬< tü» ´ÍëòˆNèF s*þF€~ t €~ t ¶uҀFƒFƒV
è! s ¶뼁>þ}Uªt €~ tÈ ·멋üW‹õË¿ ŠV ´Ír#ŠÁ$?˜ŠÞŠüC÷ã‹Ñ†Ö±ÒîB÷â9V
w#r9Fs¸» |‹N‹V ÍsQOtN2äŠV ÍëäŠV `»ªU´AÍr6ûUªu0öÁt+a`j j ÿv
ÿvj h |jj´B‹ôÍaasOt 2äŠV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system ,Dc>}4i € ïÿÿ? ц¡

Edited by Maxihup, 28 November 2011 - 05:00 PM.

  • 0

#60
maliprog
Posted 29 November 2011 - 12:32 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
aswMBR found more infected files. Let's try to Cure them.

Step 1

Can you post MBRCheck log again. Last part is missing.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
mrxsmb.sys
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me


Step 4


Please don't forget to include these items in your reply:


  • MBRCheck log again
  • VRT log
  • OTL log
It would be helpful if you could post each log in separate post
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP