Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

colexity777, espeak911, 37.220.36.44 [Solved]

Started by gcardinal , Aug 21 2012 08:29 PM

  • This topic is locked This topic is locked

#1
gcardinal
Posted 21 August 2012 - 08:29 PM

gcardinal

    Member

  • Member
  • PipPip
  • 12 posts
I keep getting an Avast warning "Malicious URL Blocked"
The url is one of the three in the topic title.
Internet is very slow or I am unable to connect to it.

OTL log has been generated.

Thanks for your help...
  • 0

Advertisements

#2
Render
Posted 22 August 2012 - 04:50 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#3
gcardinal
Posted 22 August 2012 - 06:01 AM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks, here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 06:19:26
-----------------------------
06:19:26.328 OS Version: Windows 5.1.2600 Service Pack 3
06:19:26.328 Number of processors: 2 586 0x2A07
06:19:26.328 ComputerName: P8H61MLECSMREV3 UserName: Greg
06:19:28.875 Initialize success
06:19:29.000 AVAST engine defs: 12082100
06:19:47.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:19:47.640 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
06:19:47.640 Device \Driver\atapi -> DriverStartIo 8a2342e2
06:19:47.640 Disk 0 MBR read successfully
06:19:47.640 Disk 0 MBR scan
06:19:47.640 Disk 0 Windows XP default MBR code
06:19:47.640 Disk 0 MBR hidden
06:19:47.640 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476929 MB offset 63
06:19:47.640 Disk 0 scanning sectors +976752000
06:19:47.718 Disk 0 scanning C:\WINDOWS\system32\drivers
06:19:55.156 Service scanning
06:20:07.093 Modules scanning
06:20:11.312 Disk 0 trace - called modules:
06:20:11.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a2344b1]<<
06:20:11.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3c2ab8]
06:20:11.812 3 CLASSPNP.SYS[b98f8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a3f4f18]
06:20:11.812 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> [0x8a3f1940]
06:20:11.812 \Driver\atapi[0x8a2a2da0] -> IRP_MJ_CREATE -> 0x8a2344b1
06:20:16.250 AVAST engine scan C:\WINDOWS
06:20:26.562 AVAST engine scan C:\WINDOWS\system32
06:22:15.890 AVAST engine scan C:\WINDOWS\system32\drivers
06:22:24.109 AVAST engine scan C:\Documents and Settings\Greg
06:42:42.234 AVAST engine scan C:\Documents and Settings\All Users
06:43:08.640 Scan finished successfully
06:51:52.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Greg\Desktop\MBR.dat"
06:51:52.546 The log file has been saved successfully to "C:\Documents and Settings\Greg\Desktop\aswMBR.txt"

I am not able to copy and paste the MBR.dat file. My system doesn't recognize the file.

Greg
  • 0

#4
Render
Posted 22 August 2012 - 06:04 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

I am not able to copy and paste the MBR.dat file. My system doesn't recognize the file.

You have to attach a file not copy/paste it. Please read here how to do it.

NEXT...

  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

#5
gcardinal
Posted 22 August 2012 - 06:36 AM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Attached is the .dat file...

I will complete other download within 24 hours.

Thanks.

Attached Files

  • Attached File  MBR.dat   512bytes   187 downloads

  • 0

#6
Render
Posted 22 August 2012 - 08:05 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#7
gcardinal
Posted 22 August 2012 - 04:42 PM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I downloaded RogueKiller and during the scan my computer crashed - twice
  • 0

#8
Render
Posted 22 August 2012 - 04:58 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please try to proceed with this:

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#9
gcardinal
Posted 22 August 2012 - 05:17 PM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I just want to confirm that you are asking me to disable AVAST, my spyware protection?
  • 0

#10
Render
Posted 22 August 2012 - 06:23 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes.
  • 0

Advertisements

#11
gcardinal
Posted 23 August 2012 - 04:58 AM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Attached File  ComboFix.txt   16.18KB   79 downloadsHere is the CombiFix log:

ComboFix 12-08-22.03 - Greg 08/22/2012 22:42:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2922.2354 [GMT -5:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\regobj.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 03:50 . 2008-04-14 06:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-08-23 03:50 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-08-22 22:01 . 2012-08-22 22:06 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-08-21 17:04 . 2012-08-21 17:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:57 . 2012-04-08 03:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:57 . 2012-01-02 23:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-01-02 21:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46 . 2012-01-02 23:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-01-02 23:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-01-02 23:10 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-01-02 23:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-01-02 23:10 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-01-02 23:10 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-01-02 23:10 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2012-01-02 23:10 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2012-01-02 23:10 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2012-01-02 23:10 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-01-02 23:10 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 13:40 . 2004-08-04 05:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 06:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2004-08-04 06:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 04:59 385024 ------w- c:\windows\system32\html.iec
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2012-01-02 21:13 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 06:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 06:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2012-01-02 21:43 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2012-01-02 21:43 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2012-01-02 21:01 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2012-01-02 21:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2012-01-02 21:01 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2012-01-02 21:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2012-01-02 21:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2012-01-02 21:01 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2012-01-02 21:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-04 06:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2012-01-02 21:43 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2012-01-02 21:01 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2012-01-02 21:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2012-01-03 00:36 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2012-01-03 00:36 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2009-08-07 01:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-21 15:07 . 2012-01-03 01:43 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 22:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
Screen Shot 2.0.lnk - c:\program files\Parsons Technology\Screen Shot 2.0\Sshot2.exe [2012-1-2 815104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2012-1-2 25214]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/2/2012 6:10 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/2/2012 6:10 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2012 6:10 PM 21256]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/2/2012 6:49 PM 21992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/15/2012 6:57 AM 95200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/2/2012 6:54 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 10:27 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2012 4:27 PM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/2/2012 6:54 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 12:33 PM 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 7:41 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:57]
.
2012-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-08-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-29 16:21]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-02 23:54]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-02 23:54]
.
2012-08-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-09 22:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\w0oyxqd2.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 05:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500413AS rev.JC4B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1092E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-23 05:52:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 10:52
.
Pre-Run: 435,152,744,448 bytes free
Post-Run: 436,985,675,776 bytes free
.
- - End Of File - - 6B5F0F5F59912263B4DCBF2759E7B36C
  • 0

#12
Render
Posted 23 August 2012 - 05:13 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You can turn on AV real-time protection now. And proceed with this:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#13
gcardinal
Posted 23 August 2012 - 05:49 AM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
5 minutes after reboot and no malicious warnings - AWESOME

Here is the TDSKiller log:

06:36:59.0062 2676 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
06:36:59.0375 2676 ============================================================
06:36:59.0375 2676 Current date / time: 2012/08/23 06:36:59.0375
06:36:59.0375 2676 SystemInfo:
06:36:59.0375 2676
06:36:59.0375 2676 OS Version: 5.1.2600 ServicePack: 3.0
06:36:59.0375 2676 Product type: Workstation
06:36:59.0375 2676 ComputerName: P8H61MLECSMREV3
06:36:59.0375 2676 UserName: Greg
06:36:59.0375 2676 Windows directory: C:\WINDOWS
06:36:59.0375 2676 System windows directory: C:\WINDOWS
06:36:59.0375 2676 Processor architecture: Intel x86
06:36:59.0375 2676 Number of processors: 2
06:36:59.0375 2676 Page size: 0x1000
06:36:59.0375 2676 Boot type: Normal boot
06:36:59.0375 2676 ============================================================
06:37:00.0500 2676 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:37:00.0500 2676 ============================================================
06:37:00.0500 2676 \Device\Harddisk0\DR0:
06:37:00.0500 2676 MBR partitions:
06:37:00.0500 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
06:37:00.0500 2676 ============================================================
06:37:00.0546 2676 C: <-> \Device\Harddisk0\DR0\Partition1
06:37:00.0546 2676 ============================================================
06:37:00.0546 2676 Initialize success
06:37:00.0546 2676 ============================================================
06:38:20.0531 3288 ============================================================
06:38:20.0531 3288 Scan started
06:38:20.0531 3288 Mode: Manual; SigCheck; TDLFS;
06:38:20.0531 3288 ============================================================
06:38:21.0437 3288 ================ Scan system memory ========================
06:38:21.0437 3288 System memory - ok
06:38:21.0437 3288 ================ Scan services =============================
06:38:21.0593 3288 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
06:38:21.0703 3288 Aavmker4 - ok
06:38:21.0703 3288 Abiosdsk - ok
06:38:21.0703 3288 abp480n5 - ok
06:38:21.0734 3288 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:38:21.0875 3288 ACPI - ok
06:38:21.0906 3288 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
06:38:21.0984 3288 ACPIEC - ok
06:38:22.0062 3288 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
06:38:22.0078 3288 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
06:38:22.0078 3288 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
06:38:22.0171 3288 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:38:22.0171 3288 AdobeFlashPlayerUpdateSvc - ok
06:38:22.0187 3288 adpu160m - ok
06:38:22.0218 3288 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
06:38:22.0296 3288 aec - ok
06:38:22.0343 3288 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
06:38:22.0359 3288 AFD - ok
06:38:22.0359 3288 Aha154x - ok
06:38:22.0359 3288 aic78u2 - ok
06:38:22.0359 3288 aic78xx - ok
06:38:22.0390 3288 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
06:38:22.0468 3288 Alerter - ok
06:38:22.0484 3288 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
06:38:22.0531 3288 ALG - ok
06:38:22.0546 3288 AliIde - ok
06:38:22.0578 3288 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
06:38:22.0640 3288 Ambfilt - ok
06:38:22.0640 3288 amsint - ok
06:38:22.0718 3288 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:38:22.0734 3288 Apple Mobile Device - ok
06:38:22.0781 3288 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
06:38:22.0859 3288 AppMgmt - ok
06:38:22.0859 3288 asc - ok
06:38:22.0859 3288 asc3350p - ok
06:38:22.0859 3288 asc3550 - ok
06:38:22.0937 3288 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:38:22.0953 3288 aspnet_state - ok
06:38:22.0984 3288 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:38:22.0984 3288 aswFsBlk - ok
06:38:23.0000 3288 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
06:38:23.0015 3288 aswMon2 - ok
06:38:23.0015 3288 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
06:38:23.0031 3288 aswRdr - ok
06:38:23.0062 3288 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
06:38:23.0078 3288 aswSnx - ok
06:38:23.0125 3288 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
06:38:23.0140 3288 aswSP - ok
06:38:23.0156 3288 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
06:38:23.0171 3288 aswTdi - ok
06:38:23.0187 3288 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:38:23.0281 3288 AsyncMac - ok
06:38:23.0296 3288 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
06:38:23.0375 3288 atapi - ok
06:38:23.0375 3288 Atdisk - ok
06:38:23.0406 3288 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:38:23.0484 3288 Atmarpc - ok
06:38:23.0531 3288 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
06:38:23.0578 3288 AudioSrv - ok
06:38:23.0625 3288 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
06:38:23.0687 3288 audstub - ok
06:38:23.0750 3288 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:38:23.0765 3288 avast! Antivirus - ok
06:38:23.0796 3288 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
06:38:23.0875 3288 Beep - ok
06:38:23.0921 3288 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
06:38:24.0000 3288 BITS - ok
06:38:24.0046 3288 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:38:24.0062 3288 Bonjour Service - ok
06:38:24.0109 3288 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
06:38:24.0140 3288 Browser - ok
06:38:24.0171 3288 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
06:38:24.0187 3288 BrScnUsb - ok
06:38:24.0187 3288 [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
06:38:24.0203 3288 BrSerIf - ok
06:38:24.0203 3288 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
06:38:24.0250 3288 BrUsbSer - ok
06:38:24.0250 3288 catchme - ok
06:38:24.0281 3288 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
06:38:24.0343 3288 cbidf2k - ok
06:38:24.0359 3288 cd20xrnt - ok
06:38:24.0375 3288 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
06:38:24.0437 3288 Cdaudio - ok
06:38:24.0484 3288 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
06:38:24.0546 3288 Cdfs - ok
06:38:24.0562 3288 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:38:24.0625 3288 Cdrom - ok
06:38:24.0625 3288 Changer - ok
06:38:24.0656 3288 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
06:38:24.0718 3288 CiSvc - ok
06:38:24.0734 3288 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
06:38:24.0796 3288 ClipSrv - ok
06:38:24.0812 3288 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:38:24.0828 3288 clr_optimization_v2.0.50727_32 - ok
06:38:24.0875 3288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:38:24.0890 3288 clr_optimization_v4.0.30319_32 - ok
06:38:24.0890 3288 CmdIde - ok
06:38:24.0890 3288 COMSysApp - ok
06:38:24.0890 3288 Cpqarray - ok
06:38:24.0921 3288 [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
06:38:24.0937 3288 cpuz135 - ok
06:38:24.0968 3288 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
06:38:25.0015 3288 CryptSvc - ok
06:38:25.0031 3288 dac2w2k - ok
06:38:25.0031 3288 dac960nt - ok
06:38:25.0062 3288 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
06:38:25.0093 3288 DcomLaunch - ok
06:38:25.0125 3288 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
06:38:25.0218 3288 Dhcp - ok
06:38:25.0234 3288 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
06:38:25.0296 3288 Disk - ok
06:38:25.0296 3288 dmadmin - ok
06:38:25.0328 3288 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
06:38:25.0406 3288 dmboot - ok
06:38:25.0421 3288 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
06:38:25.0484 3288 dmio - ok
06:38:25.0515 3288 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
06:38:25.0593 3288 dmload - ok
06:38:25.0625 3288 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
06:38:25.0671 3288 dmserver - ok
06:38:25.0703 3288 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
06:38:25.0781 3288 DMusic - ok
06:38:25.0812 3288 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
06:38:25.0828 3288 Dnscache - ok
06:38:25.0859 3288 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
06:38:25.0921 3288 Dot3svc - ok
06:38:25.0921 3288 dpti2o - ok
06:38:25.0921 3288 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
06:38:26.0000 3288 drmkaud - ok
06:38:26.0015 3288 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
06:38:26.0109 3288 EapHost - ok
06:38:26.0140 3288 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
06:38:26.0203 3288 ERSvc - ok
06:38:26.0250 3288 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
06:38:26.0265 3288 Eventlog - ok
06:38:26.0265 3288 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
06:38:26.0296 3288 EventSystem - ok
06:38:26.0312 3288 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
06:38:26.0375 3288 Fastfat - ok
06:38:26.0421 3288 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:38:26.0437 3288 FastUserSwitchingCompatibility - ok
06:38:26.0468 3288 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
06:38:26.0531 3288 Fdc - ok
06:38:26.0546 3288 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
06:38:26.0625 3288 Fips - ok
06:38:26.0625 3288 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
06:38:26.0703 3288 Flpydisk - ok
06:38:26.0734 3288 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
06:38:26.0796 3288 FltMgr - ok
06:38:26.0843 3288 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:38:26.0843 3288 FontCache3.0.0.0 - ok
06:38:26.0859 3288 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:38:26.0921 3288 Fs_Rec - ok
06:38:26.0937 3288 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:38:27.0000 3288 Ftdisk - ok
06:38:27.0062 3288 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:38:27.0062 3288 GEARAspiWDM - ok
06:38:27.0078 3288 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:38:27.0140 3288 Gpc - ok
06:38:27.0171 3288 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
06:38:27.0187 3288 gupdate - ok
06:38:27.0187 3288 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
06:38:27.0187 3288 gupdatem - ok
06:38:27.0250 3288 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:38:27.0250 3288 gusvc - ok
06:38:27.0265 3288 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:38:27.0343 3288 HDAudBus - ok
06:38:27.0421 3288 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:38:27.0484 3288 helpsvc - ok
06:38:27.0515 3288 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
06:38:27.0593 3288 HidServ - ok
06:38:27.0625 3288 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:38:27.0703 3288 hidusb - ok
06:38:27.0718 3288 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
06:38:27.0796 3288 hkmsvc - ok
06:38:27.0796 3288 hpn - ok
06:38:27.0843 3288 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
06:38:27.0859 3288 HTTP - ok
06:38:27.0890 3288 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
06:38:27.0968 3288 HTTPFilter - ok
06:38:27.0968 3288 i2omgmt - ok
06:38:27.0984 3288 i2omp - ok
06:38:28.0093 3288 [ 14C665264EE51DFE6AE9DFDF9C5511F2 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:38:28.0171 3288 ialm - ok
06:38:28.0265 3288 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:38:28.0296 3288 idsvc - ok
06:38:28.0312 3288 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
06:38:28.0390 3288 Imapi - ok
06:38:28.0421 3288 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
06:38:28.0500 3288 ImapiService - ok
06:38:28.0500 3288 ini910u - ok
06:38:28.0625 3288 [ 52B1C4CE44EE58F7E781C561EFB22517 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:38:28.0765 3288 IntcAzAudAddService - ok
06:38:28.0781 3288 IntelIde - ok
06:38:28.0796 3288 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:38:28.0859 3288 intelppm - ok
06:38:28.0875 3288 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
06:38:28.0937 3288 Ip6Fw - ok
06:38:28.0953 3288 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:38:29.0015 3288 IpFilterDriver - ok
06:38:29.0031 3288 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:38:29.0093 3288 IpInIp - ok
06:38:29.0125 3288 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:38:29.0187 3288 IpNat - ok
06:38:29.0250 3288 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:38:29.0281 3288 iPod Service - ok
06:38:29.0312 3288 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:38:29.0375 3288 IPSec - ok
06:38:29.0406 3288 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
06:38:29.0484 3288 IRENUM - ok
06:38:29.0515 3288 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:38:29.0593 3288 isapnp - ok
06:38:29.0671 3288 [ A38441ED570F190CC041A7BE49488FA7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
06:38:29.0687 3288 JavaQuickStarterService - ok
06:38:29.0718 3288 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:38:29.0781 3288 Kbdclass - ok
06:38:29.0781 3288 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:38:29.0843 3288 kbdhid - ok
06:38:29.0859 3288 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
06:38:29.0921 3288 kmixer - ok
06:38:29.0953 3288 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
06:38:29.0968 3288 KSecDD - ok
06:38:29.0984 3288 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
06:38:30.0000 3288 lanmanserver - ok
06:38:30.0015 3288 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:38:30.0046 3288 lanmanworkstation - ok
06:38:30.0046 3288 lbrtfdc - ok
06:38:30.0093 3288 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
06:38:30.0156 3288 LmHosts - ok
06:38:30.0250 3288 [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
06:38:30.0250 3288 McAfee SiteAdvisor Service - ok
06:38:30.0343 3288 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
06:38:30.0343 3288 McComponentHostService - ok
06:38:30.0421 3288 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
06:38:30.0421 3288 MDM ( UnsignedFile.Multi.Generic ) - warning
06:38:30.0421 3288 MDM - detected UnsignedFile.Multi.Generic (1)
06:38:30.0453 3288 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
06:38:30.0531 3288 Messenger - ok
06:38:30.0609 3288 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
06:38:30.0625 3288 Microsoft Office Groove Audit Service - ok
06:38:30.0640 3288 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
06:38:30.0718 3288 mnmdd - ok
06:38:30.0718 3288 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
06:38:30.0796 3288 mnmsrvc - ok
06:38:30.0828 3288 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
06:38:30.0890 3288 Modem - ok
06:38:30.0921 3288 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
06:38:30.0968 3288 Monfilt - ok
06:38:30.0984 3288 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:38:31.0046 3288 Mouclass - ok
06:38:31.0062 3288 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:38:31.0171 3288 mouhid - ok
06:38:31.0187 3288 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
06:38:31.0234 3288 MountMgr - ok
06:38:31.0281 3288 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:38:31.0296 3288 MozillaMaintenance - ok
06:38:31.0296 3288 mraid35x - ok
06:38:31.0312 3288 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:38:31.0390 3288 MRxDAV - ok
06:38:31.0421 3288 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:38:31.0453 3288 MRxSmb - ok
06:38:31.0484 3288 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
06:38:31.0546 3288 MSDTC - ok
06:38:31.0546 3288 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
06:38:31.0609 3288 Msfs - ok
06:38:31.0609 3288 MSIServer - ok
06:38:31.0625 3288 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:38:31.0687 3288 MSKSSRV - ok
06:38:31.0703 3288 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:38:31.0750 3288 MSPCLOCK - ok
06:38:31.0765 3288 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
06:38:31.0843 3288 MSPQM - ok
06:38:31.0875 3288 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:38:31.0937 3288 mssmbios - ok
06:38:31.0953 3288 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
06:38:31.0968 3288 Mup - ok
06:38:31.0984 3288 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
06:38:32.0046 3288 napagent - ok
06:38:32.0046 3288 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
06:38:32.0109 3288 NDIS - ok
06:38:32.0140 3288 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:38:32.0140 3288 NdisTapi - ok
06:38:32.0156 3288 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:38:32.0218 3288 Ndisuio - ok
06:38:32.0218 3288 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:38:32.0281 3288 NdisWan - ok
06:38:32.0312 3288 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
06:38:32.0328 3288 NDProxy - ok
06:38:32.0343 3288 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
06:38:32.0406 3288 NetBIOS - ok
06:38:32.0421 3288 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
06:38:32.0484 3288 NetBT - ok
06:38:32.0500 3288 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
06:38:32.0562 3288 NetDDE - ok
06:38:32.0578 3288 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
06:38:32.0625 3288 NetDDEdsdm - ok
06:38:32.0656 3288 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
06:38:32.0718 3288 Netlogon - ok
06:38:32.0718 3288 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
06:38:32.0781 3288 Netman - ok
06:38:32.0828 3288 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:38:32.0828 3288 NetTcpPortSharing - ok
06:38:32.0843 3288 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
06:38:32.0859 3288 Nla - ok
06:38:32.0859 3288 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
06:38:32.0937 3288 Npfs - ok
06:38:32.0968 3288 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
06:38:33.0031 3288 Ntfs - ok
06:38:33.0031 3288 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
06:38:33.0093 3288 NtLmSsp - ok
06:38:33.0109 3288 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
06:38:33.0187 3288 NtmsSvc - ok
06:38:33.0203 3288 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
06:38:33.0281 3288 Null - ok
06:38:33.0312 3288 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:38:33.0375 3288 NwlnkFlt - ok
06:38:33.0375 3288 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:38:33.0437 3288 NwlnkFwd - ok
06:38:33.0515 3288 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:38:33.0531 3288 odserv - ok
06:38:33.0562 3288 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:38:33.0578 3288 ose - ok
06:38:33.0625 3288 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
06:38:33.0687 3288 Parport - ok
06:38:33.0703 3288 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
06:38:33.0765 3288 PartMgr - ok
06:38:33.0796 3288 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
06:38:33.0875 3288 ParVdm - ok
06:38:33.0906 3288 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
06:38:33.0984 3288 PCI - ok
06:38:33.0984 3288 PCIDump - ok
06:38:33.0984 3288 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
06:38:34.0046 3288 PCIIde - ok
06:38:34.0078 3288 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
06:38:34.0156 3288 Pcmcia - ok
06:38:34.0156 3288 PDCOMP - ok
06:38:34.0171 3288 PDFRAME - ok
06:38:34.0171 3288 PDRELI - ok
06:38:34.0171 3288 PDRFRAME - ok
06:38:34.0171 3288 perc2 - ok
06:38:34.0171 3288 perc2hib - ok
06:38:34.0203 3288 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
06:38:34.0218 3288 PlugPlay - ok
06:38:34.0234 3288 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
06:38:34.0281 3288 PolicyAgent - ok
06:38:34.0296 3288 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:38:34.0375 3288 PptpMiniport - ok
06:38:34.0375 3288 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:38:34.0437 3288 ProtectedStorage - ok
06:38:34.0437 3288 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
06:38:34.0500 3288 PSched - ok
06:38:34.0515 3288 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:38:34.0578 3288 Ptilink - ok
06:38:34.0578 3288 ql1080 - ok
06:38:34.0593 3288 Ql10wnt - ok
06:38:34.0593 3288 ql12160 - ok
06:38:34.0593 3288 ql1240 - ok
06:38:34.0593 3288 ql1280 - ok
06:38:34.0625 3288 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:38:34.0687 3288 RasAcd - ok
06:38:34.0703 3288 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
06:38:34.0765 3288 RasAuto - ok
06:38:34.0781 3288 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:38:34.0843 3288 Rasl2tp - ok
06:38:34.0875 3288 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
06:38:34.0953 3288 RasMan - ok
06:38:34.0953 3288 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:38:35.0015 3288 RasPppoe - ok
06:38:35.0015 3288 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
06:38:35.0078 3288 Raspti - ok
06:38:35.0093 3288 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:38:35.0156 3288 Rdbss - ok
06:38:35.0187 3288 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:38:35.0250 3288 RDPCDD - ok
06:38:35.0250 3288 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:38:35.0312 3288 rdpdr - ok
06:38:35.0343 3288 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
06:38:35.0375 3288 RDPWD - ok
06:38:35.0406 3288 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
06:38:35.0468 3288 RDSessMgr - ok
06:38:35.0500 3288 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
06:38:35.0546 3288 redbook - ok
06:38:35.0578 3288 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
06:38:35.0656 3288 RemoteAccess - ok
06:38:35.0671 3288 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
06:38:35.0734 3288 RemoteRegistry - ok
06:38:35.0765 3288 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
06:38:35.0812 3288 RpcLocator - ok
06:38:35.0843 3288 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
06:38:35.0859 3288 RpcSs - ok
06:38:35.0906 3288 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
06:38:35.0984 3288 RSVP - ok
06:38:36.0031 3288 [ 41FA2D39C227073A448AA7000B636280 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
06:38:36.0031 3288 RTLE8023xp - ok
06:38:36.0046 3288 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
06:38:36.0109 3288 SamSs - ok
06:38:36.0140 3288 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
06:38:36.0234 3288 SCardSvr - ok
06:38:36.0281 3288 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
06:38:36.0359 3288 Schedule - ok
06:38:36.0375 3288 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:38:36.0437 3288 Secdrv - ok
06:38:36.0453 3288 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
06:38:36.0515 3288 seclogon - ok
06:38:36.0531 3288 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
06:38:36.0593 3288 SENS - ok
06:38:36.0593 3288 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
06:38:36.0656 3288 serenum - ok
06:38:36.0687 3288 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
06:38:36.0750 3288 Serial - ok
06:38:36.0765 3288 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
06:38:36.0828 3288 Sfloppy - ok
06:38:36.0859 3288 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
06:38:36.0921 3288 SharedAccess - ok
06:38:36.0953 3288 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:38:36.0953 3288 ShellHWDetection - ok
06:38:36.0953 3288 Simbad - ok
06:38:36.0968 3288 Sparrow - ok
06:38:37.0015 3288 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
06:38:37.0062 3288 splitter - ok
06:38:37.0093 3288 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
06:38:37.0109 3288 Spooler - ok
06:38:37.0140 3288 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
06:38:37.0203 3288 sr - ok
06:38:37.0234 3288 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
06:38:37.0296 3288 srservice - ok
06:38:37.0343 3288 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
06:38:37.0359 3288 Srv - ok
06:38:37.0359 3288 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
06:38:37.0421 3288 SSDPSRV - ok
06:38:37.0453 3288 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
06:38:37.0515 3288 stisvc - ok
06:38:37.0531 3288 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
06:38:37.0609 3288 swenum - ok
06:38:37.0625 3288 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
06:38:37.0687 3288 swmidi - ok
06:38:37.0687 3288 SwPrv - ok
06:38:37.0687 3288 symc810 - ok
06:38:37.0687 3288 symc8xx - ok
06:38:37.0703 3288 sym_hi - ok
06:38:37.0703 3288 sym_u3 - ok
06:38:37.0703 3288 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
06:38:37.0781 3288 sysaudio - ok
06:38:37.0796 3288 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
06:38:37.0859 3288 SysmonLog - ok
06:38:37.0890 3288 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
06:38:37.0953 3288 TapiSrv - ok
06:38:38.0000 3288 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:38:38.0015 3288 Tcpip - ok
06:38:38.0031 3288 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
06:38:38.0109 3288 TDPIPE - ok
06:38:38.0125 3288 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
06:38:38.0187 3288 TDTCP - ok
06:38:38.0218 3288 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
06:38:38.0281 3288 TermDD - ok
06:38:38.0312 3288 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
06:38:38.0375 3288 TermService - ok
06:38:38.0390 3288 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
06:38:38.0406 3288 Themes - ok
06:38:38.0437 3288 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
06:38:38.0500 3288 TlntSvr - ok
06:38:38.0500 3288 TosIde - ok
06:38:38.0531 3288 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
06:38:38.0593 3288 TrkWks - ok
06:38:38.0625 3288 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
06:38:38.0687 3288 Udfs - ok
06:38:38.0687 3288 ultra - ok
06:38:38.0703 3288 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
06:38:38.0781 3288 Update - ok
06:38:38.0796 3288 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
06:38:38.0859 3288 upnphost - ok
06:38:38.0875 3288 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
06:38:38.0937 3288 UPS - ok
06:38:38.0968 3288 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
06:38:38.0984 3288 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
06:38:38.0984 3288 USBAAPL - detected UnsignedFile.Multi.Generic (1)
06:38:39.0031 3288 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:38:39.0093 3288 usbccgp - ok
06:38:39.0125 3288 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:38:39.0187 3288 usbehci - ok
06:38:39.0218 3288 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:38:39.0281 3288 usbhub - ok
06:38:39.0296 3288 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:38:39.0359 3288 usbprint - ok
06:38:39.0375 3288 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:38:39.0453 3288 usbscan - ok
06:38:39.0468 3288 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:38:39.0531 3288 USBSTOR - ok
06:38:39.0562 3288 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
06:38:39.0625 3288 VgaSave - ok
06:38:39.0625 3288 ViaIde - ok
06:38:39.0640 3288 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
06:38:39.0703 3288 VolSnap - ok
06:38:39.0718 3288 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
06:38:39.0796 3288 VSS - ok
06:38:39.0812 3288 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
06:38:39.0875 3288 W32Time - ok
06:38:39.0890 3288 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:38:39.0953 3288 Wanarp - ok
06:38:39.0953 3288 WDICA - ok
06:38:39.0968 3288 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
06:38:40.0031 3288 wdmaud - ok
06:38:40.0031 3288 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
06:38:40.0109 3288 WebClient - ok
06:38:40.0156 3288 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
06:38:40.0218 3288 winmgmt - ok
06:38:40.0250 3288 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
06:38:40.0343 3288 WinRM - ok
06:38:40.0390 3288 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
06:38:40.0390 3288 WmdmPmSN - ok
06:38:40.0421 3288 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
06:38:40.0468 3288 Wmi - ok
06:38:40.0468 3288 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
06:38:40.0531 3288 WmiAcpi - ok
06:38:40.0562 3288 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:38:40.0625 3288 WmiApSrv - ok
06:38:40.0687 3288 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
06:38:40.0765 3288 WMPNetworkSvc - ok
06:38:40.0781 3288 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:38:40.0796 3288 WpdUsb - ok
06:38:40.0875 3288 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:38:40.0906 3288 WPFFontCache_v0400 - ok
06:38:40.0937 3288 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:38:41.0000 3288 WS2IFSL - ok
06:38:41.0031 3288 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
06:38:41.0109 3288 wscsvc - ok
06:38:41.0109 3288 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
06:38:41.0171 3288 wuauserv - ok
06:38:41.0187 3288 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:38:41.0203 3288 WudfPf - ok
06:38:41.0218 3288 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:38:41.0265 3288 WudfRd - ok
06:38:41.0281 3288 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
06:38:41.0296 3288 WudfSvc - ok
06:38:41.0343 3288 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
06:38:41.0406 3288 WZCSVC - ok
06:38:41.0421 3288 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
06:38:41.0484 3288 xmlprov - ok
06:38:41.0484 3288 ================ Scan global ===============================
06:38:41.0500 3288 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:38:41.0546 3288 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:38:41.0562 3288 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:38:41.0578 3288 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
06:38:41.0578 3288 [Global] - ok
06:38:41.0578 3288 ================ Scan MBR ==================================
06:38:41.0609 3288 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
06:38:41.0609 3288 Suspicious mbr (Forged): \Device\Harddisk0\DR0
06:38:41.0625 3288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:38:41.0625 3288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
06:38:41.0703 3288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:38:41.0703 3288 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:38:41.0703 3288 ================ Scan VBR ==================================
06:38:41.0703 3288 [ 4FEE3BB1F305B140887F2868A584B476 ] \Device\Harddisk0\DR0\Partition1
06:38:41.0703 3288 \Device\Harddisk0\DR0\Partition1 - ok
06:38:41.0703 3288 ============================================================
06:38:41.0703 3288 Scan finished
06:38:41.0703 3288 ============================================================
06:38:41.0812 3068 Detected object count: 5
06:38:41.0812 3068 Actual detected object count: 5
06:40:22.0859 3068 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:40:22.0859 3068 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:40:22.0859 3068 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
06:40:22.0859 3068 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:40:22.0859 3068 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
06:40:22.0859 3068 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:40:23.0437 3068 \Device\Harddisk0\DR0\# - copied to quarantine
06:40:23.0437 3068 \Device\Harddisk0\DR0 - copied to quarantine
06:40:23.0500 3068 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:40:23.0531 3068 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
06:40:23.0531 3068 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:40:23.0546 3068 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:40:24.0781 3068 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:40:24.0843 3068 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:40:24.0875 3068 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:40:24.0906 3068 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:40:24.0906 3068 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:40:24.0906 3068 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:40:24.0906 3068 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:40:24.0937 3068 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:40:24.0953 3068 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:40:24.0953 3068 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:40:24.0984 3068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:40:24.0984 3068 \Device\Harddisk0\DR0 - ok
06:40:25.0000 3068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
06:40:25.0000 3068 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:40:25.0000 3068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:40:31.0968 3660 Deinitialize success
  • 0

#14
Render
Posted 23 August 2012 - 06:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please rerun TDSSKiller and on this entry \Device\Harddisk0\DR0 ( TDSS File System ) select Delete.

NEXT...

Let's see another opinion.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#15
gcardinal
Posted 23 August 2012 - 06:35 PM

gcardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Attached File  MBR.dat   512bytes   184 downloadsHere is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 06:19:26
-----------------------------
06:19:26.328 OS Version: Windows 5.1.2600 Service Pack 3
06:19:26.328 Number of processors: 2 586 0x2A07
06:19:26.328 ComputerName: P8H61MLECSMREV3 UserName: Greg
06:19:28.875 Initialize success
06:19:29.000 AVAST engine defs: 12082100
06:19:47.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:19:47.640 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
06:19:47.640 Device \Driver\atapi -> DriverStartIo 8a2342e2
06:19:47.640 Disk 0 MBR read successfully
06:19:47.640 Disk 0 MBR scan
06:19:47.640 Disk 0 Windows XP default MBR code
06:19:47.640 Disk 0 MBR hidden
06:19:47.640 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476929 MB offset 63
06:19:47.640 Disk 0 scanning sectors +976752000
06:19:47.718 Disk 0 scanning C:\WINDOWS\system32\drivers
06:19:55.156 Service scanning
06:20:07.093 Modules scanning
06:20:11.312 Disk 0 trace - called modules:
06:20:11.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a2344b1]<<
06:20:11.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3c2ab8]
06:20:11.812 3 CLASSPNP.SYS[b98f8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a3f4f18]
06:20:11.812 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> [0x8a3f1940]
06:20:11.812 \Driver\atapi[0x8a2a2da0] -> IRP_MJ_CREATE -> 0x8a2344b1
06:20:16.250 AVAST engine scan C:\WINDOWS
06:20:26.562 AVAST engine scan C:\WINDOWS\system32
06:22:15.890 AVAST engine scan C:\WINDOWS\system32\drivers
06:22:24.109 AVAST engine scan C:\Documents and Settings\Greg
06:42:42.234 AVAST engine scan C:\Documents and Settings\All Users
06:43:08.640 Scan finished successfully
06:51:52.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Greg\Desktop\MBR.dat"
06:51:52.546 The log file has been saved successfully to "C:\Documents and Settings\Greg\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-23 18:55:24
-----------------------------
18:55:24.562 OS Version: Windows 5.1.2600 Service Pack 3
18:55:24.562 Number of processors: 2 586 0x2A07
18:55:24.562 ComputerName: P8H61MLECSMREV3 UserName: Greg
18:55:25.468 Initialize success
18:55:25.546 AVAST engine defs: 12082400
18:55:49.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:55:49.484 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
18:55:49.484 Disk 0 MBR read successfully
18:55:49.484 Disk 0 MBR scan
18:55:49.484 Disk 0 Windows XP default MBR code
18:55:49.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:55:49.484 Disk 0 scanning sectors +976752000
18:55:49.546 Disk 0 scanning C:\WINDOWS\system32\drivers
18:55:56.484 Service scanning
18:56:06.578 Modules scanning
18:56:09.515 Disk 0 trace - called modules:
18:56:09.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:56:09.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3d0ab8]
18:56:09.531 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a3a3f18]
18:56:09.531 5 ACPI.sys[b9751620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3a2940]
18:56:14.828 AVAST engine scan C:\WINDOWS
18:56:25.906 AVAST engine scan C:\WINDOWS\system32
18:58:23.265 AVAST engine scan C:\WINDOWS\system32\drivers
18:58:40.390 AVAST engine scan C:\Documents and Settings\Greg
19:12:04.296 AVAST engine scan C:\Documents and Settings\All Users
19:12:34.015 Scan finished successfully
19:30:08.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Greg\Desktop\MBR.dat"
19:30:08.234 The log file has been saved successfully to "C:\Documents and Settings\Greg\Desktop\aswMBR.txt"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP