Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kapersky Online Scanner


  • This topic is locked This topic is locked
14 replies to this topic

#1 snuffmc

snuffmc

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 30 July 2010 - 07:15 PM

I was reading a thread about a similar problem I am having with my computer and a browser hijacker. One of the steps, after running MBAM was to run the Kapersky Online Scanner. I have done that, however, I am a bit confused as to what to do with the results. Does the online scanner automatically remove the infections it found, or do I have to manually do it, or am I missing something else all together? I did save the report, and it shows 7 threats and 8 infections. What do I do now?

Thanks!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:29 AM

Posted 30 July 2010 - 09:10 PM

Kaspersky on line scanner doesn't remove any findings.
You have to do it manually.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 31 July 2010 - 08:50 AM

Please post the log scan results for review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 snuffmc

snuffmc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 31 July 2010 - 11:10 AM

Here's my scan results when I scanned "My Computer" There were zero results when just scanning "Critical Areas".

Thanks for the help!!!

Friday, July 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 30, 2010 10:45:37
Records in database: 4193362


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
I:\

Scan statistics
Objects scanned 321843
Threats found 7
Infected objects found 8
Suspicious objects found 0
Scan duration 02:50:17

File name Threat Threats count
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache2557761257662575587.tmp Infected: Trojan-Downloader.Java.Agent.ea 1

C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp Infected: Trojan-Downloader.Java.Agent.fi 2

C:\Documents and Settings\Jason\Local Settings\Temp\nsi18.tmp.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 Infected: Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 Infected: Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 Infected: Trojan-Downloader.Java.Agent.fv 1

Selected area has been scanned.

Edited by snuffmc, 31 July 2010 - 11:12 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 31 July 2010 - 11:19 AM

Please download OTM by OldTimer and save to your Desktop.
  • Double-click on OTM.exe to launch the program. (If using Windows Vista, be sure to Run As Administrator)
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the code box and press CTRL+C or right-click and choose Copy.
:Processes
explorer.exe

:Services

:Reg

:Files
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache2557761257662575587.tmp 
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp 
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp 
C:\Documents and Settings\Jason\Local Settings\Temp\nsi18.tmp.exe Infected: 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 

:Commands
[emptytemp]
[start explorer]
[reboot]
  • Return to OTM, right-click in the open text box labeled "Paste Instructions for Items to be Moved" (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTM\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. After the reboot, open Notepad, click File > Open, in the File Name box type *.log and press the Enter key. Navigate to the C:\_OTM\MovedFiles folder, open the newest .log file and copy/paste the contents in your next reply. If not asked, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTM is a powerful program, designed to move highly persistent files and folders and is intended by the developer to be used under the guidance and supervision of a trained malware removal expert.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 snuffmc

snuffmc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 31 July 2010 - 12:30 PM

Here's my OTM log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache2557761257662575587.tmp moved successfully.
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp moved successfully.
File/Folder C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache576975534683608574.tmp not found.
File/Folder C:\Documents and Settings\Jason\Local Settings\Temp\nsi18.tmp.exe Infected: not found.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 moved successfully.
File/Folder C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 not found.
File/Folder C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\2f3a7416-4a4c3634 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 362916856 bytes
->Temporary Internet Files folder emptied: 242508 bytes
->Flash cache emptied: 41044 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Jason
->Temp folder emptied: 5008974413 bytes
->Temporary Internet Files folder emptied: 129970704 bytes
->Java cache emptied: 91376868 bytes
->FireFox cache emptied: 3940457 bytes
->Flash cache emptied: 136386 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 456158 bytes
->Flash cache emptied: 4907 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 23858823 bytes
->Java cache emptied: 532 bytes
->Flash cache emptied: 10261 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2423958 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103593805 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51642950 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7797514215 bytes

Total Files Cleaned = 12,951.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 07312010_124001

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 31 July 2010 - 02:12 PM

One file was not file as I copied/pasted the name incorrectly.

Use OTM the same as before but this time copy the file(s)/folder(s) paths listed below - highlight everything in the code box and press CTRL+C or right-click and choose Copy.
:Processes
explorer.exe


:Files
C:\Documents and Settings\Jason\Local Settings\Temp\nsi18.tmp.exe

:Commands

[reboot]
  • Return to OTM, right-click in the open text box labeled "Paste Instructions for Items to be Moved" (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
-- You may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not asked, reboot anyway.

Also let me know how your computer is running and if there are any more signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 snuffmc

snuffmc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 31 July 2010 - 06:58 PM

Here's my newest log:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\Documents and Settings\Jason\Local Settings\Temp\nsi18.tmp.exe not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.15.0 log created on 07312010_194644


I do still have a problem. All of this started with me trying to get rid of a browser hijacker. It also disabled my firewall. I have since managed to get the firewall back up, but the browser hijacker is still there. I hadn't been using Firefox on this computer, so I downloaded it recently, and the hijacker is affecting it also. If I type a webpage directly into the address bar, it will go there, but if I search for anything on google or yahoo, then click on a result, it takes me to monstermarketplace.com. I've been fighting this for almost a week now. Other than that, I do not notice any other problems with my machine. I can run all of my other programs without any glitches, or issues. I have scanned with Ad-aware, MBAM, Spybot SD, Superantispyware. I have performed multiple scans with all of the programs. I removed multiple trojans and other bad things everytime I scanned with one of those, until now all they find are a tracking cookie or 2.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 31 July 2010 - 07:13 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 snuffmc

snuffmc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 31 July 2010 - 10:19 PM

221 Objects scanned in :04, nothing found. Here's the log:

2010/07/31 23:17:15.0171 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/31 23:17:15.0171 ================================================================================
2010/07/31 23:17:15.0171 SystemInfo:
2010/07/31 23:17:15.0171
2010/07/31 23:17:15.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/31 23:17:15.0171 Product type: Workstation
2010/07/31 23:17:15.0171 ComputerName: BLACKMAC
2010/07/31 23:17:15.0171 UserName: Jason
2010/07/31 23:17:15.0171 Windows directory: C:\WINDOWS
2010/07/31 23:17:15.0171 System windows directory: C:\WINDOWS
2010/07/31 23:17:15.0171 Processor architecture: Intel x86
2010/07/31 23:17:15.0171 Number of processors: 2
2010/07/31 23:17:15.0171 Page size: 0x1000
2010/07/31 23:17:15.0171 Boot type: Normal boot
2010/07/31 23:17:15.0171 ================================================================================
2010/07/31 23:17:15.0390 Initialize success
2010/07/31 23:17:16.0671 ================================================================================
2010/07/31 23:17:16.0671 Scan started
2010/07/31 23:17:16.0671 Mode: Manual;
2010/07/31 23:17:16.0671 ================================================================================
2010/07/31 23:17:17.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/31 23:17:17.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/31 23:17:17.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/31 23:17:17.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/31 23:17:17.0531 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2010/07/31 23:17:17.0562 aksusb (2490cf6ad9f422506a088169758b6940) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2010/07/31 23:17:17.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/31 23:17:17.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/31 23:17:17.0703 ati2mtag (8c912d0913586903bc5ba69aca3c2949) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/07/31 23:17:17.0734 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/07/31 23:17:17.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/31 23:17:17.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/31 23:17:17.0843 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/07/31 23:17:17.0859 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/07/31 23:17:17.0875 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/07/31 23:17:17.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/31 23:17:17.0937 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/07/31 23:17:17.0937 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/07/31 23:17:17.0968 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
2010/07/31 23:17:18.0000 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/07/31 23:17:18.0031 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/07/31 23:17:18.0062 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/07/31 23:17:18.0109 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/07/31 23:17:18.0125 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2010/07/31 23:17:18.0156 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/07/31 23:17:18.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/31 23:17:18.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/31 23:17:18.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/31 23:17:18.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/31 23:17:18.0265 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/07/31 23:17:18.0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/31 23:17:18.0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/31 23:17:18.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/31 23:17:18.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/31 23:17:18.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/31 23:17:18.0390 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/31 23:17:18.0421 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
2010/07/31 23:17:18.0437 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys
2010/07/31 23:17:18.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/31 23:17:18.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/31 23:17:18.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/31 23:17:18.0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/31 23:17:18.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/31 23:17:18.0546 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/07/31 23:17:18.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/31 23:17:18.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/31 23:17:18.0593 gdrv (4d08c10748f375f8d27f67490a2e9a89) C:\WINDOWS\gdrv.sys
2010/07/31 23:17:18.0609 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/31 23:17:18.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/31 23:17:18.0656 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/07/31 23:17:18.0703 Hardlock (2a2448dd47208722c0cf3665687ae9f6) C:\WINDOWS\system32\drivers\hardlock.sys
2010/07/31 23:17:18.0718 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/31 23:17:18.0750 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/07/31 23:17:18.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/31 23:17:18.0796 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/07/31 23:17:18.0812 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/07/31 23:17:18.0828 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/07/31 23:17:18.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/31 23:17:18.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/31 23:17:18.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/31 23:17:18.0921 InCDfs (d075ec26f410e5fe1cc3688bcf78609f) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/07/31 23:17:18.0937 InCDPass (1267811f30ceccb72e97dc33742abea2) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/07/31 23:17:18.0937 InCDrec (bb4e2c719b745e27e55edbcb1230c205) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/07/31 23:17:18.0968 incdrm (9589d693b003d2a4d044a2476a827e11) C:\WINDOWS\system32\drivers\incdrm.sys
2010/07/31 23:17:19.0062 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/07/31 23:17:19.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/31 23:17:19.0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/31 23:17:19.0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/31 23:17:19.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/31 23:17:19.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/31 23:17:19.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/31 23:17:19.0203 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/31 23:17:19.0218 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/31 23:17:19.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/31 23:17:19.0250 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/31 23:17:19.0281 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/31 23:17:19.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/31 23:17:19.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/31 23:17:19.0343 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/07/31 23:17:19.0406 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/07/31 23:17:19.0421 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/07/31 23:17:19.0437 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/07/31 23:17:19.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/31 23:17:19.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/31 23:17:19.0500 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/07/31 23:17:19.0515 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/31 23:17:19.0546 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/31 23:17:19.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/31 23:17:19.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/31 23:17:19.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/31 23:17:19.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/31 23:17:19.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/31 23:17:19.0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/31 23:17:19.0656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/31 23:17:19.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/31 23:17:19.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/31 23:17:19.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/31 23:17:19.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/31 23:17:19.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/31 23:17:19.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/31 23:17:19.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/31 23:17:19.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/31 23:17:19.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/31 23:17:19.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/31 23:17:19.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/31 23:17:19.0812 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/07/31 23:17:19.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/31 23:17:19.0906 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/31 23:17:19.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/31 23:17:19.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/31 23:17:19.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/31 23:17:19.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/31 23:17:19.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/31 23:17:20.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/31 23:17:20.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/31 23:17:20.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/31 23:17:20.0109 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/07/31 23:17:20.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/31 23:17:20.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/31 23:17:20.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/31 23:17:20.0156 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/31 23:17:20.0203 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
2010/07/31 23:17:20.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/31 23:17:20.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/31 23:17:20.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/31 23:17:20.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/31 23:17:20.0250 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/31 23:17:20.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/31 23:17:20.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/31 23:17:20.0296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/31 23:17:20.0296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/31 23:17:20.0343 RTLE8023xp (cd0afbbd81c30e6a8a92cc1089db1ba0) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/07/31 23:17:20.0390 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/07/31 23:17:20.0406 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/07/31 23:17:20.0437 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/31 23:17:20.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/31 23:17:20.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/31 23:17:20.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/07/31 23:17:20.0500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/31 23:17:20.0515 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/31 23:17:20.0531 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/31 23:17:20.0562 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/07/31 23:17:20.0578 SummaUsb (4de620f4b9af37139a6d3bffb6cee709) C:\WINDOWS\system32\Drivers\SUMMAUSB.sys
2010/07/31 23:17:20.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/31 23:17:20.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/31 23:17:20.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/31 23:17:20.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/31 23:17:20.0718 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/31 23:17:20.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/31 23:17:20.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/31 23:17:20.0781 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/07/31 23:17:20.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/31 23:17:20.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/31 23:17:20.0859 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/31 23:17:20.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/31 23:17:20.0906 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/31 23:17:20.0921 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/31 23:17:20.0937 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/31 23:17:20.0968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/31 23:17:20.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/31 23:17:21.0000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/31 23:17:21.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/31 23:17:21.0031 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/31 23:17:21.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/31 23:17:21.0078 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/07/31 23:17:21.0109 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/31 23:17:21.0125 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/31 23:17:21.0140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/31 23:17:21.0171 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2010/07/31 23:17:21.0187 ================================================================================
2010/07/31 23:17:21.0187 Scan finished
2010/07/31 23:17:21.0187 ================================================================================

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 01 August 2010 - 07:30 AM

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 the dummy

the dummy

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 01 August 2010 - 09:48 AM

LUA - returnil - sandboxie - hard & soft firewalls = not haveing to go through this again most likely. :thumbsup: :flowers:

#13 snuffmc

snuffmc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 02 August 2010 - 01:28 PM

Sorry for the long wait, I work 24 hour shifts, and was at work yesterday.

Here's the MBR Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000011d

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xBA0F8000 Lbd.sys
0xBA108000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9492000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB947E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9456000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9432000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9417000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA208000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9DC6000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9403000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB93E0000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA488000 \SystemRoot\System32\Drivers\incdrm.SYS
0xBA490000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xBA498000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9313000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA7CD000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA7CE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9DBA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB92FC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB92EB000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB92BB000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA340000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB925D000 \SystemRoot\system32\DRIVERS\update.sys
0xB99BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAD083000 \SystemRoot\system32\drivers\btaudio.sys
0xAD05F000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAD01D000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACB91000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA388000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA779000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA59C000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xACB08000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACAF5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACA9C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACA4E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACA26000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA318000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xACA04000 \SystemRoot\System32\drivers\afd.sys
0xBA138000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAC9E2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA3C0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAD053000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA148000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\aksusb.sys
0xAD04F000 \SystemRoot\system32\DRIVERS\AKSCLASS.SYS
0xAC9B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAC947000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA158000 \SystemRoot\System32\Drivers\Fips.SYS
0xAC92B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5FA000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xAC8F0000 \SystemRoot\system32\DRIVERS\akshasp.sys
0xBA198000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAC745000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACA8C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA438000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7BA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBA460000 \SystemRoot\system32\DRIVERS\radpms.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EB000 \SystemRoot\System32\atikvmag.dll
0xBF157000 \SystemRoot\System32\atiok3x2.dll
0xBF19A000 \SystemRoot\System32\ati3duag.dll
0xBF557000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA3E0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB921D000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xAA06B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA047000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA62E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA9D87000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xA9D08000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA642000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA9FEF000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xA9918000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9845000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9834000 \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
0xA968B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC8C0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA95F0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA96EC000 \SystemRoot\System32\Drivers\btwusb.sys
0xAA027000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA400000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xA9B70000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA94CF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xACB7D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9562000 \SystemRoot\system32\DRIVERS\point32.sys
0xA95E8000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA418000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAC8A8000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xA99E8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xAA1A8000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xAC8A0000 \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
0xA88A9000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
728 csrss.exe
760 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
1012 C:\WINDOWS\system32\ati2evxx.exe
1028 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1204 C:\Program Files\Windows Defender\MsMpEng.exe
1244 C:\WINDOWS\system32\svchost.exe
1264 C:\Program Files\Ahead\InCD\InCDsrv.exe
1356 svchost.exe
1492 svchost.exe
1564 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1580 C:\WINDOWS\system32\ati2evxx.exe
1704 C:\WINDOWS\system32\spoolsv.exe
1752 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1832 svchost.exe
208 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
260 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
276 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
368 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
392 C:\Program Files\Bonjour\mDNSResponder.exe
456 C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
708 C:\Program Files\Java\jre6\bin\jqs.exe
888 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1144 C:\Program Files\LogMeIn\x86\ramaint.exe
1408 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1916 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
1420 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2220 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2236 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2308 C:\WINDOWS\system32\svchost.exe
2956 alg.exe
2964 unsecapp.exe
2996 wmiprvse.exe
2492 C:\WINDOWS\explorer.exe
2012 C:\WINDOWS\RTHDCPL.exe
3280 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
284 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3656 C:\WINDOWS\system32\ctfmon.exe
3492 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1444 C:\Program Files\Ahead\InCD\InCD.exe
2032 C:\Program Files\Microsoft IntelliType Pro\itype.exe
1956 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2456 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4088 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
3980 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3112 C:\Program Files\Google\Google Talk\googletalk.exe
3408 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1480 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2940 C:\Program Files\iTunes\iTunesHelper.exe
2828 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
868 C:\Program Files\Windows Defender\MSASCui.exe
3460 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
436 C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
1024 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1616 C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
2980 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3468 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
1056 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
3152 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
1528 C:\Program Files\Pjannto\RIP\PjRipVirtualPrinter.exe
4084 C:\Program Files\iPod\bin\iPodService.exe
2092 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
1132 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
2848 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
2360 C:\Program Files\Internet Explorer\iexplore.exe
2560 C:\Program Files\Internet Explorer\iexplore.exe
2200 C:\Program Files\Internet Explorer\iexplore.exe
1280 C:\Documents and Settings\Jason\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`380dfe00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 AM

Posted 02 August 2010 - 01:46 PM

This issue will require further investigation. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS/HijackThis log.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:29 AM

Posted 06 August 2010 - 09:29 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/337699/search-engine-re-direct-cannot-run-gmer/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users