Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

URL redirector, shuts down anti-virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 quagmire305

quagmire305

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 26 October 2011 - 12:18 AM

Hello,

I have been having a hard time removing what I believe is malware on my computer. Usually I'm able to figure it out and find the right software to get rid of certain kinds, but I am at a complete loss. Currently, I'm on my third web browser after both Firefox and Google Chrome are unoperative. I have tried tons of anti-virus programs and all of them have shut down. Malwarebytes is completely unusable after trying the advice from you guys to make it work in all the different ways you have described.

Everytime I search on Google it will redirect me to another site when I click on the link. I have to copy the URL and manually post it in the browser to view the site. Sometimes it will have something like "mywebsearch" in the address. Also, sometimes a random tab will pop-up. Those URL titles vary greatly with the random advertisements that pop up.

I have no idea what causes the problems and would greatly appreciate any help when you can.

Thanks.

P.S. I don't know if it's related, but my laptop seems to be over-using its fan. It has become loud and whiny since I've had this problem, and was unsure if this was a software issue or just a coincidence with my hardware.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Me at 0:05:02 on 2011-10-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.479 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\3133273573:436878917.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
mStart Page = hxxp://startsear.ch
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CdEventaudio] rundll32.exe "c:\documents and settings\me\local settings\application data\olegl3xx\CdEventaudio.dll",AsyncPadspl SecurityHelpdll32
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\me\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Google Update] "c:\documents and settings\me\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [SBRegRebootCleaner] "c:\program files\sunbelt software\vipre\SBRC.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\me\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 69.5.136.253 69.5.139.3
TCP: Interfaces\{497B6F52-EB7B-492A-BB87-5F696213638C} : DhcpNameServer = 69.5.136.253 69.5.139.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\me\application data\mozilla\firefox\profiles\wrl1qatq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?

id=ZLman000&ptb=1Bregl9GIRtrZJGz14ZHNw&ind=2011020702&ptnrS=ZLman000&si=&n=77ddbd9e&psa=&st=kwd&searchfor=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\me\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-5 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-10-4 21592]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-10-4 212568]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-5 20568]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-21 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-10-4 74456]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-9-6 181584]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-9-25 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-21 22216]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-22 41272]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-5 442200]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-5 44768]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-1-3 15616]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-9-6 2804280]
.
=============== Created Last 30 ================
.
2011-10-06 03:56:18 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-06 03:56:00 41184 ----a-w- c:\windows\avastSS.scr
2011-10-06 03:55:45 -------- d-----w- c:\program files\AVAST Software
2011-10-06 03:55:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-05 02:49:33 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-10-05 02:49:33 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-10-05 02:42:14 -------- d-----w- c:\documents and settings\me\application data\Sunbelt
2011-10-05 02:42:07 -------- d-----w- c:\documents and settings\all users\application data\Sunbelt
2011-10-05 02:39:15 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-10-05 02:39:08 -------- d-----w- c:\program files\Sunbelt Software
2011-10-05 02:32:48 -------- d-----w- c:\documents and settings\me\local settings\application data\Opera
2011-10-05 02:03:08 -------- d-----w- c:\windows\system32\drivers\nss\0305020.009
2011-10-05 02:03:08 -------- d-----w- c:\windows\system32\drivers\NSS
2011-10-05 02:03:08 -------- d-----w- c:\program files\Norton Security Scan
2011-10-05 02:03:05 -------- d-----w- c:\program files\NortonInstaller
2011-10-05 02:00:05 -------- d-----w- c:\documents and settings\me\application data\QuickScan
2011-10-05 01:52:49 -------- d-----w- c:\program files\STOPzilla!
2011-10-05 01:52:48 -------- d-----w- c:\program files\common files\iS3
2011-10-05 01:52:48 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-09-28 22:58:02 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-09-28 22:58:02 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-09-28 22:58:00 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-09-28 22:58:00 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-09-28 22:58:00 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-09-28 22:58:00 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-09-28 22:57:58 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-09-28 22:57:58 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-28 22:57:58 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-09-28 22:57:58 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-09-28 22:57:56 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-09-28 22:57:56 230864 ----a-r- c:\windows\system32\IS3Win325.dll
.
==================== Find3M ====================
.
2011-10-26 02:49:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-05 01:42:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 08:30:39 50112 --sha-w- c:\windows\system32\c_22290.nl_
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 17:30:42 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 22:36:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-16 22:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863F8760]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ

0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F91030]
3 CLASSPNP[0xF76E2FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86469030]
\Driver\00000948[0x864DA030] -> IRP_MJ_CREATE -> 0x863F8760
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 0:06:16.09 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 29 October 2011 - 09:25 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 01 November 2011 - 12:46 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 02 November 2011 - 08:44 AM

Thanks for the help so far. ComboFix ran successfully and it detected that I had Rootkit.ZeroAccess which was "hard to get rid of" and it was "inserted into tcp/ip stack."

A couple things while it scanned my computer and after it rebooted a second time. I received the following messages:

  • It kept popping up with a "Data Execution Prevention" and it kept telling me that it was ending "Automatic Updates". This would usually pop up frequently and it still does.
  • An error occured twice with the program "javaw.exe" - "the procedure entry point _JVM_LoadSystemLibrary@4 could not be located in the dynamic link library jvm.dll
  • Malwarebytes' Anti-Malware came up with this error: "[OpenEvent] Failed to perform desired action. Error code: 2"

One thing to note: ComboFix does say that both avast! and VIPRE were enabled, but both of these process were nonworking. I could not end the processes, but since both programs were actually disabled by whatever virus/malware I have, ComboFix wouldn't be interfered with.

Here is the ComboFix log:

ComboFix 11-11-02.01 - Me 11/02/2011 8:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.709 [GMT -5:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\94729526.ini
c:\documents and settings\Me\Local Settings\Application Data\oleGL3xx\CdEventaudio.dll
c:\documents and settings\Me\WINDOWS
c:\program files\Internet Explorer\SET1F05.tmp
c:\program files\Internet Explorer\SET2D0E.tmp
c:\windows\$NtUninstallKB56240$
c:\windows\$NtUninstallKB56240$\3858088378\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB56240$\3858088378\click.tlb
c:\windows\$NtUninstallKB56240$\3858088378\L\pzofaiii
c:\windows\$NtUninstallKB56240$\3858088378\loader.tlb
c:\windows\$NtUninstallKB56240$\3858088378\U\@00000001
c:\windows\$NtUninstallKB56240$\3858088378\U\@000000c0
c:\windows\$NtUninstallKB56240$\3858088378\U\@000000cb
c:\windows\$NtUninstallKB56240$\3858088378\U\@000000cf
c:\windows\$NtUninstallKB56240$\3858088378\U\@80000000
c:\windows\$NtUninstallKB56240$\3858088378\U\@800000c0
c:\windows\$NtUninstallKB56240$\3858088378\U\@800000cb
c:\windows\$NtUninstallKB56240$\3858088378\U\@800000cf
c:\windows\$NtUninstallKB56240$\596932902
c:\windows\kb913800.exe
c:\windows\system32\c_22290.nls
.
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wuauclt.exe
.
c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . is infected!!
c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . is infected!!
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\libusbd-nt.exe . . . is infected!!
c:\windows\system32\libusbd-nt.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!!
c:\program files\Common Files\LightScribe\LSSrvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . . . is infected!!
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_e5f5c1ba
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-10-06 03:56 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-06 03:56 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-06 03:56 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-06 03:56 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-06 03:56 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-06 03:56 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-06 03:56 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-06 03:56 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-06 03:56 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-06 03:55 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-06 03:55 . 2011-10-06 03:55 -------- d-----w- c:\program files\AVAST Software
2011-10-06 03:55 . 2011-10-06 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-05 02:49 . 2011-08-29 22:36 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-10-05 02:49 . 2011-08-29 22:36 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-10-05 02:42 . 2011-10-05 02:42 -------- d-----w- c:\documents and settings\Me\Application Data\Sunbelt
2011-10-05 02:42 . 2011-10-05 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-10-05 02:39 . 2011-04-05 22:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-10-05 02:39 . 2011-10-05 02:39 -------- d-----w- c:\program files\Sunbelt Software
2011-10-05 02:32 . 2011-10-05 02:32 -------- d-----w- c:\documents and settings\Me\Local Settings\Application Data\Opera
2011-10-05 02:03 . 2011-10-05 02:03 -------- d-----w- c:\windows\system32\drivers\NSS
2011-10-05 02:03 . 2011-10-05 02:03 -------- d-----w- c:\program files\Norton Security Scan
2011-10-05 02:03 . 2011-10-05 02:03 -------- d-----w- c:\program files\NortonInstaller
2011-10-05 02:00 . 2011-10-05 02:00 -------- d-----w- c:\documents and settings\Me\Application Data\QuickScan
2011-10-05 01:52 . 2011-10-05 01:52 -------- d-----w- c:\program files\STOPzilla!
2011-10-05 01:52 . 2011-10-05 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-05 01:52 . 2011-10-05 01:52 -------- d-----w- c:\program files\Common Files\iS3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 02:49 . 2011-09-22 05:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-05 01:42 . 2011-05-24 07:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 22:58 . 2011-09-28 22:58 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-09-28 22:58 . 2011-09-28 22:58 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-09-28 22:58 . 2011-09-28 22:58 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-09-28 22:58 . 2011-09-28 22:58 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-09-28 22:58 . 2011-09-28 22:58 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-09-28 22:58 . 2011-09-28 22:58 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-09-28 22:57 . 2011-09-28 22:57 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-09-28 22:57 . 2011-09-28 22:57 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-28 22:57 . 2011-09-28 22:57 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-09-28 22:57 . 2011-09-28 22:57 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-09-28 22:57 . 2011-09-28 22:57 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-09-28 22:57 . 2011-09-28 22:57 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-09-16 08:30 . 2011-09-15 03:12 50112 --sha-w- c:\windows\system32\c_22290.nl_
2011-09-09 09:12 . 2004-08-10 15:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 17:30 . 2011-09-06 17:30 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-31 22:00 . 2011-09-22 04:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 22:36 . 2011-08-29 22:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-16 22:48 . 2011-08-16 22:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-11 16:36 . 2011-05-24 07:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
"Octoshape Streaming Services"="c:\documents and settings\Me\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"nwiz"="nwiz.exe" [2006-04-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-06 1357136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Me\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Me\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
"c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Me\\Desktop\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Me\\Desktop\\STOPzilla_Setup.exe"=
"c:\\Program Files\\Norton Security Scan\\Engine\\3.5.2.9\\Nss.exe"=
"c:\\Program Files\\Norton Security Scan\\Engine\\3.5.2.9\\SymCCISE.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sunbelt Software\\VIPRE\\sbamui.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\6221444862.exe"=
"c:\\Documents and Settings\\Me\\Local Settings\\Temp\\jre-6u29-windows-i586-iftw-rv.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [8/16/2011 5:48 PM 59080]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/5/2011 10:56 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/5/2011 10:56 PM 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/4/2011 9:49 PM 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/29/2011 5:36 PM 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/4/2011 9:39 PM 212568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/5/2011 10:56 PM 20568]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/4/2011 9:49 PM 74456]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [9/6/2011 12:29 PM 181584]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [9/25/2010 12:32 AM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/21/2011 11:49 PM 22216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [1/3/2009 2:23 PM 15616]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/6/2011 12:29 PM 2804280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169289195-4228256143-798148822-1005Core.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 20:26]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169289195-4228256143-798148822-1005UA.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 20:26]
.
2011-10-05 c:\windows\Tasks\Norton Security Scan for Me.job
- c:\progra~1\NORTON~2\Engine\352~1.9\Nss.exe [2011-10-05 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://startsear.ch
mStart Page = hxxp://startsear.ch
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 69.5.136.253 69.5.139.3
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\wrl1qatq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLman000&ptb=1Bregl9GIRtrZJGz14ZHNw&ind=2011020702&ptnrS=ZLman000&si=&n=77ddbd9e&psa=&st=kwd&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CdEventaudio - c:\documents and settings\Me\Local Settings\Application Data\oleGL3xx\CdEventaudio.dll
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????_??????(?@???????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-11-02 08:37:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-02 13:37
.
Pre-Run: 9,797,300,224 bytes free
Post-Run: 15,973,621,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C531CF2BE7092E67FF8616338D31F16D

Edited by quagmire305, 02 November 2011 - 08:46 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 02 November 2011 - 12:22 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 02 November 2011 - 11:20 PM

Here is the report from the TDSKiller. No infectious files were found.

23:17:00.0593 2556 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:17:01.0093 2556 ============================================================
23:17:01.0093 2556 Current date / time: 2011/11/02 23:17:01.0093
23:17:01.0093 2556 SystemInfo:
23:17:01.0093 2556
23:17:01.0093 2556 OS Version: 5.1.2600 ServicePack: 3.0
23:17:01.0093 2556 Product type: Workstation
23:17:01.0093 2556 ComputerName: BRIAN
23:17:01.0093 2556 UserName: Me
23:17:01.0093 2556 Windows directory: C:\WINDOWS
23:17:01.0093 2556 System windows directory: C:\WINDOWS
23:17:01.0093 2556 Processor architecture: Intel x86
23:17:01.0093 2556 Number of processors: 2
23:17:01.0093 2556 Page size: 0x1000
23:17:01.0093 2556 Boot type: Normal boot
23:17:01.0093 2556 ============================================================
23:17:01.0890 2556 Initialize success
23:17:04.0171 3656 ============================================================
23:17:04.0171 3656 Scan started
23:17:04.0171 3656 Mode: Manual;
23:17:04.0171 3656 ============================================================
23:17:04.0484 3656 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:17:04.0484 3656 Aavmker4 - ok
23:17:04.0531 3656 Abiosdsk - ok
23:17:04.0593 3656 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:17:04.0593 3656 abp480n5 - ok
23:17:04.0671 3656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:17:04.0687 3656 ACPI - ok
23:17:04.0968 3656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:17:04.0968 3656 ACPIEC - ok
23:17:05.0046 3656 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:17:05.0046 3656 adpu160m - ok
23:17:05.0109 3656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:17:05.0125 3656 aec - ok
23:17:05.0281 3656 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:17:05.0296 3656 AFD - ok
23:17:05.0359 3656 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:17:05.0359 3656 agp440 - ok
23:17:05.0453 3656 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:17:05.0468 3656 agpCPQ - ok
23:17:05.0515 3656 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:17:05.0515 3656 Aha154x - ok
23:17:05.0578 3656 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:17:05.0578 3656 aic78u2 - ok
23:17:05.0656 3656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:17:05.0656 3656 aic78xx - ok
23:17:05.0734 3656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:17:05.0734 3656 AliIde - ok
23:17:05.0890 3656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:17:05.0890 3656 alim1541 - ok
23:17:05.0968 3656 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:17:05.0984 3656 amdagp - ok
23:17:06.0031 3656 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:17:06.0046 3656 amsint - ok
23:17:06.0109 3656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:17:06.0109 3656 Arp1394 - ok
23:17:06.0171 3656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:17:06.0171 3656 asc - ok
23:17:06.0234 3656 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:17:06.0234 3656 asc3350p - ok
23:17:06.0406 3656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:17:06.0437 3656 asc3550 - ok
23:17:06.0546 3656 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:17:06.0546 3656 aswFsBlk - ok
23:17:06.0609 3656 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
23:17:06.0625 3656 aswMon2 - ok
23:17:06.0656 3656 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
23:17:06.0656 3656 aswRdr - ok
23:17:06.0812 3656 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
23:17:06.0812 3656 aswSnx - ok
23:17:06.0875 3656 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
23:17:06.0875 3656 aswSP - ok
23:17:07.0000 3656 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
23:17:07.0000 3656 aswTdi - ok
23:17:07.0093 3656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:17:07.0093 3656 AsyncMac - ok
23:17:07.0140 3656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:17:07.0140 3656 atapi - ok
23:17:07.0187 3656 Atdisk - ok
23:17:07.0250 3656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:17:07.0250 3656 Atmarpc - ok
23:17:07.0343 3656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:17:07.0343 3656 audstub - ok
23:17:07.0531 3656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:17:07.0531 3656 Beep - ok
23:17:07.0609 3656 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
23:17:07.0609 3656 BTWUSB - ok
23:17:07.0625 3656 catchme - ok
23:17:07.0687 3656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:17:07.0687 3656 cbidf - ok
23:17:07.0734 3656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:17:07.0734 3656 cbidf2k - ok
23:17:07.0796 3656 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:17:07.0796 3656 cd20xrnt - ok
23:17:07.0859 3656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:17:07.0859 3656 Cdaudio - ok
23:17:08.0031 3656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:17:08.0031 3656 Cdfs - ok
23:17:08.0078 3656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:17:08.0078 3656 Cdrom - ok
23:17:08.0140 3656 Changer - ok
23:17:08.0203 3656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:17:08.0203 3656 CmBatt - ok
23:17:08.0265 3656 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:17:08.0265 3656 CmdIde - ok
23:17:08.0312 3656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:17:08.0312 3656 Compbatt - ok
23:17:08.0531 3656 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:17:08.0531 3656 Cpqarray - ok
23:17:08.0562 3656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:17:08.0562 3656 dac2w2k - ok
23:17:08.0578 3656 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:17:08.0578 3656 dac960nt - ok
23:17:08.0640 3656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:17:08.0640 3656 Disk - ok
23:17:08.0703 3656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:17:08.0750 3656 dmboot - ok
23:17:08.0781 3656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:17:08.0781 3656 dmio - ok
23:17:08.0812 3656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:17:08.0812 3656 dmload - ok
23:17:08.0859 3656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:17:08.0875 3656 DMusic - ok
23:17:08.0921 3656 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:17:08.0921 3656 dpti2o - ok
23:17:09.0062 3656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:17:09.0062 3656 drmkaud - ok
23:17:09.0171 3656 dualshock3 (081b95ae082613328fb7cd4451b67d93) C:\WINDOWS\system32\DRIVERS\dualshock3.sys
23:17:09.0171 3656 dualshock3 - ok
23:17:09.0234 3656 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:17:09.0234 3656 E100B - ok
23:17:09.0312 3656 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
23:17:09.0328 3656 eabfiltr - ok
23:17:09.0375 3656 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
23:17:09.0375 3656 eabusb - ok
23:17:09.0484 3656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:17:09.0484 3656 Fastfat - ok
23:17:09.0593 3656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:17:09.0609 3656 Fdc - ok
23:17:09.0656 3656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:17:09.0656 3656 Fips - ok
23:17:09.0687 3656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:17:09.0703 3656 Flpydisk - ok
23:17:09.0750 3656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:17:09.0750 3656 FltMgr - ok
23:17:09.0843 3656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:17:09.0843 3656 Fs_Rec - ok
23:17:09.0890 3656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:17:09.0890 3656 Ftdisk - ok
23:17:10.0000 3656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:17:10.0000 3656 Gpc - ok
23:17:10.0062 3656 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
23:17:10.0078 3656 HBtnKey - ok
23:17:10.0125 3656 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
23:17:10.0156 3656 HdAudAddService - ok
23:17:10.0218 3656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:17:10.0234 3656 HDAudBus - ok
23:17:10.0281 3656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:17:10.0281 3656 HidUsb - ok
23:17:10.0328 3656 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:17:10.0328 3656 hpn - ok
23:17:10.0390 3656 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:17:10.0390 3656 HPZid412 - ok
23:17:10.0453 3656 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:17:10.0453 3656 HPZipr12 - ok
23:17:10.0578 3656 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:17:10.0578 3656 HPZius12 - ok
23:17:10.0703 3656 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:17:10.0718 3656 HSFHWAZL - ok
23:17:10.0828 3656 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:17:10.0859 3656 HSF_DPV - ok
23:17:10.0937 3656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:17:10.0953 3656 HTTP - ok
23:17:11.0015 3656 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:17:11.0031 3656 i2omgmt - ok
23:17:11.0109 3656 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:17:11.0109 3656 i2omp - ok
23:17:11.0140 3656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:17:11.0140 3656 i8042prt - ok
23:17:11.0218 3656 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:17:11.0218 3656 iaStor - ok
23:17:11.0281 3656 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:17:11.0281 3656 ini910u - ok
23:17:11.0296 3656 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:17:11.0296 3656 IntelIde - ok
23:17:11.0328 3656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:17:11.0343 3656 intelppm - ok
23:17:11.0375 3656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:17:11.0375 3656 Ip6Fw - ok
23:17:11.0406 3656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:17:11.0406 3656 IpFilterDriver - ok
23:17:11.0500 3656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:17:11.0515 3656 IpInIp - ok
23:17:11.0546 3656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:17:11.0546 3656 IpNat - ok
23:17:11.0625 3656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:17:11.0625 3656 IPSec - ok
23:17:11.0718 3656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:17:11.0718 3656 IRENUM - ok
23:17:11.0781 3656 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
23:17:11.0781 3656 is3srv - ok
23:17:11.0843 3656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:17:11.0843 3656 isapnp - ok
23:17:11.0859 3656 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
23:17:11.0875 3656 itchfltr - ok
23:17:11.0890 3656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:17:11.0890 3656 Kbdclass - ok
23:17:11.0906 3656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:17:11.0906 3656 kbdhid - ok
23:17:11.0937 3656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:17:11.0953 3656 kmixer - ok
23:17:11.0984 3656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:17:11.0984 3656 KSecDD - ok
23:17:12.0000 3656 lbrtfdc - ok
23:17:12.0046 3656 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
23:17:12.0046 3656 LCcfltr - ok
23:17:12.0078 3656 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
23:17:12.0078 3656 LHidUsb - ok
23:17:12.0125 3656 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
23:17:12.0140 3656 libusb0 - ok
23:17:12.0203 3656 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
23:17:12.0203 3656 MBAMProtector - ok
23:17:12.0375 3656 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:17:12.0375 3656 mdmxsdk - ok
23:17:12.0437 3656 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:17:12.0750 3656 MHNDRV - ok
23:17:12.0812 3656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:17:12.0812 3656 mnmdd - ok
23:17:12.0890 3656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:17:12.0890 3656 Modem - ok
23:17:12.0937 3656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:17:12.0937 3656 Mouclass - ok
23:17:13.0015 3656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:17:13.0031 3656 mouhid - ok
23:17:13.0171 3656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:17:13.0171 3656 MountMgr - ok
23:17:13.0281 3656 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
23:17:13.0312 3656 MQAC - ok
23:17:13.0734 3656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:17:13.0734 3656 mraid35x - ok
23:17:14.0062 3656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:17:14.0078 3656 MRxDAV - ok
23:17:14.0296 3656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:17:14.0312 3656 MRxSmb - ok
23:17:14.0468 3656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:17:14.0468 3656 Msfs - ok
23:17:14.0531 3656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:17:14.0531 3656 MSKSSRV - ok
23:17:14.0593 3656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:17:14.0593 3656 MSPCLOCK - ok
23:17:14.0734 3656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:17:14.0750 3656 MSPQM - ok
23:17:14.0828 3656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:17:14.0828 3656 mssmbios - ok
23:17:14.0968 3656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:17:14.0968 3656 Mup - ok
23:17:15.0031 3656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:17:15.0031 3656 NDIS - ok
23:17:15.0171 3656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:17:15.0171 3656 NdisTapi - ok
23:17:15.0359 3656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:17:15.0359 3656 Ndisuio - ok
23:17:15.0390 3656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:17:15.0390 3656 NdisWan - ok
23:17:15.0453 3656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:17:15.0453 3656 NDProxy - ok
23:17:15.0484 3656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:17:15.0484 3656 NetBIOS - ok
23:17:15.0515 3656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:17:15.0515 3656 NetBT - ok
23:17:15.0609 3656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:17:15.0609 3656 NIC1394 - ok
23:17:15.0625 3656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:17:15.0640 3656 Npfs - ok
23:17:15.0687 3656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:17:15.0703 3656 Ntfs - ok
23:17:15.0750 3656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:17:15.0765 3656 Null - ok
23:17:15.0984 3656 nv (88d8f8d4c3243e0bb0ed57496868e52e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:17:16.0125 3656 nv - ok
23:17:16.0203 3656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:17:16.0203 3656 NwlnkFlt - ok
23:17:16.0265 3656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:17:16.0265 3656 NwlnkFwd - ok
23:17:16.0468 3656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:17:16.0468 3656 ohci1394 - ok
23:17:16.0578 3656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:17:16.0578 3656 Parport - ok
23:17:16.0625 3656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:17:16.0625 3656 PartMgr - ok
23:17:16.0703 3656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:17:16.0703 3656 ParVdm - ok
23:17:16.0750 3656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:17:16.0765 3656 PCI - ok
23:17:16.0796 3656 PCIDump - ok
23:17:16.0937 3656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:17:17.0421 3656 PCIIde - ok
23:17:17.0562 3656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:17:17.0578 3656 Pcmcia - ok
23:17:17.0671 3656 PDCOMP - ok
23:17:17.0703 3656 PDFRAME - ok
23:17:17.0765 3656 PDRELI - ok
23:17:17.0796 3656 PDRFRAME - ok
23:17:17.0859 3656 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:17:17.0859 3656 perc2 - ok
23:17:17.0937 3656 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:17:17.0937 3656 perc2hib - ok
23:17:18.0093 3656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:17:18.0093 3656 PptpMiniport - ok
23:17:18.0187 3656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:17:18.0203 3656 PSched - ok
23:17:18.0281 3656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:17:18.0281 3656 Ptilink - ok
23:17:18.0328 3656 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:17:18.0328 3656 PxHelp20 - ok
23:17:18.0375 3656 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:17:18.0406 3656 ql1080 - ok
23:17:18.0515 3656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:17:18.0531 3656 Ql10wnt - ok
23:17:18.0593 3656 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:17:18.0593 3656 ql12160 - ok
23:17:18.0703 3656 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:17:18.0703 3656 ql1240 - ok
23:17:18.0765 3656 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:17:18.0781 3656 ql1280 - ok
23:17:18.0843 3656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:17:18.0843 3656 RasAcd - ok
23:17:18.0906 3656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:17:18.0921 3656 Rasl2tp - ok
23:17:19.0000 3656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:17:19.0000 3656 RasPppoe - ok
23:17:19.0093 3656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:17:19.0109 3656 Raspti - ok
23:17:19.0250 3656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:17:19.0265 3656 Rdbss - ok
23:17:19.0343 3656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:17:19.0343 3656 RDPCDD - ok
23:17:19.0390 3656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:17:19.0406 3656 rdpdr - ok
23:17:19.0531 3656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:17:19.0546 3656 RDPWD - ok
23:17:19.0593 3656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:17:19.0593 3656 redbook - ok
23:17:19.0687 3656 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
23:17:19.0703 3656 RMCAST - ok
23:17:19.0828 3656 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:17:19.0828 3656 rtl8139 - ok
23:17:19.0937 3656 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:17:19.0937 3656 SASDIFSV - ok
23:17:19.0953 3656 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:17:19.0953 3656 SASKUTIL - ok
23:17:20.0093 3656 sbaphd (6627325e92595a1854cc0dead61c25b2) C:\WINDOWS\system32\drivers\sbaphd.sys
23:17:20.0093 3656 sbaphd - ok
23:17:20.0140 3656 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\WINDOWS\system32\drivers\sbapifs.sys
23:17:20.0140 3656 sbapifs - ok
23:17:20.0218 3656 SBRE (16b11c7940182163d680284ebd0b5342) C:\WINDOWS\system32\drivers\SBREdrv.sys
23:17:20.0234 3656 SBRE - ok
23:17:20.0328 3656 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
23:17:20.0343 3656 SbTis - ok
23:17:20.0421 3656 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:17:20.0437 3656 sdbus - ok
23:17:20.0562 3656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:17:20.0562 3656 Secdrv - ok
23:17:20.0640 3656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:17:20.0656 3656 Serial - ok
23:17:20.0671 3656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:17:20.0687 3656 Sfloppy - ok
23:17:20.0703 3656 Simbad - ok
23:17:20.0734 3656 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:17:20.0734 3656 sisagp - ok
23:17:20.0796 3656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:17:20.0796 3656 Sparrow - ok
23:17:20.0890 3656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:17:20.0890 3656 splitter - ok
23:17:20.0921 3656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:17:20.0921 3656 sr - ok
23:17:20.0984 3656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:17:21.0000 3656 Srv - ok
23:17:21.0140 3656 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
23:17:21.0156 3656 StillCam - ok
23:17:21.0234 3656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:17:21.0234 3656 swenum - ok
23:17:21.0281 3656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:17:21.0281 3656 swmidi - ok
23:17:21.0421 3656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:17:21.0421 3656 symc810 - ok
23:17:21.0453 3656 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:17:21.0468 3656 symc8xx - ok
23:17:21.0500 3656 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
23:17:21.0500 3656 symlcbrd - ok
23:17:21.0640 3656 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:17:21.0640 3656 sym_hi - ok
23:17:21.0687 3656 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:17:21.0703 3656 sym_u3 - ok
23:17:21.0734 3656 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:17:21.0750 3656 SynTP - ok
23:17:21.0890 3656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:17:21.0890 3656 sysaudio - ok
23:17:21.0968 3656 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
23:17:21.0968 3656 szkg5 - ok
23:17:22.0062 3656 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
23:17:22.0062 3656 szkgfs - ok
23:17:22.0171 3656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:17:22.0171 3656 Tcpip - ok
23:17:22.0265 3656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:17:22.0265 3656 TDPIPE - ok
23:17:22.0375 3656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:17:22.0375 3656 TDTCP - ok
23:17:22.0437 3656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:17:22.0437 3656 TermDD - ok
23:17:22.0531 3656 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
23:17:22.0531 3656 tifm21 - ok
23:17:22.0687 3656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:17:22.0687 3656 TosIde - ok
23:17:22.0734 3656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:17:22.0734 3656 Udfs - ok
23:17:22.0750 3656 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:17:22.0765 3656 ultra - ok
23:17:22.0828 3656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:17:22.0843 3656 Update - ok
23:17:22.0968 3656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:17:22.0968 3656 usbccgp - ok
23:17:23.0015 3656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:17:23.0015 3656 usbehci - ok
23:17:23.0062 3656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:17:23.0062 3656 usbhub - ok
23:17:23.0203 3656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:17:23.0203 3656 usbprint - ok
23:17:23.0328 3656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:17:23.0343 3656 usbscan - ok
23:17:23.0406 3656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:17:23.0406 3656 USBSTOR - ok
23:17:23.0453 3656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:17:23.0468 3656 usbuhci - ok
23:17:23.0578 3656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:17:23.0578 3656 VgaSave - ok
23:17:23.0687 3656 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:17:23.0703 3656 viaagp - ok
23:17:23.0765 3656 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:17:23.0781 3656 ViaIde - ok
23:17:23.0890 3656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:17:23.0906 3656 VolSnap - ok
23:17:24.0046 3656 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
23:17:24.0109 3656 w39n51 - ok
23:17:24.0296 3656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:17:24.0296 3656 Wanarp - ok
23:17:24.0343 3656 WDICA - ok
23:17:24.0421 3656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:17:24.0437 3656 wdmaud - ok
23:17:24.0546 3656 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:17:24.0578 3656 winachsf - ok
23:17:24.0734 3656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:17:24.0734 3656 WmiAcpi - ok
23:17:24.0796 3656 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0
23:17:24.0812 3656 \Device\Harddisk0\DR0 - ok
23:17:24.0812 3656 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
23:17:24.0828 3656 \Device\Harddisk1\DR1 - ok
23:17:24.0828 3656 Boot (0x1200) (5b011e71e2520cb28d1fd2ca7332a534) \Device\Harddisk0\DR0\Partition0
23:17:24.0828 3656 \Device\Harddisk0\DR0\Partition0 - ok
23:17:24.0859 3656 Boot (0x1200) (26b814a984179b028f4d199d84790d2c) \Device\Harddisk0\DR0\Partition1
23:17:24.0859 3656 \Device\Harddisk0\DR0\Partition1 - ok
23:17:24.0859 3656 Boot (0x1200) (ff39e1ecc05aefc5d23a4e18c0f16983) \Device\Harddisk1\DR1\Partition0
23:17:24.0859 3656 \Device\Harddisk1\DR1\Partition0 - ok
23:17:24.0875 3656 ============================================================
23:17:24.0875 3656 Scan finished
23:17:24.0875 3656 ============================================================
23:17:24.0890 2244 Detected object count: 0
23:17:24.0890 2244 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 03 November 2011 - 12:05 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 03 November 2011 - 12:52 AM

Here is the log for aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-03 00:07:51
-----------------------------
00:07:51.609 OS Version: Windows 5.1.2600 Service Pack 3
00:07:51.609 Number of processors: 2 586 0xE08
00:07:51.609 ComputerName: BRIAN UserName: Me
00:07:52.093 Initialize success
00:07:53.046 AVAST engine defs: 11100501
00:08:02.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:08:02.890 Disk 0 Vendor: Size: 0MB BusType: 0
00:08:02.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
00:08:02.906 Disk 1 Vendor: FUJITSU_ 892C Size: 76319MB BusType: 3
00:08:02.937 Disk 0 MBR read successfully
00:08:02.953 Disk 0 MBR scan
00:08:03.421 Disk 0 unknown MBR code
00:08:03.421 Disk 0 MBR hidden
00:08:04.218 Disk 0 scanning C:\WINDOWS\system32\drivers
00:08:24.093 Service scanning
00:08:25.281 Modules scanning
00:08:31.875 Disk 0 trace - called modules:
00:08:31.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
00:08:31.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f672b0]
00:08:31.921 3 CLASSPNP.SYS[f76eefd7] -> nt!IofCallDriver -> \Device\0000008d[0x86f39438]
00:08:31.937 5 ACPI.sys[f7535620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x869c8030]
00:08:32.640 AVAST engine scan C:\WINDOWS
00:08:50.609 AVAST engine scan C:\WINDOWS\system32
00:10:29.562 AVAST engine scan C:\WINDOWS\system32\drivers
00:10:44.843 AVAST engine scan C:\Documents and Settings\Me
00:17:23.765 AVAST engine scan C:\Documents and Settings\All Users
00:19:35.984 Scan finished successfully
00:42:02.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me\Desktop\MBR.dat"
00:42:02.203 The log file has been saved successfully to "C:\Documents and Settings\Me\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 03 November 2011 - 01:04 AM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 05 November 2011 - 10:03 AM

After clicking the FixMBR option after the scan, there was no option to click on the "Fix" button. Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 09:34:55
-----------------------------
09:34:55.546 OS Version: Windows 5.1.2600 Service Pack 3
09:34:55.546 Number of processors: 2 586 0xE08
09:34:55.546 ComputerName: BRIAN UserName: Me
09:34:56.015 Initialize success
09:34:56.125 AVAST engine defs: 11100501
09:35:50.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:35:50.937 Disk 0 Vendor: Size: 0MB BusType: 0
09:35:50.953 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
09:35:50.953 Disk 1 Vendor: FUJITSU_ 892C Size: 76319MB BusType: 3
09:35:50.984 Disk 0 MBR read successfully
09:35:51.000 Disk 0 MBR scan
09:35:51.515 Disk 0 unknown MBR code
09:35:51.515 Disk 0 MBR hidden
09:35:52.453 Disk 0 scanning C:\WINDOWS\system32\drivers
09:36:20.359 Service scanning
09:36:21.625 Modules scanning
09:36:36.125 Disk 0 trace - called modules:
09:36:36.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
09:36:36.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f672b0]
09:36:36.515 3 CLASSPNP.SYS[f76eefd7] -> nt!IofCallDriver -> \Device\0000008d[0x86f39438]
09:36:36.531 5 ACPI.sys[f7535620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x869c8030]
09:36:37.046 AVAST engine scan C:\WINDOWS
09:37:04.062 AVAST engine scan C:\WINDOWS\system32
09:39:25.781 AVAST engine scan C:\WINDOWS\system32\drivers
09:39:49.781 AVAST engine scan C:\Documents and Settings\Me
09:48:58.250 AVAST engine scan C:\Documents and Settings\All Users
09:52:30.062 Scan finished successfully
09:54:44.765 Verifying
09:54:54.812 Disk 0 Windows 501 MBR fixed successfully
10:00:03.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me\Desktop\MBR.dat"
10:00:03.562 The log file has been saved successfully to "C:\Documents and Settings\Me\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 05 November 2011 - 10:23 PM

Fix MBR Vista

1.Start your computer from the Windows Vista Installation DVD
2.Press a key when prompted to continue
3.Choose your language, time, keyboard and click Next:
4.Next, click "Repair your Computer":
5.Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
6.From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
7.Type the following into the "Command Prompt Window": and press enter after each line
bootrec.exe /fixmbr

[/list]
If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

[/list]8.Remove the Vista Installation DVD and restart your PC.
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 07 November 2011 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 07 November 2011 - 11:42 PM

I am unable to obtain a Windows Vista Installer DVD. This laptop is a Microsoft Windows XP. Could I use the bootdisc I created a run an XP version of MBR through that?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 08 November 2011 - 08:08 AM

Hello


sorry to many windows open thought I seen you had vista



print out these instructions to use while in the Recovery Console:

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'

fixmbr
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 quagmire305

quagmire305
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 09 November 2011 - 09:32 AM

Alright, I have done that. What next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users