Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system restore virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 raymond293

raymond293

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 November 2011 - 04:01 PM

i had the system restore virus
i installed Malwarebytes anti-malware and seemed to have worked to an extent,i can see my desktop and some of the shortcuts on there, but i had more shortcuts and my start menu has empty when i go on all programs, in addition to my problem i get a BSOD (after a while of using) saying the problem is Syscow32x.exe and when i start back up i get a message from Malwarebytes saying blocked access to a potentially malicious website: 178.238.233.153 (Type: outgoing. the message keeps popping up i think that is the system restore virus

please help me get my computer back to the way it was, PLEASE!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:21 AM

Posted 20 November 2011 - 11:36 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 November 2011 - 01:28 AM

I hope I did not take to long to reply
but here is my log.





.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by d at 22:23:10 on 2011-11-24
.
============== Running Processes ===============
.
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\d\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\d\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C14116A8-6F93-4E2C-8589-CC8149909405} : DhcpNameServer = 10.0.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\ju2le2kc.default\
FF - plugin: c:\documents and settings\d\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R? fsssvc;Windows Live Family Safety Service
R? MBAMSwissArmy;MBAMSwissArmy
R? QCFilterhp;HP USB Composite Device Filter Driver
R? qcusbnethp;HP USB-NDIS miniport
R? qcusbserhp;HP USB Device for Legacy Serial Communication
R? SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver
S? 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service
S? AESTAud;AE Audio Service
S? BOTService;BOTService
S? fssfltr;fssfltr
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? QDLService;Qualcomm Gobi Download Service
S? SahdIa32;HDD Filter Driver
S? SaibIa32;Volume Filter Driver
S? SaibVd32;Virtual Disk Driver
S? SysCow;SysCow
.
=============== Created Last 30 ================
.
2011-11-21 23:38:18 -------- d-----w- c:\documents and settings\d\local settings\application data\Google
2011-11-20 02:31:41 -------- d-----w- c:\documents and settings\d\local settings\application data\Mozilla
2011-11-20 00:06:43 -------- d--h--w- c:\documents and settings\d\application data\Malwarebytes
2011-11-20 00:06:11 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-20 00:05:54 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 00:05:52 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 21:05:01 -------- d--h--w- c:\documents and settings\d\local settings\application data\Apple Computer
2011-11-12 08:26:04 524888 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-09-23 21:25:30 664 ---ha-w- c:\windows\system32\d3d9caps.tmp
2011-09-17 07:50:27 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8025GAL rev.BD101C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll >>UNKNOWN [0x8694B49F]<<
c:\windows\system32\drivers\SahdIa32.sys Sonic Solutions
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86952728]; MOV EAX, [0x8695289c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86B6D648]
3 CLASSPNP[0xF76A8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86B6DBB0]
5 SahdIa32[0xF76C9939] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000095[0x86B03948]
7 ACPI[0xF749F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86B73D98]
\Driver\atapi[0x8696A2D8] -> IRP_MJ_CREATE -> 0x8694B49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; PUSH AX; POP ES; PUSH AX; POP DS; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x61d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8694B2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:25:49.95 ===============

Edited by raymond293, 25 November 2011 - 07:32 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 25 November 2011 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Run the Malwarebytes program and remove all items that are found.

Post the logs for my review.

Let me know what problem persists.

#5 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 November 2011 - 04:43 PM

hi nasdaq, thanks for helping me
here is the TDSS killer log

i will post the malwarebytes shortly

13:24:01.0437 1088 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:24:02.0031 1088 ============================================================
13:24:02.0031 1088 Current date / time: 2011/11/25 13:24:02.0031
13:24:02.0031 1088 SystemInfo:
13:24:02.0031 1088
13:24:02.0031 1088 OS Version: 5.1.2600 ServicePack: 3.0
13:24:02.0031 1088 Product type: Workstation
13:24:02.0031 1088 ComputerName: YOUR-5A66F93F18
13:24:02.0031 1088 UserName: d
13:24:02.0031 1088 Windows directory: C:\WINDOWS
13:24:02.0031 1088 System windows directory: C:\WINDOWS
13:24:02.0031 1088 Processor architecture: Intel x86
13:24:02.0031 1088 Number of processors: 2
13:24:02.0031 1088 Page size: 0x1000
13:24:02.0031 1088 Boot type: Normal boot
13:24:02.0031 1088 ============================================================
13:24:04.0703 1088 Initialize success
13:24:27.0500 2892 ============================================================
13:24:27.0500 2892 Scan started
13:24:27.0500 2892 Mode: Manual;
13:24:27.0500 2892 ============================================================
13:24:28.0093 2892 Abiosdsk - ok
13:24:28.0171 2892 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:24:28.0171 2892 abp480n5 - ok
13:24:28.0234 2892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:24:28.0250 2892 ACPI - ok
13:24:28.0281 2892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:24:28.0281 2892 ACPIEC - ok
13:24:28.0312 2892 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:24:28.0328 2892 adpu160m - ok
13:24:28.0406 2892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:24:28.0406 2892 aec - ok
13:24:28.0578 2892 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
13:24:28.0593 2892 AESTAud - ok
13:24:28.0656 2892 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:24:28.0671 2892 AFD - ok
13:24:28.0750 2892 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:24:28.0750 2892 agp440 - ok
13:24:28.0765 2892 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:24:28.0781 2892 agpCPQ - ok
13:24:28.0812 2892 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:24:28.0812 2892 Aha154x - ok
13:24:28.0843 2892 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:24:28.0843 2892 aic78u2 - ok
13:24:28.0937 2892 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:24:28.0953 2892 aic78xx - ok
13:24:29.0000 2892 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:24:29.0015 2892 AliIde - ok
13:24:29.0078 2892 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:24:29.0093 2892 alim1541 - ok
13:24:29.0109 2892 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:24:29.0109 2892 amdagp - ok
13:24:29.0125 2892 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:24:29.0125 2892 amsint - ok
13:24:29.0203 2892 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:24:29.0203 2892 Arp1394 - ok
13:24:29.0218 2892 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:24:29.0218 2892 asc - ok
13:24:29.0250 2892 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:24:29.0250 2892 asc3350p - ok
13:24:29.0296 2892 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:24:29.0296 2892 asc3550 - ok
13:24:29.0343 2892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:24:29.0343 2892 AsyncMac - ok
13:24:29.0390 2892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:24:29.0390 2892 atapi - ok
13:24:29.0406 2892 Atdisk - ok
13:24:29.0437 2892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:24:29.0437 2892 Atmarpc - ok
13:24:29.0500 2892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:24:29.0500 2892 audstub - ok
13:24:29.0609 2892 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:24:29.0656 2892 BCM43XX - ok
13:24:29.0859 2892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:24:29.0859 2892 Beep - ok
13:24:29.0984 2892 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
13:24:30.0000 2892 btaudio - ok
13:24:30.0046 2892 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
13:24:30.0062 2892 BTDriver - ok
13:24:30.0187 2892 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:24:30.0218 2892 BTKRNL - ok
13:24:30.0453 2892 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
13:24:30.0468 2892 BTWDNDIS - ok
13:24:30.0500 2892 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
13:24:30.0500 2892 btwhid - ok
13:24:30.0593 2892 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
13:24:30.0593 2892 btwmodem - ok
13:24:30.0640 2892 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
13:24:30.0656 2892 BTWUSB - ok
13:24:30.0875 2892 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:24:30.0875 2892 cbidf - ok
13:24:30.0890 2892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:24:30.0906 2892 cbidf2k - ok
13:24:30.0984 2892 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:24:30.0984 2892 CCDECODE - ok
13:24:31.0015 2892 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:24:31.0015 2892 cd20xrnt - ok
13:24:31.0093 2892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:31.0109 2892 Cdaudio - ok
13:24:31.0187 2892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:31.0203 2892 Cdfs - ok
13:24:31.0265 2892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:31.0281 2892 Cdrom - ok
13:24:31.0343 2892 Changer - ok
13:24:31.0421 2892 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:24:31.0421 2892 CmBatt - ok
13:24:31.0500 2892 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:24:31.0500 2892 CmdIde - ok
13:24:31.0531 2892 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:24:31.0531 2892 Compbatt - ok
13:24:31.0593 2892 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:24:31.0593 2892 Cpqarray - ok
13:24:31.0640 2892 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:24:31.0656 2892 dac2w2k - ok
13:24:31.0671 2892 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:24:31.0671 2892 dac960nt - ok
13:24:31.0734 2892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:31.0734 2892 Disk - ok
13:24:31.0812 2892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:24:31.0828 2892 dmboot - ok
13:24:32.0000 2892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:24:32.0000 2892 dmio - ok
13:24:32.0015 2892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:24:32.0031 2892 dmload - ok
13:24:32.0093 2892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:24:32.0093 2892 DMusic - ok
13:24:32.0187 2892 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:24:32.0203 2892 dpti2o - ok
13:24:32.0218 2892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:24:32.0218 2892 drmkaud - ok
13:24:32.0328 2892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:32.0328 2892 Fastfat - ok
13:24:32.0375 2892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:24:32.0390 2892 Fdc - ok
13:24:32.0437 2892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:24:32.0437 2892 Fips - ok
13:24:32.0562 2892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:24:32.0578 2892 Flpydisk - ok
13:24:32.0593 2892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:24:32.0609 2892 FltMgr - ok
13:24:32.0671 2892 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:24:32.0687 2892 fssfltr - ok
13:24:32.0718 2892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:32.0718 2892 Fs_Rec - ok
13:24:32.0796 2892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:32.0812 2892 Ftdisk - ok
13:24:32.0875 2892 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:24:32.0875 2892 gameenum - ok
13:24:32.0968 2892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:24:32.0968 2892 GEARAspiWDM - ok
13:24:33.0156 2892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:33.0265 2892 Gpc - ok
13:24:33.0343 2892 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:24:33.0359 2892 HDAudBus - ok
13:24:33.0437 2892 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:33.0437 2892 HidUsb - ok
13:24:33.0515 2892 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:24:33.0515 2892 hpn - ok
13:24:33.0734 2892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:33.0734 2892 HTTP - ok
13:24:33.0812 2892 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:24:33.0812 2892 i2omgmt - ok
13:24:33.0828 2892 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:24:33.0843 2892 i2omp - ok
13:24:33.0890 2892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:24:33.0906 2892 i8042prt - ok
13:24:34.0250 2892 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:24:34.0593 2892 ialm - ok
13:24:34.0843 2892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:34.0843 2892 Imapi - ok
13:24:34.0921 2892 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:24:34.0937 2892 ini910u - ok
13:24:34.0968 2892 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:24:34.0968 2892 IntelIde - ok
13:24:35.0000 2892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:24:35.0015 2892 intelppm - ok
13:24:35.0062 2892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:24:35.0062 2892 Ip6Fw - ok
13:24:35.0093 2892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:35.0093 2892 IpFilterDriver - ok
13:24:35.0109 2892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:35.0125 2892 IpInIp - ok
13:24:35.0187 2892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:35.0187 2892 IpNat - ok
13:24:35.0468 2892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:35.0484 2892 IPSec - ok
13:24:35.0515 2892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:35.0531 2892 IRENUM - ok
13:24:35.0593 2892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:35.0609 2892 isapnp - ok
13:24:35.0671 2892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:35.0671 2892 Kbdclass - ok
13:24:35.0828 2892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:24:35.0828 2892 kmixer - ok
13:24:35.0906 2892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:24:35.0921 2892 KSecDD - ok
13:24:35.0937 2892 lbrtfdc - ok
13:24:36.0031 2892 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
13:24:36.0031 2892 MBAMProtector - ok
13:24:36.0046 2892 MBAMSwissArmy - ok
13:24:36.0125 2892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:24:36.0125 2892 mnmdd - ok
13:24:36.0171 2892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:24:36.0171 2892 Modem - ok
13:24:36.0312 2892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:24:36.0312 2892 Mouclass - ok
13:24:36.0453 2892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:24:36.0453 2892 mouhid - ok
13:24:36.0500 2892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:24:36.0515 2892 MountMgr - ok
13:24:36.0531 2892 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:24:36.0546 2892 mraid35x - ok
13:24:36.0609 2892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:24:36.0609 2892 MRxDAV - ok
13:24:36.0687 2892 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:24:36.0718 2892 MRxSmb - ok
13:24:36.0812 2892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:24:36.0812 2892 Msfs - ok
13:24:36.0921 2892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:24:36.0937 2892 MSKSSRV - ok
13:24:36.0953 2892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:24:36.0953 2892 MSPCLOCK - ok
13:24:37.0000 2892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:24:37.0000 2892 MSPQM - ok
13:24:37.0078 2892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:24:37.0078 2892 mssmbios - ok
13:24:37.0125 2892 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:24:37.0140 2892 MSTEE - ok
13:24:37.0203 2892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:24:37.0218 2892 Mup - ok
13:24:37.0250 2892 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:24:37.0265 2892 NABTSFEC - ok
13:24:37.0546 2892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:24:37.0562 2892 NDIS - ok
13:24:37.0609 2892 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:24:37.0609 2892 NdisIP - ok
13:24:37.0671 2892 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:24:37.0687 2892 NdisTapi - ok
13:24:37.0718 2892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:24:37.0734 2892 Ndisuio - ok
13:24:37.0765 2892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:24:37.0765 2892 NdisWan - ok
13:24:37.0828 2892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:24:37.0828 2892 NDProxy - ok
13:24:38.0046 2892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:24:38.0046 2892 NetBIOS - ok
13:24:38.0078 2892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:24:38.0093 2892 NetBT - ok
13:24:38.0171 2892 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:24:38.0171 2892 NIC1394 - ok
13:24:38.0203 2892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:24:38.0203 2892 Npfs - ok
13:24:38.0265 2892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:24:38.0296 2892 Ntfs - ok
13:24:38.0359 2892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:38.0359 2892 Null - ok
13:24:38.0593 2892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:38.0593 2892 NwlnkFlt - ok
13:24:38.0609 2892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:38.0625 2892 NwlnkFwd - ok
13:24:38.0640 2892 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:24:38.0640 2892 ohci1394 - ok
13:24:38.0718 2892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:24:38.0734 2892 Parport - ok
13:24:38.0750 2892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:38.0765 2892 PartMgr - ok
13:24:38.0781 2892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:38.0796 2892 ParVdm - ok
13:24:38.0859 2892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:38.0859 2892 PCI - ok
13:24:38.0890 2892 PCIDump - ok
13:24:38.0906 2892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:24:38.0906 2892 PCIIde - ok
13:24:38.0937 2892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:24:38.0937 2892 Pcmcia - ok
13:24:38.0953 2892 PDCOMP - ok
13:24:38.0984 2892 PDFRAME - ok
13:24:39.0000 2892 PDRELI - ok
13:24:39.0015 2892 PDRFRAME - ok
13:24:39.0046 2892 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:24:39.0046 2892 perc2 - ok
13:24:39.0062 2892 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:24:39.0062 2892 perc2hib - ok
13:24:39.0156 2892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:24:39.0156 2892 PptpMiniport - ok
13:24:39.0343 2892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:24:39.0359 2892 PSched - ok
13:24:39.0375 2892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:24:39.0375 2892 Ptilink - ok
13:24:39.0437 2892 QCFilterhp (0cd1962f0577d96a076c499dbf9fee84) C:\WINDOWS\system32\DRIVERS\qcfilterhp.sys
13:24:39.0437 2892 QCFilterhp - ok
13:24:39.0515 2892 qcusbnethp (f6f7657639f8a5831e8e8d8cb4480a6c) C:\WINDOWS\system32\DRIVERS\qcusbnethp.sys
13:24:39.0515 2892 qcusbnethp - ok
13:24:39.0578 2892 qcusbserhp (b8030aeecdbdf68894810c6910291035) C:\WINDOWS\system32\DRIVERS\qcusbserhp.sys
13:24:39.0578 2892 qcusbserhp - ok
13:24:39.0656 2892 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:24:39.0656 2892 ql1080 - ok
13:24:39.0828 2892 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:24:39.0828 2892 Ql10wnt - ok
13:24:39.0859 2892 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:24:39.0859 2892 ql12160 - ok
13:24:39.0875 2892 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:24:39.0890 2892 ql1240 - ok
13:24:39.0906 2892 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:24:39.0906 2892 ql1280 - ok
13:24:39.0968 2892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:24:39.0984 2892 RasAcd - ok
13:24:40.0015 2892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:24:40.0015 2892 Rasl2tp - ok
13:24:40.0046 2892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:24:40.0046 2892 RasPppoe - ok
13:24:40.0078 2892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:24:40.0078 2892 Raspti - ok
13:24:40.0125 2892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:24:40.0125 2892 Rdbss - ok
13:24:40.0156 2892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:24:40.0156 2892 RDPCDD - ok
13:24:40.0234 2892 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:24:40.0250 2892 rdpdr - ok
13:24:40.0531 2892 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:24:40.0531 2892 RDPWD - ok
13:24:40.0625 2892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:24:40.0625 2892 redbook - ok
13:24:40.0718 2892 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
13:24:40.0718 2892 RimUsb - ok
13:24:40.0781 2892 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:24:40.0781 2892 RimVSerPort - ok
13:24:40.0984 2892 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:24:40.0984 2892 ROOTMODEM - ok
13:24:41.0140 2892 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:24:41.0156 2892 sdbus - ok
13:24:41.0187 2892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:24:41.0187 2892 Secdrv - ok
13:24:41.0265 2892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:24:41.0265 2892 Serial - ok
13:24:41.0343 2892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:24:41.0343 2892 Sfloppy - ok
13:24:41.0390 2892 Simbad - ok
13:24:41.0468 2892 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:24:41.0468 2892 sisagp - ok
13:24:41.0734 2892 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:24:41.0734 2892 SLIP - ok
13:24:41.0796 2892 SMSIVZAM5 - ok
13:24:41.0859 2892 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:24:41.0875 2892 Sparrow - ok
13:24:41.0921 2892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:24:41.0921 2892 splitter - ok
13:24:42.0140 2892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:24:42.0140 2892 sr - ok
13:24:42.0234 2892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:24:42.0265 2892 Srv - ok
13:24:42.0390 2892 STHDA (0fa55f3ea8a0428ae296ab78a9a5067a) C:\WINDOWS\system32\drivers\sthda.sys
13:24:42.0437 2892 STHDA - ok
13:24:42.0703 2892 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:24:42.0718 2892 streamip - ok
13:24:42.0781 2892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:24:42.0781 2892 swenum - ok
13:24:42.0859 2892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:24:42.0859 2892 swmidi - ok
13:24:42.0906 2892 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:24:42.0906 2892 symc810 - ok
13:24:43.0046 2892 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:24:43.0046 2892 symc8xx - ok
13:24:43.0125 2892 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:24:43.0140 2892 sym_hi - ok
13:24:43.0156 2892 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:24:43.0171 2892 sym_u3 - ok
13:24:43.0234 2892 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:24:43.0250 2892 SynTP - ok
13:24:43.0312 2892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:24:43.0312 2892 sysaudio - ok
13:24:43.0359 2892 SysCow (806284d876063ce0395c178124e708d3) C:\WINDOWS\system32\drivers\syscow32x.sys
13:24:43.0375 2892 SysCow - ok
13:24:43.0468 2892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:24:43.0484 2892 Tcpip - ok
13:24:43.0703 2892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:24:43.0703 2892 TDPIPE - ok
13:24:43.0718 2892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:24:43.0734 2892 TDTCP - ok
13:24:43.0781 2892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:24:43.0781 2892 TermDD - ok
13:24:43.0859 2892 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:24:43.0875 2892 TosIde - ok
13:24:43.0921 2892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:24:43.0921 2892 Udfs - ok
13:24:43.0953 2892 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:24:43.0953 2892 ultra - ok
13:24:44.0015 2892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:24:44.0031 2892 Update - ok
13:24:44.0281 2892 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:24:44.0296 2892 USBAAPL - ok
13:24:44.0375 2892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:24:44.0375 2892 usbccgp - ok
13:24:44.0437 2892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:24:44.0437 2892 usbehci - ok
13:24:44.0468 2892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:24:44.0468 2892 usbhub - ok
13:24:44.0546 2892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:24:44.0562 2892 USBSTOR - ok
13:24:44.0765 2892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:24:44.0765 2892 usbuhci - ok
13:24:44.0828 2892 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:24:44.0843 2892 usbvideo - ok
13:24:44.0906 2892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:24:44.0921 2892 VgaSave - ok
13:24:44.0953 2892 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:24:44.0968 2892 viaagp - ok
13:24:45.0062 2892 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:24:45.0078 2892 ViaIde - ok
13:24:45.0125 2892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:24:45.0125 2892 VolSnap - ok
13:24:45.0234 2892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:24:45.0234 2892 Wanarp - ok
13:24:45.0359 2892 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:24:45.0375 2892 Wdf01000 - ok
13:24:45.0390 2892 WDICA - ok
13:24:45.0468 2892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:24:45.0484 2892 wdmaud - ok
13:24:45.0671 2892 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:24:45.0687 2892 WmiAcpi - ok
13:24:45.0796 2892 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:24:45.0812 2892 WpdUsb - ok
13:24:45.0890 2892 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:24:45.0906 2892 WSTCODEC - ok
13:24:45.0953 2892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:24:45.0968 2892 WudfPf - ok
13:24:46.0000 2892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:24:46.0015 2892 WudfRd - ok
13:24:46.0125 2892 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
13:24:46.0140 2892 xusb21 - ok
13:24:46.0218 2892 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:24:46.0234 2892 yukonwxp - ok
13:24:46.0328 2892 MBR (0x1B8) (2896f7ec20f39a91fd85a850ced87d11) \Device\Harddisk0\DR0
13:24:46.0328 2892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:24:46.0328 2892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:24:46.0343 2892 Boot (0x1200) (f2d1e6f246bcbabb69fd551bc737eb85) \Device\Harddisk0\DR0\Partition0
13:24:46.0359 2892 \Device\Harddisk0\DR0\Partition0 - ok
13:24:46.0359 2892 ============================================================
13:24:46.0359 2892 Scan finished
13:24:46.0359 2892 ============================================================
13:24:46.0421 3684 Detected object count: 1
13:24:46.0421 3684 Actual detected object count: 1
13:25:27.0718 3684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:25:27.0718 3684 \Device\Harddisk0\DR0 - ok
13:25:27.0718 3684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:26:14.0718 2200 Deinitialize success

#6 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 November 2011 - 05:50 PM

here is the Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8197

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/25/2011 2:01:45 PM
mbam-log-2011-11-25 (14-01-45).txt

Scan type: Quick scan
Objects scanned: 196874
Time elapsed: 12 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


looks good, but how do i get my programs back that the system restored has hidden?

and about the syscowx?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 26 November 2011 - 08:15 AM

the newer variants of the FakeHDD rogue programs are now deleting the following folders and storing them into a numbered folder under %Temp%\smtmp\:

%Temp%\smtmp\1\ => %AllUsersProfile%\Start Menu
%Temp%\smtmp\2\ => %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch
%Temp%\smtmp\3\ => %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
%Temp%\smtmp\4\ => %AllUsersProfile%\Desktop

It goes without saying that running a %temp% cleaner ahead of restoration would result in loss of these folders

===

The following tool will restore them if they are found.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the log and let me know what problem persists.

#8 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 27 November 2011 - 03:55 PM

i see the folders on my start menu but when i go to a program it says empty.
and to make more clear i went to accessories and could not find the calculator

but here is the log

ComboFix 11-11-26.04 - d 11/27/2011 10:48:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.408 [GMT -8:00]
Running from: c:\documents and settings\d\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\vlc-1.1.4-win32.exe
c:\documents and settings\d\Start Menu\Programs\System Restore
c:\documents and settings\d\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\d\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-25 05:57 . 2011-11-25 05:57 -------- d-----w- c:\documents and settings\Administrator
2011-11-20 00:06 . 2011-11-20 00:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-20 00:05 . 2011-09-01 01:00 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 00:05 . 2011-11-20 00:06 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 21:04 . 2011-11-25 06:22 -------- d--h--w- c:\documents and settings\d
2011-11-12 08:26 . 2011-11-19 22:37 524888 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2011-09-26 18:41 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2011-09-26 18:41 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2011-09-26 18:41 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-09-23 21:25 . 2011-09-23 21:25 664 ---ha-w- c:\windows\system32\d3d9caps.tmp
2011-09-17 07:50 . 2011-09-17 07:50 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2011-09-09 09:12 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2011-09-06 13:20 1858944 ---ha-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-10-07 08:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-09-11 446556]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-03 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/24/2008 10:09 PM 103792]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [12/25/2008 6:28 PM 203248]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 4:06 PM 366152]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [1/14/2009 6:56 AM 345336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/9/2009 2:33 AM 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 4:05 PM 22216]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [3/9/2009 2:34 AM 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [3/9/2009 2:34 AM 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [3/9/2009 2:34 AM 104448]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;\??\c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS --> c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356709618-2657180678-898619293-1009Core.job
- c:\documents and settings\d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-21 23:38]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356709618-2657180678-898619293-1009UA.job
- c:\documents and settings\d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-21 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\ju2le2kc.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 11:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-27 11:32:56
ComboFix-quarantined-files.txt 2011-11-27 19:32
.
Pre-Run: 48,377,577,472 bytes free
Post-Run: 49,383,993,344 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5A06A138EF1F8150A053EC2C7FBC67DB

Edited by raymond293, 27 November 2011 - 03:57 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 28 November 2011 - 08:49 AM

Your ComboFix log is clean.

Empty START program files.

Try this to restore them.

Right click on each of the folders and selected Open, to open the start menu folder in Explorer. Then browse to C:\Program Files\<program name> (or whatever location the program is installed in), locate the main program's .exe file (it will usually have a name very similar to the program name and the same icon), copy and paste it into the start menu folder you have open. Then close the folders and look in your start menu again, the shortcut should be there and functioning!

So for example, the start menu folder SpeedCrunch show up as (Empty). Right clicked on the folder and selected Open, then opened C:\Program Files\SpeedCrunch and located the .exe file named "speedcrunch". Copy and paste that file into the start menu folder".
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what other problem persists.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 03 December 2011 - 09:11 AM

Are you still with me?

#11 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 05 December 2011 - 09:36 PM

yes im sorry
but im working on putting all my shortcuts back on
ive been copying and pasting the shortcuts

my computer seems to be back the way it was
:thumbsup: :busy:

i have one last question though.
do you know of a good trusted FREE anti virus program?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 06 December 2011 - 08:17 AM

do you know of a good trusted FREE anti virus program?


These are all available free.

AVG.
avast!.
AntiVir

If you are going to try one then you must remove Norton completely.
Use their removal tool.

Download and run the Norton Removal Tool FOR YOUR CURRENT PROGRAM.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

===

On post no 9 I asked for a security check. Can you post the log for my review.

#13 raymond293

raymond293
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 December 2011 - 06:04 PM

oh yes duh
here it is
Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 08 December 2011 - 10:53 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22
Java™ 6 Update 7

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Any remaining issues with this computer?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 14 December 2011 - 10:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users