Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unwanted music.


  • This topic is locked This topic is locked
35 replies to this topic

#1 ian456

ian456

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 27 November 2011 - 12:41 PM

My system is Vista and my browser was Explorer.
On 26/10 before rushing for a train I checked the internet news. AVG came up with a threat warning but I let the thing through, it was a trusted source for me (Wacom). Big mistake. Immediately a brief spell of music occurred. This problem of unwanted music has reoccurred every few days. If I close the browser it stops immediately. When I reopen it has usually gone - till next time. Also found that Songbird MP3 software would no longer work. Generally PC functions normally but occasionally now runs very slowly or will not respond.

Tried the following but problem persists:
• System Restore
• Deleted file timed and dated the same as the threat warning (winzip)
• Changed browser to Firefox
• Uninstalled Wacom and Songbird

Have run the following but no problems seen:
• PC system checks,
• Antivirus scans (AVG and Ad-Aware) and another remotely (Virgin digital help)
• Windows malicious software removal tool.
Also ran the following as advised by Broni at:
http://www.bleepingcomputer.com/forums/topic427684.html/page__pid__2473334
• Security Check
• Mini Tool Box
• Malwarebytes Ant-Malware.
Tried to run GMER but not successful (stopped working and PC crashed).


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Ian Bishop at 16:48:43 on 2011-11-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.812 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CBD16FCC-EC55-4CFE-B40A-C242503EFA1F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2D7B2C5-B372-43F0-A8CC-B94516ED7D9C} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ian bishop\appdata\roaming\mozilla\firefox\profiles\0pl7woqi.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/advanced_search?hl=en|http://www.talktalk.co.uk/mail/?check_cookie=1|http://www.thestar.co.uk/news
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-7 64512]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2010-7-28 12800]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-7-28 147456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2010-11-28 4807536]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-7-28 722944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-24 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-24 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-28 10752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-25 09:39:21 -------- d-----w- c:\users\ian bishop\appdata\roaming\Malwarebytes
2011-11-25 09:39:07 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 09:39:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 09:39:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-10 09:17:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-10 09:17:12 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 09:17:02 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-07 10:54:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-07 09:06:58 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-07 09:00:32 -------- d-----w- c:\users\ian bishop\appdata\local\adaware
2011-11-07 09:00:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-07 09:00:26 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-07 09:00:20 -------- d-----w- c:\program files\adawaretb
2011-11-07 09:00:11 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-07 09:00:03 -------- d-----w- c:\program files\Lavasoft
2011-11-01 09:57:02 -------- d-----w- c:\users\ian bishop\appdata\local\Mozilla
2011-11-01 08:38:24 -------- d-----w- c:\users\ian bishop\appdata\roaming\WTablet
.
==================== Find3M ====================
.
2011-11-19 09:33:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:50:09.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 28 November 2011 - 12:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 29 November 2011 - 05:46 AM

Hi Gringo,
Thanks for your help.
The combofix operation went smoothly.
The problem, the unwanted music, can happen a couple of days in a row and then disappear for a few days. The longest time it disappeared was 10 days when I thought it was over, but it wasn't. This means it will take a while to say if the thing has been fettled.
The PC itself seems to be running fine. I just briefly tested a few programmes without any probs. If anything it seems a bit faster, maybe my imagination.
I will paste the log below. Your help is much appreciated and I look forward to your next post.

ComboFix 11-11-29.01 - Ian Bishop 29/11/2011 10:11:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.893 [GMT 0:00]
Running from: c:\users\Ian Bishop\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ian Bishop\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 10:17 . 2011-11-29 10:18 -------- d-----w- c:\users\Ian Bishop\AppData\Local\temp
2011-11-29 10:17 . 2011-11-29 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 09:39 . 2011-11-25 09:39 -------- d-----w- c:\users\Ian Bishop\AppData\Roaming\Malwarebytes
2011-11-25 09:39 . 2011-11-25 09:39 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 09:39 . 2011-11-25 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 09:39 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 09:17 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 09:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 09:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-07 10:54 . 2011-11-07 09:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-07 09:06 . 2011-11-07 09:06 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-07 09:00 . 2011-11-07 09:01 -------- d-----w- c:\users\Ian Bishop\AppData\Local\adaware
2011-11-07 09:00 . 2011-11-29 09:54 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-07 09:00 . 2011-11-07 09:00 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-07 09:00 . 2011-11-07 09:00 -------- d-----w- c:\program files\adawaretb
2011-11-07 09:00 . 2011-11-03 12:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-07 09:00 . 2011-11-07 09:00 -------- d-----w- c:\programdata\Lavasoft
2011-11-07 09:00 . 2011-11-07 09:00 -------- d-----w- c:\program files\Lavasoft
2011-11-01 10:14 . 2011-11-01 10:14 -------- d-----w- c:\programdata\McAfee
2011-11-01 09:57 . 2011-11-01 09:57 -------- d-----w- c:\users\Ian Bishop\AppData\Local\Mozilla
2011-11-01 08:38 . 2011-11-01 08:38 -------- d-----w- c:\users\Ian Bishop\AppData\Roaming\WTablet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 09:33 . 2011-06-02 06:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 15:17 . 2011-10-27 15:17 0 ---ha-w- c:\users\Ian Bishop\AppData\Local\BIT2C3D.tmp
2011-09-06 13:30 . 2011-10-13 19:02 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 22:28 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 22:28 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 22:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-09 09:54 . 2011-11-01 09:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-02 4452352]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-02 16:15 4452352 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-29 10:14 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-17 722944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 07:35]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 07:35]
.
2011-11-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
2011-11-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ian Bishop\AppData\Roaming\Mozilla\Firefox\Profiles\0pl7woqi.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/advanced_search?hl=en|http://www.talktalk.co.uk/mail/?check_cookie=1|http://www.thestar.co.uk/news
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 10:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-29 10:20:57
ComboFix-quarantined-files.txt 2011-11-29 10:20
.
Pre-Run: 202,067,718,144 bytes free
Post-Run: 202,050,195,456 bytes free
.
- - End Of File - - 7030AF95DA710E839198A51DD3FF1321

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 29 November 2011 - 09:35 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 29 November 2011 - 11:21 AM

Hi Gringo, thank you again for your help. I'm afraid the scan did not pick up on any infections or suspicions but I am pasting the report as requested. Ian

16:12:45.0110 0624 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:12:45.0500 0624 ============================================================
16:12:45.0500 0624 Current date / time: 2011/11/29 16:12:45.0500
16:12:45.0500 0624 SystemInfo:
16:12:45.0500 0624
16:12:45.0500 0624 OS Version: 6.0.6002 ServicePack: 2.0
16:12:45.0500 0624 Product type: Workstation
16:12:45.0500 0624 ComputerName: IANBISHOP-PC
16:12:45.0500 0624 UserName: Ian Bishop
16:12:45.0500 0624 Windows directory: C:\Windows
16:12:45.0500 0624 System windows directory: C:\Windows
16:12:45.0500 0624 Processor architecture: Intel x86
16:12:45.0500 0624 Number of processors: 2
16:12:45.0500 0624 Page size: 0x1000
16:12:45.0500 0624 Boot type: Normal boot
16:12:45.0500 0624 ============================================================
16:12:46.0451 0624 Initialize success
16:12:48.0916 3956 ============================================================
16:12:48.0916 3956 Scan started
16:12:48.0916 3956 Mode: Manual;
16:12:48.0916 3956 ============================================================
16:12:50.0367 3956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:12:50.0367 3956 ACPI - ok
16:12:50.0429 3956 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:12:50.0429 3956 adp94xx - ok
16:12:50.0461 3956 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:12:50.0461 3956 adpahci - ok
16:12:50.0492 3956 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:12:50.0492 3956 adpu160m - ok
16:12:50.0523 3956 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:12:50.0523 3956 adpu320 - ok
16:12:50.0570 3956 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:12:50.0585 3956 AFD - ok
16:12:50.0617 3956 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:12:50.0617 3956 agp440 - ok
16:12:50.0663 3956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:12:50.0663 3956 aic78xx - ok
16:12:50.0710 3956 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:12:50.0726 3956 aliide - ok
16:12:50.0757 3956 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:12:50.0757 3956 amdagp - ok
16:12:50.0788 3956 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:12:50.0788 3956 amdide - ok
16:12:50.0804 3956 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:12:50.0804 3956 AmdK7 - ok
16:12:50.0819 3956 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:12:50.0819 3956 AmdK8 - ok
16:12:50.0897 3956 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
16:12:50.0929 3956 anodlwf - ok
16:12:51.0007 3956 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:12:51.0007 3956 arc - ok
16:12:51.0053 3956 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:12:51.0053 3956 arcsas - ok
16:12:51.0100 3956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:51.0100 3956 AsyncMac - ok
16:12:51.0147 3956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:12:51.0147 3956 atapi - ok
16:12:51.0178 3956 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:12:51.0178 3956 AVGIDSDriver - ok
16:12:51.0194 3956 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:12:51.0209 3956 AVGIDSEH - ok
16:12:51.0225 3956 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:12:51.0241 3956 AVGIDSFilter - ok
16:12:51.0272 3956 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:12:51.0334 3956 AVGIDSShim - ok
16:12:51.0412 3956 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
16:12:51.0412 3956 Avgldx86 - ok
16:12:51.0428 3956 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:12:51.0443 3956 Avgmfx86 - ok
16:12:51.0459 3956 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:12:51.0459 3956 Avgrkx86 - ok
16:12:51.0490 3956 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
16:12:51.0506 3956 Avgtdix - ok
16:12:51.0537 3956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:12:51.0553 3956 Beep - ok
16:12:51.0599 3956 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:12:51.0615 3956 blbdrive - ok
16:12:51.0662 3956 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:12:51.0662 3956 bowser - ok
16:12:51.0709 3956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:12:51.0709 3956 BrFiltLo - ok
16:12:51.0740 3956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:12:51.0740 3956 BrFiltUp - ok
16:12:51.0771 3956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:12:51.0771 3956 Brserid - ok
16:12:51.0787 3956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:12:51.0802 3956 BrSerWdm - ok
16:12:51.0818 3956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:12:51.0833 3956 BrUsbMdm - ok
16:12:51.0833 3956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:12:51.0849 3956 BrUsbSer - ok
16:12:51.0865 3956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:12:51.0880 3956 BTHMODEM - ok
16:12:51.0974 3956 catchme - ok
16:12:52.0052 3956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:52.0052 3956 cdfs - ok
16:12:52.0099 3956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:12:52.0099 3956 cdrom - ok
16:12:52.0130 3956 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:12:52.0130 3956 circlass - ok
16:12:52.0177 3956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:12:52.0192 3956 CLFS - ok
16:12:52.0223 3956 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:12:52.0223 3956 cmdide - ok
16:12:52.0255 3956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
16:12:52.0255 3956 Compbatt - ok
16:12:52.0270 3956 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:12:52.0270 3956 crcdisk - ok
16:12:52.0286 3956 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:12:52.0286 3956 Crusoe - ok
16:12:52.0348 3956 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:12:52.0395 3956 DfsC - ok
16:12:52.0473 3956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:12:52.0473 3956 disk - ok
16:12:52.0551 3956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:12:52.0551 3956 drmkaud - ok
16:12:52.0582 3956 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:52.0598 3956 DXGKrnl - ok
16:12:52.0629 3956 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:12:52.0660 3956 e1express - ok
16:12:52.0707 3956 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:12:52.0707 3956 E1G60 - ok
16:12:52.0785 3956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:12:52.0785 3956 Ecache - ok
16:12:52.0816 3956 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:12:52.0832 3956 elxstor - ok
16:12:52.0863 3956 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:12:52.0879 3956 ErrDev - ok
16:12:52.0957 3956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:12:52.0972 3956 exfat - ok
16:12:53.0003 3956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:12:53.0019 3956 fastfat - ok
16:12:53.0050 3956 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:12:53.0050 3956 fdc - ok
16:12:53.0066 3956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:12:53.0081 3956 FileInfo - ok
16:12:53.0097 3956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:12:53.0113 3956 Filetrace - ok
16:12:53.0128 3956 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:53.0128 3956 flpydisk - ok
16:12:53.0175 3956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:12:53.0175 3956 FltMgr - ok
16:12:53.0206 3956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:53.0206 3956 Fs_Rec - ok
16:12:53.0237 3956 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:12:53.0237 3956 gagp30kx - ok
16:12:53.0300 3956 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:12:53.0300 3956 GEARAspiWDM - ok
16:12:53.0393 3956 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:12:53.0409 3956 HdAudAddService - ok
16:12:53.0456 3956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:12:53.0456 3956 HDAudBus - ok
16:12:53.0487 3956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:12:53.0503 3956 HidBth - ok
16:12:53.0518 3956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:12:53.0518 3956 HidIr - ok
16:12:53.0596 3956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:12:53.0596 3956 HidUsb - ok
16:12:53.0627 3956 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:12:53.0627 3956 HpCISSs - ok
16:12:53.0690 3956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:12:53.0705 3956 HTTP - ok
16:12:53.0737 3956 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:12:53.0737 3956 i2omp - ok
16:12:53.0815 3956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:12:53.0815 3956 i8042prt - ok
16:12:53.0861 3956 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:12:53.0861 3956 iaStorV - ok
16:12:53.0955 3956 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:12:54.0002 3956 igfx - ok
16:12:54.0033 3956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:12:54.0033 3956 iirsp - ok
16:12:54.0142 3956 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
16:12:54.0189 3956 IntcAzAudAddService - ok
16:12:54.0220 3956 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:12:54.0220 3956 intelide - ok
16:12:54.0251 3956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:12:54.0251 3956 intelppm - ok
16:12:54.0283 3956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:54.0298 3956 IpFilterDriver - ok
16:12:54.0298 3956 IpInIp - ok
16:12:54.0329 3956 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:12:54.0329 3956 IPMIDRV - ok
16:12:54.0361 3956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:12:54.0361 3956 IPNAT - ok
16:12:54.0392 3956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:12:54.0392 3956 IRENUM - ok
16:12:54.0423 3956 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:12:54.0423 3956 isapnp - ok
16:12:54.0454 3956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:12:54.0454 3956 iScsiPrt - ok
16:12:54.0501 3956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:12:54.0501 3956 iteatapi - ok
16:12:54.0517 3956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:12:54.0517 3956 iteraid - ok
16:12:54.0579 3956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:54.0579 3956 kbdclass - ok
16:12:54.0626 3956 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:54.0626 3956 kbdhid - ok
16:12:54.0688 3956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:12:54.0688 3956 KSecDD - ok
16:12:54.0797 3956 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:12:54.0797 3956 Lavasoft Kernexplorer - ok
16:12:54.0844 3956 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:12:54.0844 3956 Lbd - ok
16:12:54.0875 3956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:54.0891 3956 lltdio - ok
16:12:54.0938 3956 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:12:54.0938 3956 LSI_FC - ok
16:12:54.0969 3956 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:12:54.0969 3956 LSI_SAS - ok
16:12:55.0000 3956 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:12:55.0000 3956 LSI_SCSI - ok
16:12:55.0016 3956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:12:55.0016 3956 luafv - ok
16:12:55.0078 3956 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:12:55.0078 3956 megasas - ok
16:12:55.0125 3956 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:12:55.0141 3956 MegaSR - ok
16:12:55.0172 3956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:12:55.0172 3956 Modem - ok
16:12:55.0219 3956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:12:55.0219 3956 monitor - ok
16:12:55.0265 3956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:12:55.0265 3956 mouclass - ok
16:12:55.0297 3956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:12:55.0297 3956 mouhid - ok
16:12:55.0312 3956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:12:55.0312 3956 MountMgr - ok
16:12:55.0343 3956 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:12:55.0359 3956 mpio - ok
16:12:55.0375 3956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:12:55.0375 3956 mpsdrv - ok
16:12:55.0421 3956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:12:55.0421 3956 Mraid35x - ok
16:12:55.0453 3956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:12:55.0453 3956 MRxDAV - ok
16:12:55.0484 3956 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:55.0484 3956 mrxsmb - ok
16:12:55.0531 3956 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:55.0531 3956 mrxsmb10 - ok
16:12:55.0593 3956 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:55.0593 3956 mrxsmb20 - ok
16:12:55.0640 3956 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:12:55.0655 3956 msahci - ok
16:12:55.0687 3956 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:12:55.0702 3956 msdsm - ok
16:12:55.0733 3956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:12:55.0749 3956 Msfs - ok
16:12:55.0827 3956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:12:55.0827 3956 msisadrv - ok
16:12:55.0858 3956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:12:55.0874 3956 MSKSSRV - ok
16:12:55.0905 3956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:55.0905 3956 MSPCLOCK - ok
16:12:55.0921 3956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:12:55.0936 3956 MSPQM - ok
16:12:55.0983 3956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:12:55.0983 3956 MsRPC - ok
16:12:55.0999 3956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:12:55.0999 3956 mssmbios - ok
16:12:56.0014 3956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:12:56.0014 3956 MSTEE - ok
16:12:56.0045 3956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:12:56.0045 3956 Mup - ok
16:12:56.0092 3956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:12:56.0092 3956 NativeWifiP - ok
16:12:56.0155 3956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:12:56.0170 3956 NDIS - ok
16:12:56.0186 3956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:56.0186 3956 NdisTapi - ok
16:12:56.0201 3956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:56.0201 3956 Ndisuio - ok
16:12:56.0233 3956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:56.0233 3956 NdisWan - ok
16:12:56.0248 3956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:12:56.0248 3956 NDProxy - ok
16:12:56.0264 3956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:12:56.0264 3956 NetBIOS - ok
16:12:56.0311 3956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:12:56.0326 3956 netbt - ok
16:12:56.0373 3956 netr28u (9929b7d15cb87ee2dcb2060dae623a62) C:\Windows\system32\DRIVERS\netr28u.sys
16:12:56.0389 3956 netr28u - ok
16:12:56.0404 3956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:12:56.0404 3956 nfrd960 - ok
16:12:56.0420 3956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:12:56.0451 3956 Npfs - ok
16:12:56.0482 3956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:12:56.0482 3956 nsiproxy - ok
16:12:56.0545 3956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:12:56.0576 3956 Ntfs - ok
16:12:56.0607 3956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:12:56.0607 3956 ntrigdigi - ok
16:12:56.0638 3956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:12:56.0638 3956 Null - ok
16:12:56.0669 3956 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:12:56.0685 3956 nvraid - ok
16:12:56.0716 3956 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:12:56.0716 3956 nvstor - ok
16:12:56.0732 3956 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:12:56.0732 3956 nv_agp - ok
16:12:56.0747 3956 NwlnkFlt - ok
16:12:56.0763 3956 NwlnkFwd - ok
16:12:56.0825 3956 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:12:56.0841 3956 ohci1394 - ok
16:12:56.0903 3956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:12:56.0903 3956 Parport - ok
16:12:56.0950 3956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:12:56.0950 3956 partmgr - ok
16:12:57.0028 3956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:12:57.0028 3956 Parvdm - ok
16:12:57.0122 3956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:12:57.0137 3956 pci - ok
16:12:57.0215 3956 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:12:57.0215 3956 pciide - ok
16:12:57.0247 3956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:12:57.0247 3956 pcmcia - ok
16:12:57.0293 3956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:12:57.0309 3956 PEAUTH - ok
16:12:57.0356 3956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:12:57.0356 3956 PptpMiniport - ok
16:12:57.0387 3956 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:12:57.0387 3956 Processor - ok
16:12:57.0434 3956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:12:57.0434 3956 PSched - ok
16:12:57.0465 3956 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
16:12:57.0465 3956 PxHelp20 - ok
16:12:57.0527 3956 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:12:57.0559 3956 ql2300 - ok
16:12:57.0574 3956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:12:57.0574 3956 ql40xx - ok
16:12:57.0605 3956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:12:57.0605 3956 QWAVEdrv - ok
16:12:57.0621 3956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:12:57.0637 3956 RasAcd - ok
16:12:57.0652 3956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:57.0652 3956 Rasl2tp - ok
16:12:57.0699 3956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:57.0715 3956 RasPppoe - ok
16:12:57.0761 3956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:12:57.0761 3956 RasSstp - ok
16:12:57.0808 3956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:12:57.0824 3956 rdbss - ok
16:12:57.0839 3956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:57.0839 3956 RDPCDD - ok
16:12:57.0871 3956 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:12:57.0886 3956 rdpdr - ok
16:12:57.0886 3956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:12:57.0902 3956 RDPENCDD - ok
16:12:57.0964 3956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:12:57.0964 3956 RDPWD - ok
16:12:58.0011 3956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:12:58.0011 3956 rspndr - ok
16:12:58.0042 3956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:12:58.0058 3956 sbp2port - ok
16:12:58.0089 3956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:12:58.0120 3956 secdrv - ok
16:12:58.0183 3956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:12:58.0183 3956 Serenum - ok
16:12:58.0229 3956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:12:58.0229 3956 Serial - ok
16:12:58.0261 3956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:12:58.0276 3956 sermouse - ok
16:12:58.0307 3956 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:12:58.0323 3956 sffdisk - ok
16:12:58.0339 3956 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:12:58.0339 3956 sffp_mmc - ok
16:12:58.0370 3956 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:12:58.0370 3956 sffp_sd - ok
16:12:58.0385 3956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:12:58.0385 3956 sfloppy - ok
16:12:58.0417 3956 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:12:58.0432 3956 sisagp - ok
16:12:58.0448 3956 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:12:58.0463 3956 SiSRaid2 - ok
16:12:58.0510 3956 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:12:58.0526 3956 SiSRaid4 - ok
16:12:58.0604 3956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:12:58.0604 3956 Smb - ok
16:12:58.0697 3956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:12:58.0697 3956 spldr - ok
16:12:58.0775 3956 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:12:58.0791 3956 srv - ok
16:12:58.0807 3956 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:12:58.0838 3956 srv2 - ok
16:12:58.0869 3956 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:12:58.0869 3956 srvnet - ok
16:12:58.0947 3956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:12:58.0963 3956 swenum - ok
16:12:58.0994 3956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:12:59.0009 3956 Symc8xx - ok
16:12:59.0041 3956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:12:59.0056 3956 Sym_hi - ok
16:12:59.0103 3956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:12:59.0103 3956 Sym_u3 - ok
16:12:59.0243 3956 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:12:59.0275 3956 Tcpip - ok
16:12:59.0353 3956 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:12:59.0368 3956 Tcpip6 - ok
16:12:59.0446 3956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:12:59.0462 3956 tcpipreg - ok
16:12:59.0524 3956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:12:59.0540 3956 TDPIPE - ok
16:12:59.0571 3956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:12:59.0587 3956 TDTCP - ok
16:12:59.0649 3956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:12:59.0649 3956 tdx - ok
16:12:59.0711 3956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:12:59.0711 3956 TermDD - ok
16:12:59.0789 3956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:59.0789 3956 tssecsrv - ok
16:12:59.0836 3956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:12:59.0836 3956 tunmp - ok
16:12:59.0883 3956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:12:59.0883 3956 tunnel - ok
16:12:59.0930 3956 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:12:59.0961 3956 uagp35 - ok
16:13:00.0070 3956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:13:00.0101 3956 udfs - ok
16:13:00.0164 3956 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:13:00.0164 3956 uliagpkx - ok
16:13:00.0211 3956 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:13:00.0257 3956 uliahci - ok
16:13:00.0304 3956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:13:00.0304 3956 UlSata - ok
16:13:00.0320 3956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:13:00.0335 3956 ulsata2 - ok
16:13:00.0351 3956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:13:00.0351 3956 umbus - ok
16:13:00.0398 3956 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
16:13:00.0398 3956 usbccgp - ok
16:13:00.0413 3956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:13:00.0429 3956 usbcir - ok
16:13:00.0460 3956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:13:00.0460 3956 usbehci - ok
16:13:00.0507 3956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:13:00.0523 3956 usbhub - ok
16:13:00.0554 3956 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:13:00.0554 3956 usbohci - ok
16:13:00.0585 3956 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:13:00.0585 3956 usbprint - ok
16:13:00.0632 3956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:00.0632 3956 USBSTOR - ok
16:13:00.0679 3956 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:13:00.0694 3956 usbuhci - ok
16:13:00.0725 3956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:00.0725 3956 vga - ok
16:13:00.0741 3956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:13:00.0741 3956 VgaSave - ok
16:13:00.0757 3956 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:13:00.0772 3956 viaagp - ok
16:13:00.0788 3956 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:13:00.0788 3956 ViaC7 - ok
16:13:00.0819 3956 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:13:00.0819 3956 viaide - ok
16:13:00.0835 3956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:13:00.0866 3956 volmgr - ok
16:13:00.0913 3956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:13:00.0928 3956 volmgrx - ok
16:13:00.0944 3956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:13:00.0959 3956 volsnap - ok
16:13:01.0006 3956 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:13:01.0022 3956 vsmraid - ok
16:13:01.0100 3956 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:13:01.0100 3956 wacmoumonitor - ok
16:13:01.0115 3956 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:13:01.0115 3956 wacommousefilter - ok
16:13:01.0147 3956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:13:01.0147 3956 WacomPen - ok
16:13:01.0162 3956 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
16:13:01.0162 3956 wacomvhid - ok
16:13:01.0193 3956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:01.0193 3956 Wanarp - ok
16:13:01.0209 3956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:01.0209 3956 Wanarpv6 - ok
16:13:01.0240 3956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:13:01.0240 3956 Wd - ok
16:13:01.0271 3956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:13:01.0287 3956 Wdf01000 - ok
16:13:01.0349 3956 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:13:01.0365 3956 WmiAcpi - ok
16:13:01.0396 3956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:01.0396 3956 ws2ifsl - ok
16:13:01.0427 3956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:01.0443 3956 WUDFRd - ok
16:13:01.0459 3956 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:13:01.0474 3956 \Device\Harddisk0\DR0 - ok
16:13:01.0474 3956 Boot (0x1200) (d6b7db2ec45a5dc81f9414bdba290fff) \Device\Harddisk0\DR0\Partition0
16:13:01.0474 3956 \Device\Harddisk0\DR0\Partition0 - ok
16:13:01.0474 3956 ============================================================
16:13:01.0474 3956 Scan finished
16:13:01.0474 3956 ============================================================
16:13:01.0490 4724 Detected object count: 0
16:13:01.0490 4724 Actual detected object count: 0
16:16:09.0987 1888 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 29 November 2011 - 11:35 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 30 November 2011 - 05:22 AM

Hello again Gringo,
The ASW scan went fine. Two files were produced, the aswMBR notepad which is pasted in below, and MBR.dat. Windows couldn't open a file of this type but I am guessing, not having mentioned it, that you do not need it. When the scan was completed, as well as the 'save log' botton there was also a 'fix' button but I ignored this not having told otherwise. Thanks again for your help.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-30 09:30:13
-----------------------------
09:30:13.348 OS Version: Windows 6.0.6002 Service Pack 2
09:30:13.348 Number of processors: 2 586 0x1706
09:30:13.348 ComputerName: IANBISHOP-PC UserName: Ian Bishop
09:30:36.408 Initialize success
09:31:00.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:31:00.098 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3
09:31:02.142 Disk 0 MBR read successfully
09:31:02.142 Disk 0 MBR scan
09:31:02.142 Disk 0 Windows VISTA default MBR code
09:31:02.142 Disk 0 scanning sectors +625139712
09:31:02.251 Disk 0 scanning C:\Windows\system32\drivers
09:31:10.691 Service scanning
09:31:11.830 Modules scanning
09:31:16.260 Disk 0 trace - called modules:
09:31:16.276 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:31:16.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8552cac8]
09:31:16.291 3 CLASSPNP.SYS[87fa38b3] -> nt!IofCallDriver -> [0x84260898]
09:31:16.291 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84c48b98]
09:31:16.322 Scan finished successfully
09:32:27.125 Disk 0 MBR has been saved successfully to "C:\Users\Ian Bishop\Desktop\MBR.dat"
09:32:27.141 The log file has been saved successfully to "C:\Users\Ian Bishop\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 30 November 2011 - 08:45 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 December 2011 - 06:24 AM

Hello Gringo - this time I hit a problem.

All went well until the reboot when I got '...boot error' and had to shut down to get out of the situation.
The Puppy ISO I downloaded was called lupu-528.iso and I saved it to desktop.

I was very careful after launching Unebootin to get things right on the ooptions ie: disk image, location/file, USB drive and its proper drive letter. All seemed to go well.

During the reboot there were two options to enter into 'Set Up' and 'Boot Menu' (F12) I chose Boot Menu and was shown a screen that already gave a boot order topped by removable device/USB etc. I used the exit key defined and got boot error.I shut down and rebooted this time trying the other key option in the Boot Menu which was accept:enter and still got boot error and shut down again.

I rebooted successfully without the USB drive and shut down and tried simply to reboot once more (not entering the boot menu) with the USB inserted but the same problem occured.

I thought I'd better consult - any thoughts?

Thanks again for your time.
Ian

#10 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 December 2011 - 06:39 AM

Sorry Gringo - I forgot to add that after the problems I opened the the USB drive to check and it seemed to me that the right sort of files were there so I guess the copy process went ok.
Ian

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 02 December 2011 - 09:15 PM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 03 December 2011 - 09:08 AM

Hello Gringo,
I ran the Kaspersky tool. In the settings of this (latest) version there wasn't an 'OS' to tick. Guessing this meant operating system I ticked 'C' instead thinking this would include it. During the scan a pop-up appeared several times indicating that a particular file was password protected. Anyway, by the end no threats were detected and maybe for this reason there was no report available to save and paste in here. I wondered if this means the puppylinux problem is solvable?
Thanks again.
Ian

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 06 December 2011 - 01:18 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ian456

ian456
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 07 December 2011 - 05:40 AM

Hi Gringo,
I ran fixTDSS and on completion is said, 'Backdoor Tidserv has not been found..'
I re-ran aswMBR and the log is pasted below.
Many thanks
Ian

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 10:30:08
-----------------------------
10:30:08.116 OS Version: Windows 6.0.6002 Service Pack 2
10:30:08.116 Number of processors: 2 586 0x1706
10:30:08.116 ComputerName: IANBISHOP-PC UserName: Ian Bishop
10:30:35.964 Initialize success
10:30:59.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:30:59.929 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3
10:31:01.957 Disk 0 MBR read successfully
10:31:01.957 Disk 0 MBR scan
10:31:01.957 Disk 0 Windows VISTA default MBR code
10:31:01.957 Disk 0 scanning sectors +625139712
10:31:02.019 Disk 0 scanning C:\Windows\system32\drivers
10:31:10.381 Service scanning
10:31:11.910 Modules scanning
10:31:21.395 Disk 0 trace - called modules:
10:31:21.457 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
10:31:21.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854a7aa0]
10:31:21.473 3 CLASSPNP.SYS[87fa98b3] -> nt!IofCallDriver -> [0x84be9a68]
10:31:21.473 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84c0fb98]
10:31:21.473 Scan finished successfully
10:32:19.115 Disk 0 MBR has been saved successfully to "C:\Users\Ian Bishop\Desktop\MBR.dat"
10:32:19.115 The log file has been saved successfully to "C:\Users\Ian Bishop\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 AM

Posted 08 December 2011 - 09:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users