Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malicious Win32:MBRoot code


  • This topic is locked This topic is locked
36 replies to this topic

#1 wrdsmth

wrdsmth

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 13 December 2011 - 05:16 AM

hi,
the symptoms the machine displays are Windows Defender won't start, Windows Malicious Software Removal Tool won't install nor will Windows 7 SP1.

before running any of your diagnostic programs, i had reinstalled windows 7 but that didn't cure anything since it appears that the master boot record is messed up.

GMER ran for 19 hours and wasn't finished yet (this is a dual core processor machine and it was running at 50 to 90% of processor capacity). the data in the file showed up during the first 1/2 hour, hope that will be enough to get started. can run GMER again if you want but i'll try to delete some of the old OS files before i try that again.

looking forward to working with you to get this cleared up and having a secure machine again,

TIA,
bob moul

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by belize at 6:03:50 on 2011-12-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3068.1251 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ChgService.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\GFI Software\VIPRE\SBAMUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Zoom 7.2M Tri-band Modem\USB Modem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: Interfaces\{D11D60B3-7406-49A4-A44A-598B6450CA7A} : NameServer = 200.32.248.1 200.32.218.132
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\belize\appdata\roaming\mozilla\firefox\profiles\6pj202vi.default\
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsldf659b23;MpKsldf659b23;c:\programdata\microsoft\microsoft antimalware\definition updates\{ad3900c9-06c8-4e19-9718-9ffea8d5f263}\MpKsldf659b23.sys [2011-12-11 29904]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-11 223864]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-12-11 135168]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-12-11 105984]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-12-11 94584]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-11-1 72312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-12-11 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-11 93816]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-12 1343400]
.
=============== Created Last 30 ================
.
2011-12-12 10:34:06 -------- d-----w- c:\users\belize\appdata\local\ElevatedDiagnostics
2011-12-12 09:01:00 -------- d-----w- c:\windows\system32\Wat
2011-12-12 02:11:32 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad3900c9-06c8-4e19-9718-9ffea8d5f263}\MpKsldf659b23.sys
2011-12-12 02:11:25 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad3900c9-06c8-4e19-9718-9ffea8d5f263}\offreg.dll
2011-12-12 02:11:24 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad3900c9-06c8-4e19-9718-9ffea8d5f263}\mpengine.dll
2011-12-11 22:53:02 -------- d-----w- c:\programdata\GFI Software
2011-12-11 22:52:55 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-12-11 22:52:49 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-12-11 22:52:49 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-12-11 22:52:47 -------- d-----w- c:\windows\system32\drivers\VDD
2011-12-11 22:30:43 -------- d-----w- c:\program files\GFI Software
2011-12-11 22:29:37 -------- d-----w- c:\users\belize\appdata\roaming\GFI Software
2011-12-11 19:13:31 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-11 18:51:52 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-11 18:37:00 -------- d-----w- c:\users\belize\appdata\local\Mozilla
2011-12-11 18:34:33 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-12-11 18:34:33 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-12-11 18:33:48 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-12-11 18:33:48 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-12-11 18:33:48 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-12-11 18:33:48 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-12-11 18:33:48 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-12-11 18:33:48 204288 ----a-w- c:\windows\system32\upnp.dll
2011-12-11 18:33:48 14336 ----a-w- c:\windows\system32\slwga.dll
2011-12-11 18:33:48 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-12-11 18:33:48 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-12-11 18:33:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-11 18:31:26 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-12-11 18:31:26 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-12-11 18:31:26 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-12-11 18:31:26 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-12-11 18:31:26 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-12-11 18:31:26 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-12-11 18:31:11 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-11 18:31:11 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-11 18:31:07 1619968 ----a-w- c:\program files\windows mail\msoe.dll
2011-12-11 18:18:59 766976 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-12-11 18:18:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-11 18:06:40 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-12-11 18:06:39 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-12-11 18:06:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-11 18:06:39 3181568 ----a-w- c:\windows\system32\mf.dll
2011-12-11 18:06:39 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-11 18:06:39 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-12-11 18:06:39 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-11 18:06:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-12-11 18:06:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-12-11 17:52:17 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-12-11 17:51:10 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-11 17:51:10 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-11 17:51:10 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-12-11 17:51:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-11 17:51:10 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-12-11 17:48:09 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-11 17:31:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-12-11 17:29:21 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-12-11 17:29:21 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-12-11 17:29:20 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-11 17:29:20 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-11 17:29:12 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-12-11 17:27:17 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-11 17:27:17 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-11 17:27:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-11 17:27:03 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-11 17:25:56 2339840 ----a-w- c:\windows\system32\win32k.sys
2011-12-11 17:24:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-11 17:24:36 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-11 17:23:42 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-11 17:23:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-12-11 17:23:42 107520 ----a-w- c:\windows\system32\cdd.dll
2011-12-11 17:23:31 34816 ----a-w- c:\windows\system32\msasn1.dll
2011-12-11 17:23:27 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-11 17:23:25 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-12-11 17:23:25 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-11 17:23:25 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-11 17:23:25 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-12-11 17:23:25 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-11 17:23:25 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-11 17:23:00 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-11 17:21:53 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-12-11 17:21:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-11 17:21:42 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-11 17:21:36 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-12-11 17:21:20 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-12-11 17:21:20 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-12-11 17:21:20 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-12-11 17:20:57 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-12-11 17:20:47 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-12-11 17:20:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-11 17:20:10 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-11 17:19:20 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-11 17:19:10 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-11 16:43:30 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{249ef857-1f9c-4965-a27c-85a0d0cef454}\gapaengine.dll
2011-12-11 16:43:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-11 16:32:26 101760 ----a-w- c:\windows\system32\consent.exe
2011-12-11 16:14:42 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-12-11 15:13:21 -------- d-sh--w- c:\windows\Installer
2011-12-11 15:13:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-11 15:13:16 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-11 15:13:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-12-11 15:12:56 132608 ----a-w- c:\windows\system32\cabview.dll
2011-12-11 15:05:11 -------- d-----w- c:\users\belize\appdata\local\Microsoft Games
2011-12-11 14:39:33 105984 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2011-12-11 14:39:33 103424 ----a-w- c:\windows\system32\MyDIT_GenClassCoInst.dll
2011-12-11 14:39:32 135168 ----a-w- c:\windows\system32\ChgService.exe
2011-12-11 14:39:32 -------- d-----w- c:\program files\Zoom 7.2M Tri-band Modem
2011-12-11 14:09:38 -------- d-----w- c:\windows\system32\wbem\Performance
2011-12-11 13:21:06 -------- d-----w- c:\windows\Panther
2011-12-11 13:13:47 -------- d-----w- C:\Windows.old
.
==================== Find3M ====================
.
2011-11-01 06:42:10 11632 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
2011-11-01 06:42:02 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-11-01 06:08:14 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2011-10-26 21:40:02 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 6:04:49.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 18 December 2011 - 09:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 19 December 2011 - 05:42 AM

hi m0le,

thanks for taking this on. was starting to get worried that no one would be interested in dealing with what appears to be a really nasty situation on this machine.

haven't done any installs or updates so i think we're ready to go.

just as background, i was a programmer in the microsoft office environment for 20 years so i'm not a complete tyro with these things. on the other hand, whenever a machine got a virus or trojan my only option was to format the hard drive to get rid of it. would prefer not to take that route this time.

hope to hear from you soon,
bob

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 19 December 2011 - 08:51 PM

Can you run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 20 December 2011 - 05:39 AM

hi m0le,

here is the log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 03:12:54
-----------------------------
03:12:54.615 OS Version: Windows 6.1.7600
03:12:54.615 Number of processors: 2 586 0x170A
03:12:54.617 ComputerName: BELIZE-PC UserName: belize
03:12:56.919 Initialize success
04:29:51.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
04:29:51.292 Disk 0 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
04:29:53.342 Disk 0 MBR read successfully
04:29:53.345 Disk 0 MBR scan
04:29:53.348 Disk 0 Windows 7 default MBR code
04:29:53.352 Disk 0 scanning sectors +293025600
04:29:53.374 Disk 0 malicious Win32:MBRoot code @ sector 293025603 !
04:29:53.376 Disk 0 PE file @ sector 293025625 !
04:29:53.397 Disk 0 scanning C:\Windows\system32\drivers
04:29:56.544 Service scanning
04:29:57.011 Service MpKslc85ce3a2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A04951-DFEA-4A52-B5DA-A377EF4EB999}\MpKslc85ce3a2.sys **LOCKED** 32
04:29:57.015 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
04:29:57.654 Modules scanning
04:30:06.043 Disk 0 trace - called modules:
04:30:06.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
04:30:06.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d88030]
04:30:06.078 3 CLASSPNP.SYS[8af8d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0x858d0030]
04:30:06.083 Scan finished successfully
04:30:34.891 Disk 0 MBR has been saved successfully to "C:\Users\belize\Desktop\MBR.dat"
04:30:34.896 The log file has been saved successfully to "C:\Users\belize\Desktop\aswMBR.txt"

hope you're doing well there in london,
take care,
bob

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 20 December 2011 - 06:49 PM

The aswMBR log shows that an MBR infection was here but only the backup remains. Have you run anything other than the DDS and Gmer tools?
Posted Image
m0le is a proud member of UNITE

#7 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 21 December 2011 - 05:20 AM

hi m0le,

a while back, about a year and a half ago when i was still running XP Pro, i believed there was a problem and consulted one of the techs where i had the computer built. he advised me to download and run combofix; that made a difference and i thought i was done with the problem. i now know that was a bad idea and can only apologize for my ignorance.

there is still something wrong here, i believe. not installing the windows updates and having 2 copies of csrss.exe running all the time isn't healthy or normal as far as i know. the Vipre firewall indicates that every time i start up an internet connection, something wants to create a vpn that isn't my isp connection.

i hope we can still look at the current situation and that i haven't made the task more difficult by my prior actions.

again, apologies,
bob

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 21 December 2011 - 08:12 PM

If you haven't run anything recently other than the scanning tools then we have to take the MBR message as a problem


Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


London's fine, by the way :busy:
Posted Image
m0le is a proud member of UNITE

#9 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 22 December 2011 - 04:40 AM

hi m0le,

tdsskiller didn't find any objects to cure still here's the report
03:17:48.0616 4508 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
03:17:48.0627 4508 ============================================================
03:17:48.0627 4508 Current date / time: 2011/12/22 03:17:48.0627
03:17:48.0627 4508 SystemInfo:
03:17:48.0627 4508
03:17:48.0627 4508 OS Version: 6.1.7600 ServicePack: 0.0
03:17:48.0627 4508 Product type: Workstation
03:17:48.0627 4508 ComputerName: BELIZE-PC
03:17:48.0627 4508 UserName: belize
03:17:48.0627 4508 Windows directory: C:\Windows
03:17:48.0627 4508 System windows directory: C:\Windows
03:17:48.0627 4508 Processor architecture: Intel x86
03:17:48.0627 4508 Number of processors: 2
03:17:48.0627 4508 Page size: 0x1000
03:17:48.0627 4508 Boot type: Normal boot
03:17:48.0627 4508 ============================================================
03:17:49.0625 4508 Initialize success
03:18:21.0110 2212 ============================================================
03:18:21.0110 2212 Scan started
03:18:21.0110 2212 Mode: Manual;
03:18:21.0110 2212 ============================================================
03:18:21.0486 2212 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
03:18:21.0487 2212 1394ohci - ok
03:18:21.0506 2212 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
03:18:21.0509 2212 ACPI - ok
03:18:21.0526 2212 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
03:18:21.0536 2212 AcpiPmi - ok
03:18:21.0570 2212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:18:21.0588 2212 adp94xx - ok
03:18:21.0598 2212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:18:21.0608 2212 adpahci - ok
03:18:21.0617 2212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:18:21.0632 2212 adpu320 - ok
03:18:21.0683 2212 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
03:18:21.0702 2212 AFD - ok
03:18:21.0716 2212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
03:18:21.0730 2212 agp440 - ok
03:18:21.0749 2212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:18:21.0762 2212 aic78xx - ok
03:18:21.0771 2212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
03:18:21.0782 2212 aliide - ok
03:18:21.0799 2212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
03:18:21.0807 2212 amdagp - ok
03:18:21.0814 2212 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
03:18:21.0826 2212 amdide - ok
03:18:21.0840 2212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:18:21.0844 2212 AmdK8 - ok
03:18:21.0858 2212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:18:21.0868 2212 AmdPPM - ok
03:18:21.0958 2212 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
03:18:21.0972 2212 amdsata - ok
03:18:21.0992 2212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:18:21.0997 2212 amdsbs - ok
03:18:22.0003 2212 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
03:18:22.0004 2212 amdxata - ok
03:18:22.0021 2212 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
03:18:22.0036 2212 AppID - ok
03:18:22.0059 2212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:18:22.0070 2212 arc - ok
03:18:22.0086 2212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:18:22.0102 2212 arcsas - ok
03:18:22.0119 2212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:18:22.0132 2212 AsyncMac - ok
03:18:22.0138 2212 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
03:18:22.0139 2212 atapi - ok
03:18:22.0173 2212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:18:22.0189 2212 b06bdrv - ok
03:18:22.0204 2212 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:18:22.0214 2212 b57nd60x - ok
03:18:22.0248 2212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:18:22.0258 2212 Beep - ok
03:18:22.0273 2212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:18:22.0285 2212 blbdrive - ok
03:18:22.0307 2212 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
03:18:22.0308 2212 bowser - ok
03:18:22.0325 2212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:18:22.0333 2212 BrFiltLo - ok
03:18:22.0348 2212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:18:22.0350 2212 BrFiltUp - ok
03:18:22.0365 2212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:18:22.0370 2212 Brserid - ok
03:18:22.0381 2212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:18:22.0393 2212 BrSerWdm - ok
03:18:22.0474 2212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:18:22.0482 2212 BrUsbMdm - ok
03:18:22.0498 2212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
03:18:22.0510 2212 BrUsbSer - ok
03:18:22.0522 2212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:18:22.0531 2212 BTHMODEM - ok
03:18:22.0557 2212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:18:22.0559 2212 cdfs - ok
03:18:22.0575 2212 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
03:18:22.0590 2212 cdrom - ok
03:18:22.0623 2212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:18:22.0634 2212 circlass - ok
03:18:22.0666 2212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:18:22.0669 2212 CLFS - ok
03:18:22.0696 2212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:18:22.0704 2212 CmBatt - ok
03:18:22.0712 2212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
03:18:22.0728 2212 cmdide - ok
03:18:22.0765 2212 cmnsusbser (ce0d4eac1cd08ecf5fb9eab4b1e403c7) C:\Windows\system32\DRIVERS\cmnsusbser.sys
03:18:23.0178 2212 cmnsusbser - ok
03:18:23.0199 2212 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
03:18:23.0205 2212 CNG - ok
03:18:23.0211 2212 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:18:23.0213 2212 Compbatt - ok
03:18:23.0224 2212 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:18:23.0236 2212 CompositeBus - ok
03:18:23.0265 2212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:18:23.0271 2212 crcdisk - ok
03:18:23.0356 2212 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
03:18:23.0357 2212 DfsC - ok
03:18:23.0380 2212 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:18:23.0393 2212 discache - ok
03:18:23.0411 2212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:18:23.0412 2212 Disk - ok
03:18:23.0450 2212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:18:23.0460 2212 drmkaud - ok
03:18:23.0495 2212 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
03:18:23.0511 2212 DXGKrnl - ok
03:18:23.0538 2212 e1kexpress (3ea531906572ffd549b72a10f828e58c) C:\Windows\system32\DRIVERS\e1k6032.sys
03:18:23.0548 2212 e1kexpress - ok
03:18:23.0606 2212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:18:23.0661 2212 ebdrv - ok
03:18:23.0686 2212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:18:23.0701 2212 elxstor - ok
03:18:23.0718 2212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
03:18:23.0730 2212 ErrDev - ok
03:18:23.0756 2212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:18:23.0759 2212 exfat - ok
03:18:23.0773 2212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:18:23.0776 2212 fastfat - ok
03:18:23.0864 2212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:18:23.0877 2212 fdc - ok
03:18:23.0888 2212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:18:23.0890 2212 FileInfo - ok
03:18:23.0906 2212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:18:23.0917 2212 Filetrace - ok
03:18:23.0929 2212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:18:23.0941 2212 flpydisk - ok
03:18:23.0963 2212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:18:23.0970 2212 FltMgr - ok
03:18:23.0987 2212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:18:24.0000 2212 FsDepends - ok
03:18:24.0006 2212 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
03:18:24.0015 2212 Fs_Rec - ok
03:18:24.0052 2212 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
03:18:24.0054 2212 fvevol - ok
03:18:24.0076 2212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:18:24.0088 2212 gagp30kx - ok
03:18:24.0102 2212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:18:24.0110 2212 hcw85cir - ok
03:18:24.0147 2212 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
03:18:24.0160 2212 HdAudAddService - ok
03:18:24.0181 2212 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:18:24.0182 2212 HDAudBus - ok
03:18:24.0198 2212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:18:24.0210 2212 HidBatt - ok
03:18:24.0223 2212 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:18:24.0234 2212 HidBth - ok
03:18:24.0248 2212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:18:24.0258 2212 HidIr - ok
03:18:24.0337 2212 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
03:18:24.0352 2212 HidUsb - ok
03:18:24.0389 2212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
03:18:24.0402 2212 HpSAMD - ok
03:18:24.0429 2212 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
03:18:24.0452 2212 HTTP - ok
03:18:24.0458 2212 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
03:18:24.0459 2212 hwpolicy - ok
03:18:24.0477 2212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
03:18:24.0491 2212 i8042prt - ok
03:18:24.0507 2212 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
03:18:24.0520 2212 iaStorV - ok
03:18:24.0530 2212 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:18:24.0533 2212 iirsp - ok
03:18:24.0543 2212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
03:18:24.0548 2212 intelide - ok
03:18:24.0562 2212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:18:24.0563 2212 intelppm - ok
03:18:24.0582 2212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:18:24.0592 2212 IpFilterDriver - ok
03:18:24.0617 2212 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:18:24.0625 2212 IPMIDRV - ok
03:18:24.0640 2212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:18:24.0652 2212 IPNAT - ok
03:18:24.0665 2212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:18:24.0676 2212 IRENUM - ok
03:18:24.0692 2212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
03:18:24.0707 2212 isapnp - ok
03:18:24.0724 2212 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
03:18:24.0734 2212 iScsiPrt - ok
03:18:24.0750 2212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:18:24.0761 2212 kbdclass - ok
03:18:24.0828 2212 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
03:18:24.0831 2212 kbdhid - ok
03:18:24.0840 2212 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
03:18:24.0841 2212 KSecDD - ok
03:18:24.0870 2212 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
03:18:24.0872 2212 KSecPkg - ok
03:18:24.0890 2212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:18:24.0901 2212 lltdio - ok
03:18:24.0927 2212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:18:24.0944 2212 LSI_FC - ok
03:18:24.0952 2212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:18:24.0958 2212 LSI_SAS - ok
03:18:24.0965 2212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:18:24.0974 2212 LSI_SAS2 - ok
03:18:24.0982 2212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:18:24.0988 2212 LSI_SCSI - ok
03:18:25.0008 2212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:18:25.0010 2212 luafv - ok
03:18:25.0021 2212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:18:25.0032 2212 megasas - ok
03:18:25.0041 2212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:18:25.0056 2212 MegaSR - ok
03:18:25.0066 2212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:18:25.0067 2212 Modem - ok
03:18:25.0146 2212 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:18:25.0147 2212 monitor - ok
03:18:25.0168 2212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
03:18:25.0184 2212 mouclass - ok
03:18:25.0211 2212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:18:25.0226 2212 mouhid - ok
03:18:25.0234 2212 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
03:18:25.0235 2212 mountmgr - ok
03:18:25.0280 2212 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
03:18:25.0282 2212 MpFilter - ok
03:18:25.0298 2212 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
03:18:25.0313 2212 mpio - ok
03:18:25.0359 2212 MpKsl33a6048f - ok
03:18:25.0402 2212 MpKslc85ce3a2 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A04951-DFEA-4A52-B5DA-A377EF4EB999}\MpKslc85ce3a2.sys
03:18:25.0417 2212 MpKslc85ce3a2 - ok
03:18:25.0433 2212 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
03:18:25.0447 2212 MpNWMon - ok
03:18:25.0455 2212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:18:25.0464 2212 mpsdrv - ok
03:18:25.0480 2212 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
03:18:25.0494 2212 MRxDAV - ok
03:18:25.0542 2212 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:18:25.0544 2212 mrxsmb - ok
03:18:25.0579 2212 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:18:25.0582 2212 mrxsmb10 - ok
03:18:25.0645 2212 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:18:25.0646 2212 mrxsmb20 - ok
03:18:25.0687 2212 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
03:18:25.0697 2212 msahci - ok
03:18:25.0705 2212 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
03:18:25.0712 2212 msdsm - ok
03:18:25.0727 2212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:18:25.0728 2212 Msfs - ok
03:18:25.0740 2212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:18:25.0750 2212 mshidkmdf - ok
03:18:25.0755 2212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
03:18:25.0756 2212 msisadrv - ok
03:18:25.0791 2212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:18:25.0802 2212 MSKSSRV - ok
03:18:25.0833 2212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:18:25.0842 2212 MSPCLOCK - ok
03:18:25.0857 2212 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:18:25.0871 2212 MSPQM - ok
03:18:25.0887 2212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:18:25.0889 2212 MsRPC - ok
03:18:25.0897 2212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
03:18:25.0897 2212 mssmbios - ok
03:18:25.0912 2212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:18:25.0918 2212 MSTEE - ok
03:18:25.0935 2212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:18:25.0943 2212 MTConfig - ok
03:18:25.0950 2212 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:18:25.0951 2212 Mup - ok
03:18:25.0982 2212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:18:25.0993 2212 NativeWifiP - ok
03:18:26.0021 2212 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
03:18:26.0029 2212 NDIS - ok
03:18:26.0115 2212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:18:26.0124 2212 NdisCap - ok
03:18:26.0140 2212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:18:26.0153 2212 NdisTapi - ok
03:18:26.0179 2212 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
03:18:26.0193 2212 Ndisuio - ok
03:18:26.0201 2212 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
03:18:26.0211 2212 NdisWan - ok
03:18:26.0219 2212 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
03:18:26.0231 2212 NDProxy - ok
03:18:26.0239 2212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:18:26.0240 2212 NetBIOS - ok
03:18:26.0250 2212 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
03:18:26.0258 2212 NetBT - ok
03:18:26.0293 2212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:18:26.0306 2212 nfrd960 - ok
03:18:26.0332 2212 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
03:18:26.0346 2212 NisDrv - ok
03:18:26.0367 2212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:18:26.0368 2212 Npfs - ok
03:18:26.0375 2212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:18:26.0386 2212 nsiproxy - ok
03:18:26.0415 2212 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
03:18:26.0440 2212 Ntfs - ok
03:18:26.0473 2212 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:18:26.0484 2212 Null - ok
03:18:26.0663 2212 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:18:26.0816 2212 nvlddmkm - ok
03:18:26.0864 2212 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
03:18:26.0876 2212 nvraid - ok
03:18:26.0894 2212 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
03:18:26.0909 2212 nvstor - ok
03:18:26.0923 2212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
03:18:26.0927 2212 nv_agp - ok
03:18:26.0948 2212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
03:18:26.0957 2212 ohci1394 - ok
03:18:26.0968 2212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:18:26.0981 2212 Parport - ok
03:18:26.0989 2212 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
03:18:26.0990 2212 partmgr - ok
03:18:26.0998 2212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:18:27.0006 2212 Parvdm - ok
03:18:27.0024 2212 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
03:18:27.0026 2212 pci - ok
03:18:27.0032 2212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
03:18:27.0033 2212 pciide - ok
03:18:27.0052 2212 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:18:27.0065 2212 pcmcia - ok
03:18:27.0072 2212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:18:27.0074 2212 pcw - ok
03:18:27.0084 2212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:18:27.0094 2212 PEAUTH - ok
03:18:27.0151 2212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:18:27.0162 2212 PptpMiniport - ok
03:18:27.0174 2212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:18:27.0176 2212 Processor - ok
03:18:27.0202 2212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:18:27.0211 2212 Psched - ok
03:18:27.0243 2212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:18:27.0273 2212 ql2300 - ok
03:18:27.0320 2212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:18:27.0324 2212 ql40xx - ok
03:18:27.0362 2212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:18:27.0375 2212 QWAVEdrv - ok
03:18:27.0391 2212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:18:27.0404 2212 RasAcd - ok
03:18:27.0441 2212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:18:27.0455 2212 RasAgileVpn - ok
03:18:27.0465 2212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:18:27.0471 2212 Rasl2tp - ok
03:18:27.0492 2212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:18:27.0495 2212 RasPppoe - ok
03:18:27.0511 2212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:18:27.0522 2212 RasSstp - ok
03:18:27.0531 2212 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
03:18:27.0533 2212 rdbss - ok
03:18:27.0545 2212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:18:27.0558 2212 rdpbus - ok
03:18:27.0572 2212 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:18:27.0582 2212 RDPCDD - ok
03:18:27.0605 2212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:18:27.0607 2212 RDPENCDD - ok
03:18:27.0620 2212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:18:27.0634 2212 RDPREFMP - ok
03:18:27.0652 2212 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
03:18:27.0663 2212 RDPWD - ok
03:18:27.0737 2212 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
03:18:27.0739 2212 rdyboost - ok
03:18:27.0777 2212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:18:27.0791 2212 rspndr - ok
03:18:27.0819 2212 sbapifs (a0bb2fb6749e357d4342e1eabaaea79e) C:\Windows\system32\DRIVERS\sbapifs.sys
03:18:27.0821 2212 sbapifs - ok
03:18:27.0877 2212 SbFw (86611af933b69798b580576adad2cea5) C:\Windows\system32\drivers\SbFw.sys
03:18:27.0892 2212 SbFw - ok
03:18:27.0909 2212 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
03:18:27.0918 2212 SBFWIMCL - ok
03:18:27.0936 2212 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
03:18:27.0937 2212 SBFWIMCLMP - ok
03:18:27.0962 2212 sbhips (2b5798dcb705eed80231d37688788e09) C:\Windows\system32\drivers\sbhips.sys
03:18:27.0973 2212 sbhips - ok
03:18:27.0995 2212 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
03:18:28.0004 2212 sbp2port - ok
03:18:28.0024 2212 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
03:18:28.0036 2212 SBRE - ok
03:18:28.0067 2212 sbwtis (e94334aad501bb93275c0bcd92ddd3a6) C:\Windows\system32\DRIVERS\sbwtis.sys
03:18:28.0078 2212 sbwtis - ok
03:18:28.0094 2212 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
03:18:28.0102 2212 scfilter - ok
03:18:28.0177 2212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:18:28.0189 2212 secdrv - ok
03:18:28.0240 2212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:18:28.0253 2212 Serenum - ok
03:18:28.0269 2212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:18:28.0273 2212 Serial - ok
03:18:28.0280 2212 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:18:28.0290 2212 sermouse - ok
03:18:28.0311 2212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
03:18:28.0322 2212 sffdisk - ok
03:18:28.0334 2212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:18:28.0336 2212 sffp_mmc - ok
03:18:28.0345 2212 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:18:28.0348 2212 sffp_sd - ok
03:18:28.0357 2212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:18:28.0369 2212 sfloppy - ok
03:18:28.0384 2212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
03:18:28.0393 2212 sisagp - ok
03:18:28.0416 2212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:18:28.0428 2212 SiSRaid2 - ok
03:18:28.0438 2212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:18:28.0449 2212 SiSRaid4 - ok
03:18:28.0475 2212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:18:28.0484 2212 Smb - ok
03:18:28.0509 2212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:18:28.0510 2212 spldr - ok
03:18:28.0545 2212 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
03:18:28.0548 2212 srv - ok
03:18:28.0583 2212 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
03:18:28.0587 2212 srv2 - ok
03:18:28.0620 2212 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
03:18:28.0622 2212 srvnet - ok
03:18:28.0638 2212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:18:28.0648 2212 stexstor - ok
03:18:28.0718 2212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
03:18:28.0733 2212 swenum - ok
03:18:28.0823 2212 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
03:18:28.0848 2212 Tcpip - ok
03:18:28.0877 2212 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
03:18:28.0883 2212 TCPIP6 - ok
03:18:28.0892 2212 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
03:18:28.0905 2212 tcpipreg - ok
03:18:28.0919 2212 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
03:18:28.0930 2212 TDPIPE - ok
03:18:28.0943 2212 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
03:18:28.0946 2212 TDTCP - ok
03:18:28.0959 2212 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
03:18:28.0972 2212 tdx - ok
03:18:28.0979 2212 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
03:18:28.0991 2212 TermDD - ok
03:18:29.0020 2212 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
03:18:29.0028 2212 TPM - ok
03:18:29.0054 2212 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:18:29.0062 2212 tssecsrv - ok
03:18:29.0090 2212 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
03:18:29.0100 2212 tunnel - ok
03:18:29.0114 2212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:18:29.0116 2212 uagp35 - ok
03:18:29.0179 2212 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
03:18:29.0193 2212 udfs - ok
03:18:29.0232 2212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
03:18:29.0241 2212 uliagpkx - ok
03:18:29.0260 2212 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
03:18:29.0274 2212 umbus - ok
03:18:29.0288 2212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:18:29.0294 2212 UmPass - ok
03:18:29.0304 2212 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
03:18:29.0308 2212 usbccgp - ok
03:18:29.0321 2212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
03:18:29.0330 2212 usbcir - ok
03:18:29.0337 2212 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
03:18:29.0345 2212 usbehci - ok
03:18:29.0367 2212 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
03:18:29.0382 2212 usbhub - ok
03:18:29.0398 2212 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
03:18:29.0409 2212 usbohci - ok
03:18:29.0421 2212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:18:29.0430 2212 usbprint - ok
03:18:29.0438 2212 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:18:29.0439 2212 USBSTOR - ok
03:18:29.0446 2212 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
03:18:29.0451 2212 usbuhci - ok
03:18:29.0461 2212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
03:18:29.0462 2212 vdrvroot - ok
03:18:29.0481 2212 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:18:29.0490 2212 vga - ok
03:18:29.0507 2212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:18:29.0517 2212 VgaSave - ok
03:18:29.0533 2212 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
03:18:29.0541 2212 vhdmp - ok
03:18:29.0614 2212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
03:18:29.0623 2212 viaagp - ok
03:18:29.0661 2212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:18:29.0670 2212 ViaC7 - ok
03:18:29.0678 2212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
03:18:29.0694 2212 viaide - ok
03:18:29.0713 2212 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
03:18:29.0715 2212 volmgr - ok
03:18:29.0728 2212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:18:29.0732 2212 volmgrx - ok
03:18:29.0742 2212 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
03:18:29.0744 2212 volsnap - ok
03:18:29.0760 2212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:18:29.0776 2212 vsmraid - ok
03:18:29.0792 2212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
03:18:29.0803 2212 vwifibus - ok
03:18:29.0822 2212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:18:29.0824 2212 WacomPen - ok
03:18:29.0839 2212 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:29.0854 2212 WANARP - ok
03:18:29.0856 2212 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:29.0857 2212 Wanarpv6 - ok
03:18:29.0879 2212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:18:29.0893 2212 Wd - ok
03:18:29.0904 2212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:18:29.0908 2212 Wdf01000 - ok
03:18:29.0945 2212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:18:29.0958 2212 WfpLwf - ok
03:18:29.0971 2212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:18:29.0979 2212 WIMMount - ok
03:18:30.0032 2212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:18:30.0042 2212 WmiAcpi - ok
03:18:30.0085 2212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:18:30.0098 2212 ws2ifsl - ok
03:18:30.0152 2212 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
03:18:30.0161 2212 WudfPf - ok
03:18:30.0218 2212 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:18:30.0230 2212 WUDFRd - ok
03:18:30.0249 2212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:18:30.0253 2212 \Device\Harddisk0\DR0 - ok
03:18:30.0256 2212 Boot (0x1200) (5784ea73d8c11baaca0d28a0570a952b) \Device\Harddisk0\DR0\Partition0
03:18:30.0257 2212 \Device\Harddisk0\DR0\Partition0 - ok
03:18:30.0258 2212 ============================================================
03:18:30.0258 2212 Scan finished
03:18:30.0258 2212 ============================================================
03:18:30.0267 4524 Detected object count: 0
03:18:30.0267 4524 Actual detected object count: 0
03:19:04.0593 4416 Deinitialize success

here's the MBRCheck log. it didn't offer to fix anything.
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 190):
0x8280B000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1B000 \SystemRoot\system32\halmacpi.dll
0x80BD2000 \SystemRoot\system32\kdcom.dll
0x82E3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82EB7000 \SystemRoot\system32\PSHED.dll
0x82EC8000 \SystemRoot\system32\BOOTVID.dll
0x82ED0000 \SystemRoot\system32\CLFS.SYS
0x82F12000 \SystemRoot\system32\CI.dll
0x8AA1C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA8D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA9B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AAE3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AAEC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AAF4000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AB1E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AB29000 \SystemRoot\System32\drivers\partmgr.sys
0x8AB3A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AB4A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB95000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8AB9C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8ABAA000 \SystemRoot\System32\drivers\mountmgr.sys
0x8ABC0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8ABC9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8ABEC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x82FBD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AA00000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC1C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD4B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AD76000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD89000 \SystemRoot\System32\Drivers\cng.sys
0x8ADE6000 \SystemRoot\System32\drivers\pcw.sys
0x8ADF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AE10000 \SystemRoot\system32\drivers\ndis.sys
0x8AEC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AF05000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B026000 \SystemRoot\System32\drivers\tcpip.sys
0x8B16F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B1A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B1DF000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF2A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B1E7000 \SystemRoot\System32\Drivers\mup.sys
0x8B1F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AF57000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AF89000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AFD3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x82E00000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B01E000 \SystemRoot\System32\Drivers\Null.SYS
0x8AFF2000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AC00000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x8AE00000 \SystemRoot\System32\drivers\vga.sys
0x8FA10000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FA31000 \SystemRoot\System32\drivers\watchdog.sys
0x8FA3E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FA46000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FA4E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FA56000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FA61000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FA6F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FA86000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FA91000 \SystemRoot\system32\drivers\SbFw.sys
0x8FAE4000 \SystemRoot\system32\drivers\afd.sys
0x8FB3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FB70000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FB77000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB96000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBA4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FBB7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90630000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90671000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9067B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90685000 \SystemRoot\System32\drivers\discache.sys
0x90691000 \SystemRoot\System32\Drivers\dfsc.sys
0x906A9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x906B7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9102C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x906D8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91992000 \SystemRoot\System32\drivers\dxgmms1.sys
0x919CB000 \SystemRoot\system32\DRIVERS\e1k6032.sys
0x91000000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9078F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9100B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x907DA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90600000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8FBC7000 \SystemRoot\system32\DRIVERS\serial.sys
0x9101A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FBE1000 \SystemRoot\system32\drivers\tpm.sys
0x8FBED000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x82E27000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90A0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90A26000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90A31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90A53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90A6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90A82000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90A99000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90AA6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90AB3000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x90AC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90ACB000 \SystemRoot\system32\DRIVERS\ks.sys
0x90AFF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90B0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90B51000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90B62000 \SystemRoot\system32\drivers\HdAudio.sys
0x90BB2000 \SystemRoot\system32\drivers\portcls.sys
0x90BE1000 \SystemRoot\system32\drivers\drmk.sys
0x967A0000 \SystemRoot\System32\win32k.sys
0x90A00000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AFAE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8B011000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AFC4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x919F7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96A2A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96A3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96A52000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96A92000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96600000 \SystemRoot\System32\TSDDD.dll
0x96630000 \SystemRoot\System32\cdd.dll
0x96A9D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96AA8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96ABB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96AC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96ACE000 \SystemRoot\system32\drivers\luafv.sys
0x96AE9000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x96AFB000 \SystemRoot\system32\drivers\WudfPf.sys
0x96B15000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96B20000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96B30000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96B43000 \SystemRoot\system32\drivers\HTTP.sys
0x96BC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96BE1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x96A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98A1B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98A56000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98A89000 \SystemRoot\system32\drivers\peauth.sys
0x98B20000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98B2A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98B4B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98B58000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98BA7000 \SystemRoot\System32\DRIVERS\srv.sys
0x97E3A000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x97E44000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x97E59000 \SystemRoot\system32\DRIVERS\sbwtis.sys
0x97F7D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x97F86000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x96650000 \SystemRoot\System32\ATMFD.DLL
0x97EF2000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A04951-DFEA-4A52-B5DA-A377EF4EB999}\MpKslc85ce3a2.sys
0x97F40000 \SystemRoot\system32\DRIVERS\cmnsusbser.sys
0x97F5A000 \SystemRoot\system32\drivers\modem.sys
0x97EB0000 \??\C:\Users\belize\AppData\Local\Temp\aswMBR.sys
0x77A50000 \Windows\System32\ntdll.dll
0x48490000 \Windows\System32\smss.exe
0x77C90000 \Windows\System32\apisetschema.dll
0x004C0000 \Windows\System32\autochk.exe
0x778B0000 \Windows\System32\setupapi.dll
0x776F0000 \Windows\System32\iertutil.dll
0x77C20000 \Windows\System32\difxapi.dll
0x77BF0000 \Windows\System32\imagehlp.dll
0x77660000 \Windows\System32\clbcatq.dll
0x76A10000 \Windows\System32\shell32.dll
0x76970000 \Windows\System32\advapi32.dll
0x77BA0000 \Windows\System32\gdi32.dll
0x768C0000 \Windows\System32\rpcrt4.dll
0x76880000 \Windows\System32\ws2_32.dll
0x76760000 \Windows\System32\wininet.dll
0x77B90000 \Windows\System32\lpk.dll
0x76680000 \Windows\System32\kernel32.dll
0x765D0000 \Windows\System32\msvcrt.dll
0x765B0000 \Windows\System32\imm32.dll
0x76510000 \Windows\System32\usp10.dll
0x763B0000 \Windows\System32\ole32.dll
0x763A0000 \Windows\System32\normaliz.dll
0x76320000 \Windows\System32\comdlg32.dll
0x76310000 \Windows\System32\psapi.dll
0x76280000 \Windows\System32\oleaut32.dll
0x761B0000 \Windows\System32\msctf.dll
0x760E0000 \Windows\System32\user32.dll
0x760D0000 \Windows\System32\nsi.dll
0x76080000 \Windows\System32\Wldap32.dll
0x76020000 \Windows\System32\shlwapi.dll
0x76000000 \Windows\System32\sechost.dll
0x75EF0000 \Windows\System32\urlmon.dll
0x75ED0000 \Windows\System32\devobj.dll
0x75DB0000 \Windows\System32\crypt32.dll
0x75D20000 \Windows\System32\comctl32.dll
0x75CF0000 \Windows\System32\cfgmgr32.dll
0x75CC0000 \Windows\System32\wintrust.dll
0x75C70000 \Windows\System32\KernelBase.dll
0x75C60000 \Windows\System32\msasn1.dll

Processes (total 46):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
360 csrss.exe
448 C:\Windows\System32\wininit.exe
460 csrss.exe
496 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\svchost.exe
852 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
916 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\spoolsv.exe
1348 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\ChgService.exe
1488 C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
1816 C:\Windows\System32\svchost.exe
576 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
380 C:\Windows\System32\taskhost.exe
2008 C:\Windows\System32\dwm.exe
2036 C:\Windows\explorer.exe
2188 C:\Program Files\Microsoft Security Client\msseces.exe
2216 C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
3932 C:\Windows\System32\svchost.exe
832 C:\Program Files\Mozilla Firefox\firefox.exe
2388 C:\Program Files\GFI Software\VIPRE\sbamui.exe
3260 C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
4004 C:\Program Files\Windows Media Player\wmplayer.exe
3740 C:\Windows\System32\audiodg.exe
3808 C:\Program Files\Mozilla Firefox\plugin-container.exe
1544 C:\Windows\System32\taskmgr.exe
4476 C:\Program Files\Windows NT\Accessories\wordpad.exe
4292 C:\Windows\System32\SearchIndexer.exe
2356 C:\Windows\System32\notepad.exe
1752 C:\Program Files\Zoom 7.2M Tri-band Modem\USB Modem.exe
2072 C:\Program Files\Windows Media Player\wmpnetwk.exe
612 C:\Windows\explorer.exe
4580 C:\Users\belize\Desktop\MBRCheck.exe
4848 C:\Windows\System32\conhost.exe
5192 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1500HLFS-01G6U0, Rev: 04.04V01

Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

have never seen london tho many stories i've read have it as a background. here in belize, not sure what it takes to get people 'busy'. pretty slow paced.

thanks,
bob

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 22 December 2011 - 08:37 PM

I guess I've lived here too long but I find it a too busy area, overpriced with really deprived areas along with the rich and affluent parts. Some parts are lovely but a nasty underclass seems to be developing which makes me want to up and leave ASAP. Certainly not slow paced, I wish.


There's nothing wrong with your MBR, which is good news.

Can you please run MBAM, this will see if anything else appeared with the rootkit

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 23 December 2011 - 07:53 AM

hi m0le,

the malwarebytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122304

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

12/23/2011 6:45:03 AM
mbam-log-2011-12-23 (06-45-03).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 926430
Time elapsed: 4 hour(s), 55 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

urrrr, doesn't seem to show anything untoward. maybe i'm just paranoid? computers are wonderful when they run right, but ...

we never lived in the heart of a really big city. we were in the suburbs of houston, texas for a while but it just sprawls over like 400 square miles and never felt fast paced. being born and raised a country boy, the urban life is just something i avoid whenever possible.

thanks for your time on this and take care,
bob

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 23 December 2011 - 08:43 PM

Let's check the MBR offline

Try this please. You will also need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#13 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 24 December 2011 - 05:33 AM

Hi m0le,

well, that's quite a course of action. will need to get a usb stick, a cd and make a trip to an internet cafe kind of place (we only have one functioning computer here at the apartment) to accomplish all those things. don't know how long that will take especially since it is around xmas time and i'll need to shop around a bit since funding is very limited. the computer is set up to boot from a cd so at least that part will be easy.

is there a lower limit on what size usb stick needed? no use buying a 1Mb thing if we need 2Gb.

thanks,
bob

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:54 AM

Posted 25 December 2011 - 09:08 PM

You can buy a low memory usb, the Dumpit program is 86k and we're not likely to be using any others so 256k would do for this action.

There are other ways to get the offline dump but they all involve a USB drive, I'm afraid
Posted Image
m0le is a proud member of UNITE

#15 wrdsmth

wrdsmth
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 26 December 2011 - 08:52 AM

ok, let me see what i can come up with here in belize. not the most tech happy part of the world. we may not get into town for a couple of days yet but hope to be able to get this squared away then. although living here is a lot less expensive than in the states, living on a small fixed income is still a challenge.

thanks,
bob




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users