Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I am infected


  • Please log in to reply
21 replies to this topic

#1 mrallyn

mrallyn

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 December 2011 - 04:38 AM

Good Morning. I believe I am infected and have been for some time. I have a blank desktop and all of my start-up programs and shortcuts are gone. I have to search for my desktop to find my documents or to do anything. When I go online, I have to search for my internet explorer and firefox. Everything is running extremely slow. When I do a ctrl alt delete, it says cpu 100%. What can I do?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 23 December 2011 - 12:26 AM

Welcome aboard Posted Image

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 23 December 2011 - 06:13 PM

Yes. Thank you it brought back my desktop. It is still running slow but I appreciate the quick reply. Have a great holiday.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 23 December 2011 - 06:19 PM

Well, we'll have to run some more scans.
It didn't happen for no reason.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 09:51 AM

Good Morning.

Here are the results from securitycheck.exe

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

#6 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 10:00 AM

Here are the results (lenghthy) from minibox.

MiniToolBox by Farbar
Ran by Uncle (administrator) on 04-01-2012 at 08:53:11
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 49980
"network.proxy.type", 2
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
Atheros AR5005G Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-684c9a655d

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR5005G Wireless Network Adapter

Physical Address. . . . . . . . . : 00-16-CE-42-E0-5D



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0A-E4-FB-5B-B8

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 ce 42 e0 5d ...... Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport
0x3 ...00 0a e4 fb 5b b8 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2012 04:29:33 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:28:48 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:28:41 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:27:56 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:27:23 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:26:10 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:23:34 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:22:08 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/04/2012 04:20:31 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x001f1098.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/02/2012 03:35:08 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher


System errors:
=============
Error: (01/04/2012 08:19:28 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016CE42E05D. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (01/03/2012 03:38:56 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (01/03/2012 00:01:54 AM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (01/02/2012 02:46:30 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (01/02/2012 07:54:27 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (01/02/2012 07:31:56 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016CE42E05D. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (01/01/2012 08:47:30 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/01/2012 01:16:47 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Error: (01/01/2012 01:16:13 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.16.1.33 on the
Network Card with network address 0016CE42E05D.

Error: (12/31/2011 07:34:40 PM) (Source: Service Control Manager) (User: )
Description: The WebClient service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/04/2012 04:29:33 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:28:48 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:28:41 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:27:56 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:27:23 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:26:10 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:23:34 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:22:08 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/04/2012 04:20:31 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18928001f1098

Error: (01/02/2012 03:35:08 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher


=========================== Installed Programs ============================

Acer eDataSecurity Management (Version: 1.00.26)
Acer eDataSecurity Management 1.00.26 (Version: 1.00.26)
Acer eLock Management (Version: 1.7.9.21)
Acer Empowering Technology framework (Version: 2.1.21.41)
Acer ePerformance Management (Version: 1.0.10.21)
Acer ePower Management (Version: 1.6.8.280)
Acer ePresentation Management (Version: 1.1.4.819)
Acer eSettings Management (Version: 1.2.20.35)
Acer GridVista (Version: 2.29.0728)
Adobe Download Manager (Version: 1.6.2.99)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 7.0 (Version: 7.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.65)
HiJackThis (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4384)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Launch Manager V1.1.0.1
Lexmark Supplies Monitor
Lexmark Z23-Z33
LiveUpdate 2.7 (Symantec Corporation) (Version: 2.7.39.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.01)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
Norton PC Checkup (Version: 2.0.8.13)
NTI Backup NOW! 4 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
PowerProducer
Realtek AC'97 Audio
Soft Data Fax Modem with SmartCP
SoftV90 Data Fax Modem with SmartCP
swMSM (Version: 12.0.0.1)
The Print Shop® 6.0 Deluxe
Trend Micro Titanium Maximum Security (Version: 3.1.1109)
Trend Micro™ Titanium™ Maximum Security (Version: 3.00)
Ulead Photo Express 4.0 My Custom Edition
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Hotfix - KB885884 (Version: 20040924.025457)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 502.4 MB
Available physical RAM: 214.97 MB
Total Pagefile: 1226.14 MB
Available Pagefile: 818.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.36 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:37.24 GB) (Free:16.54 GB) FAT32

========================= Users: ========================================

User accounts for \\ACER-684C9A655D

Administrator Cynt Guest
HelpAssistant SUPPORT_388945a0 Uncle
Z


**** End of log ****

#7 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 11:03 AM

Here are the results from MBAM:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.01

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 8.0.6001.18702
Uncle :: ACER-684C9A655D [administrator]

Protection: Enabled

1/4/2012 9:21:57 AM
mbam-log-2012-01-04 (09-21-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225785
Time elapsed: 36 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\DOCUME~1\Uncle\LOCALS~1\Temp\csrss.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conhost (Trojan.Agent) -> Data: C:\Documents and Settings\Uncle\Application Data\Microsoft\conhost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 04 January 2012 - 11:38 AM

..and GMER....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 11:53 AM

Here are the GMER results: (Sorry had to reboot and turn everything back on)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 10:42:15
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS421240H9AT00 rev.HACOA70G
Running: 321kipyk[1].exe; Driver: C:\DOCUME~1\Uncle\LOCALS~1\Temp\awriqkoc.sys


---- System - GMER 1.0.15 ----

SSDT 829DF740 ZwCreateKey
SSDT 82C794C0 ZwCreateMutant
SSDT 829DE540 ZwCreateProcess
SSDT 829DE840 ZwCreateProcessEx
SSDT 82C79880 ZwCreateSymbolicLinkObject
SSDT 82C79020 ZwCreateThread
SSDT 829DFD40 ZwDeleteKey
SSDT 829E0640 ZwDeleteValueKey
SSDT 82C79A60 ZwDuplicateObject
SSDT 82C791C0 ZwLoadDriver
SSDT 829DEB40 ZwOpenProcess
SSDT 829E0C20 ZwOpenSection
SSDT 829DEE40 ZwOpenThread
SSDT 829E0040 ZwRenameKey
SSDT 829E0340 ZwRestoreKey
SSDT 82C796A0 ZwSetSystemInformation
SSDT 829DFA40 ZwSetValueKey
SSDT 829DF140 ZwTerminateProcess
SSDT 829DF440 ZwTerminateThread
SSDT 829E0E00 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket F8C43345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket F8C4334D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket F8C43353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket F8C43371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 F8C4338E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A F8C433A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 F8C433CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C F8C433D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 F8C433EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D F8C4348D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D F8C4348D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C F8C434DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 F8C434F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + AD F8C4350D 39 Bytes CALL F8C4346D \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 F8C43F4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 F8C4401C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F8C4401F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F8C4401F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B F8C44087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 5F F8C44211 15 Bytes [02, 00, 00, 6A, 64, 8D, 45, ...]
? ufaeoqq.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\mbam.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C3AD30
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C3A800
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C3A930
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00C3ADA0
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C3A860
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C3AB00
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 010D7A93
.text C:\Program Files\Internet Explorer\iexplore.exe[3048] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 010D7C9E

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [F8C435DF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [F8C435E9] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [F8C43619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [F8C4360D] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [F8C435F3] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [F8C43625] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [F8C435FF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [F8C43631] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F8C43619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!WRITE_REGISTER_UCHAR] 6C6C642E
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!READ_REGISTER_UCHAR] 8B550000
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!HalPrivateDispatchTable] 835151EC
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KeFindConfigurationEntry] 8300F865
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!InbvDisplayString] 8A000C7D
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KdDebuggerNotPresent] 00010081
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!_strupr] 01918A00
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!strstr] 0F000001
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!MmMapIoSpace] 00008386
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!atol] 57565300
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 00000000
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 2E6C6168

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Threads - GMER 1.0.15 ----

Thread System [4:112] 833300B3
Thread System [4:124] 833317FB

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 04 January 2012 - 11:55 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 12:18 PM

I can not download the TDS Skiller. First the link took me to a website and everything was scribble. I exited out of it and clicked it again and it kept redirecting me to another website. When I exited those sites, I clicked your link again and it took me to kaspersky.com. I exited out of that one and clicked your link again... this time a file download box... I clicked to run... I get an error message...c:\Documents and Settings\Uncle\Local settings\Temporary Internet Files\Content.IE5\1S904J0O\tdskiller[1}.exe is not a valid Win 32 application.

#12 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 12:22 PM

I exited out of everything and logged back on and got it to download. Will post results when completed.

#13 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 12:49 PM

I really do have a [bleeping]computer - 4real!!!! I really do appreciate your patience and help. Thank you.

Had to reboot. Can not get to bleepingcomputer from my search. Upon reboot - Keep getting error messages to send to ms or my iexplorer shut off completely; also Malwarebytes error message - [OpenEvent] Failed to perform desired action. Error Code:2

Here is the TDSSKiller log:

11:20:33.0250 2556 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:20:33.0843 2556 ============================================================
11:20:33.0843 2556 Current date / time: 2012/01/04 11:20:33.0843
11:20:33.0843 2556 SystemInfo:
11:20:33.0843 2556
11:20:33.0843 2556 OS Version: 5.1.2600 ServicePack: 2.0
11:20:33.0843 2556 Product type: Workstation
11:20:33.0843 2556 ComputerName: ACER-684C9A655D
11:20:33.0843 2556 UserName: Uncle
11:20:33.0843 2556 Windows directory: C:\WINDOWS
11:20:33.0843 2556 System windows directory: C:\WINDOWS
11:20:33.0843 2556 Processor architecture: Intel x86
11:20:33.0843 2556 Number of processors: 1
11:20:33.0843 2556 Page size: 0x1000
11:20:33.0843 2556 Boot type: Normal boot
11:20:33.0843 2556 ============================================================
11:20:35.0406 2556 Initialize success
11:22:26.0562 3892 ============================================================
11:22:26.0562 3892 Scan started
11:22:26.0562 3892 Mode: Manual;
11:22:26.0562 3892 ============================================================
11:22:27.0375 3892 Abiosdsk - ok
11:22:27.0718 3892 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:22:27.0718 3892 abp480n5 - ok
11:22:27.0968 3892 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:27.0968 3892 ACPI - ok
11:22:28.0156 3892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:22:28.0156 3892 ACPIEC - ok
11:22:28.0375 3892 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:22:28.0390 3892 adpu160m - ok
11:22:28.0671 3892 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
11:22:28.0671 3892 aec - ok
11:22:28.0984 3892 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
11:22:28.0984 3892 AFD - ok
11:22:29.0218 3892 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:22:29.0218 3892 agp440 - ok
11:22:29.0406 3892 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:22:29.0406 3892 agpCPQ - ok
11:22:29.0531 3892 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:22:29.0546 3892 Aha154x - ok
11:22:29.0687 3892 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:22:29.0703 3892 aic78u2 - ok
11:22:29.0875 3892 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:22:29.0875 3892 aic78xx - ok
11:22:30.0343 3892 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:22:30.0671 3892 ALCXWDM - ok
11:22:30.0937 3892 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:22:30.0937 3892 AliIde - ok
11:22:31.0203 3892 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:22:31.0203 3892 alim1541 - ok
11:22:31.0484 3892 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:22:31.0484 3892 amdagp - ok
11:22:31.0765 3892 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:22:31.0765 3892 amsint - ok
11:22:32.0093 3892 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
11:22:32.0093 3892 AR5211 - ok
11:22:32.0296 3892 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:22:32.0296 3892 Arp1394 - ok
11:22:32.0484 3892 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:22:32.0484 3892 asc - ok
11:22:32.0671 3892 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:22:32.0687 3892 asc3350p - ok
11:22:32.0890 3892 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:22:32.0890 3892 asc3550 - ok
11:22:33.0031 3892 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:22:33.0046 3892 AsyncMac - ok
11:22:33.0312 3892 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:22:33.0312 3892 atapi - ok
11:22:33.0609 3892 Atdisk - ok
11:22:33.0718 3892 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:22:33.0718 3892 Atmarpc - ok
11:22:33.0953 3892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:22:33.0953 3892 audstub - ok
11:22:34.0218 3892 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:22:34.0375 3892 BCM43XX - ok
11:22:34.0546 3892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:22:34.0546 3892 Beep - ok
11:22:34.0796 3892 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:22:34.0796 3892 cbidf - ok
11:22:35.0046 3892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:22:35.0046 3892 cbidf2k - ok
11:22:35.0296 3892 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:22:35.0312 3892 cd20xrnt - ok
11:22:35.0484 3892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:22:35.0484 3892 Cdaudio - ok
11:22:35.0593 3892 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
11:22:35.0593 3892 Cdfs - ok
11:22:35.0937 3892 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:22:35.0937 3892 Cdrom - ok
11:22:36.0171 3892 Changer - ok
11:22:36.0328 3892 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:22:36.0328 3892 CmBatt - ok
11:22:36.0562 3892 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:22:36.0562 3892 CmdIde - ok
11:22:36.0734 3892 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:22:36.0734 3892 Compbatt - ok
11:22:37.0031 3892 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:22:37.0031 3892 Cpqarray - ok
11:22:37.0312 3892 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:22:37.0328 3892 dac2w2k - ok
11:22:37.0609 3892 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:22:37.0609 3892 dac960nt - ok
11:22:37.0921 3892 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
11:22:37.0921 3892 Disk - ok
11:22:38.0156 3892 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
11:22:38.0171 3892 dmboot - ok
11:22:38.0343 3892 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
11:22:38.0359 3892 dmio - ok
11:22:38.0500 3892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:22:38.0500 3892 dmload - ok
11:22:38.0750 3892 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
11:22:38.0765 3892 DMusic - ok
11:22:39.0031 3892 dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:22:39.0046 3892 dot4 - ok
11:22:39.0343 3892 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:22:39.0343 3892 Dot4Print - ok
11:22:39.0765 3892 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
11:22:39.0765 3892 Dot4Scan - ok
11:22:40.0109 3892 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:22:40.0109 3892 dot4usb - ok
11:22:40.0359 3892 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:22:40.0359 3892 dpti2o - ok
11:22:40.0656 3892 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
11:22:40.0671 3892 drmkaud - ok
11:22:41.0046 3892 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
11:22:41.0093 3892 EpmPsd - ok
11:22:41.0390 3892 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
11:22:41.0484 3892 EpmShd - ok
11:22:41.0750 3892 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
11:22:41.0765 3892 Fastfat - ok
11:22:41.0968 3892 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
11:22:41.0984 3892 Fdc - ok
11:22:42.0203 3892 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
11:22:42.0203 3892 FETNDIS - ok
11:22:42.0296 3892 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
11:22:42.0312 3892 Fips - ok
11:22:42.0468 3892 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:22:42.0468 3892 Flpydisk - ok
11:22:42.0750 3892 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:22:42.0750 3892 FltMgr - ok
11:22:42.0890 3892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:22:42.0890 3892 Fs_Rec - ok
11:22:43.0078 3892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:22:43.0078 3892 Ftdisk - ok
11:22:43.0250 3892 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:22:43.0265 3892 gagp30kx - ok
11:22:43.0375 3892 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:22:43.0390 3892 Gpc - ok
11:22:43.0640 3892 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:22:43.0656 3892 HidUsb - ok
11:22:44.0031 3892 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
11:22:44.0093 3892 Hotkey - ok
11:22:44.0328 3892 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:22:44.0328 3892 hpn - ok
11:22:44.0718 3892 HSFHWICH (9e99aad9cfea338cef2eb6bcf2d9b524) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:22:44.0734 3892 HSFHWICH - ok
11:22:45.0062 3892 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:22:45.0093 3892 HSF_DP - ok
11:22:45.0546 3892 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:22:45.0578 3892 HSF_DPV - ok
11:22:45.0937 3892 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
11:22:45.0953 3892 HTTP - ok
11:22:46.0218 3892 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:22:46.0218 3892 i2omgmt - ok
11:22:46.0437 3892 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:22:46.0437 3892 i2omp - ok
11:22:46.0671 3892 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:22:46.0671 3892 i8042prt - ok
11:22:47.0093 3892 ialm (afa7c99d211a2aff21a287bc4264cde6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:22:47.0125 3892 ialm - ok
11:22:47.0328 3892 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:22:47.0328 3892 Imapi - ok
11:22:47.0531 3892 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:22:47.0531 3892 ini910u - ok
11:22:47.0656 3892 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:22:47.0656 3892 IntelIde - ok
11:22:47.0875 3892 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:22:47.0875 3892 intelppm - ok
11:22:48.0000 3892 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:22:48.0000 3892 Ip6Fw - ok
11:22:48.0109 3892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:22:48.0109 3892 IpFilterDriver - ok
11:22:48.0234 3892 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:22:48.0234 3892 IpInIp - ok
11:22:48.0437 3892 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:22:48.0437 3892 IpNat - ok
11:22:48.0656 3892 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:22:48.0656 3892 IPSec - ok
11:22:48.0875 3892 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:22:48.0875 3892 IRENUM - ok
11:22:49.0078 3892 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:22:49.0078 3892 isapnp - ok
11:22:49.0359 3892 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:22:49.0359 3892 Kbdclass - ok
11:22:49.0671 3892 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
11:22:49.0671 3892 kmixer - ok
11:22:49.0968 3892 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
11:22:49.0984 3892 KSecDD - ok
11:22:50.0250 3892 lbrtfdc - ok
11:22:50.0437 3892 mailKmd - ok
11:22:50.0609 3892 MBAMProtector - ok
11:22:50.0828 3892 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:22:50.0828 3892 mdmxsdk - ok
11:22:50.0953 3892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:22:50.0953 3892 mnmdd - ok
11:22:51.0109 3892 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
11:22:51.0109 3892 Modem - ok
11:22:51.0375 3892 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:22:51.0375 3892 Mouclass - ok
11:22:51.0562 3892 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
11:22:51.0562 3892 MountMgr - ok
11:22:51.0828 3892 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:22:51.0828 3892 mraid35x - ok
11:22:52.0015 3892 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:22:52.0015 3892 MRxDAV - ok
11:22:52.0437 3892 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:22:52.0453 3892 MRxSmb - ok
11:22:52.0656 3892 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
11:22:52.0656 3892 Msfs - ok
11:22:52.0843 3892 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:22:52.0843 3892 MSKSSRV - ok
11:22:53.0015 3892 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:22:53.0031 3892 MSPCLOCK - ok
11:22:53.0187 3892 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
11:22:53.0187 3892 MSPQM - ok
11:22:53.0281 3892 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:22:53.0296 3892 mssmbios - ok
11:22:53.0515 3892 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
11:22:53.0515 3892 Mup - ok
11:22:53.0703 3892 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
11:22:53.0703 3892 NDIS - ok
11:22:53.0984 3892 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
11:22:54.0078 3892 NdisFilt - ok
11:22:54.0234 3892 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:22:54.0234 3892 NdisTapi - ok
11:22:54.0390 3892 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:22:54.0390 3892 Ndisuio - ok
11:22:54.0562 3892 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:22:54.0562 3892 NdisWan - ok
11:22:54.0734 3892 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
11:22:54.0734 3892 NDProxy - ok
11:22:54.0906 3892 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:22:54.0921 3892 NetBIOS - ok
11:22:55.0109 3892 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:22:55.0109 3892 NetBT - ok
11:22:55.0421 3892 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
11:22:55.0515 3892 NETMNT - ok
11:22:55.0703 3892 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:22:55.0703 3892 NIC1394 - ok
11:22:55.0828 3892 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
11:22:55.0828 3892 Npfs - ok
11:22:56.0031 3892 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:22:56.0031 3892 NSCIRDA - ok
11:22:56.0281 3892 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
11:22:56.0296 3892 Ntfs - ok
11:22:56.0609 3892 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
11:22:56.0687 3892 NTIDrvr - ok
11:22:56.0875 3892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:22:56.0875 3892 Null - ok
11:22:57.0031 3892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:22:57.0031 3892 NwlnkFlt - ok
11:22:57.0093 3892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:22:57.0093 3892 NwlnkFwd - ok
11:22:57.0312 3892 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:22:57.0312 3892 ohci1394 - ok
11:22:57.0625 3892 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
11:22:57.0703 3892 OsaFsLoc - ok
11:22:57.0968 3892 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
11:22:58.0015 3892 osaio - ok
11:22:58.0281 3892 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
11:22:58.0312 3892 osanbm - ok
11:22:58.0484 3892 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
11:22:58.0500 3892 Parport - ok
11:22:58.0593 3892 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
11:22:58.0593 3892 PartMgr - ok
11:22:58.0703 3892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:22:58.0703 3892 ParVdm - ok
11:22:58.0968 3892 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
11:22:58.0968 3892 PCI - ok
11:22:59.0234 3892 PCIDump - ok
11:22:59.0437 3892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:22:59.0437 3892 PCIIde - ok
11:22:59.0640 3892 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:22:59.0656 3892 Pcmcia - ok
11:22:59.0921 3892 PDCOMP - ok
11:23:00.0093 3892 PDFRAME - ok
11:23:00.0265 3892 PDRELI - ok
11:23:00.0437 3892 PDRFRAME - ok
11:23:00.0609 3892 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:23:00.0609 3892 perc2 - ok
11:23:00.0750 3892 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:23:00.0750 3892 perc2hib - ok
11:23:00.0953 3892 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
11:23:01.0000 3892 pfc - ok
11:23:01.0203 3892 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:23:01.0203 3892 PptpMiniport - ok
11:23:01.0421 3892 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
11:23:01.0421 3892 Processor - ok
11:23:01.0640 3892 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
11:23:01.0640 3892 PSched - ok
11:23:01.0781 3892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:23:01.0796 3892 Ptilink - ok
11:23:01.0968 3892 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:23:01.0984 3892 ql1080 - ok
11:23:02.0156 3892 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:23:02.0156 3892 Ql10wnt - ok
11:23:02.0281 3892 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:23:02.0281 3892 ql12160 - ok
11:23:02.0484 3892 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:23:02.0484 3892 ql1240 - ok
11:23:02.0656 3892 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:23:02.0656 3892 ql1280 - ok
11:23:02.0718 3892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:23:02.0718 3892 RasAcd - ok
11:23:02.0921 3892 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:23:02.0921 3892 Rasirda - ok
11:23:03.0031 3892 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:23:03.0046 3892 Rasl2tp - ok
11:23:03.0250 3892 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:23:03.0250 3892 RasPppoe - ok
11:23:03.0421 3892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:23:03.0421 3892 Raspti - ok
11:23:03.0609 3892 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:23:03.0609 3892 Rdbss - ok
11:23:03.0781 3892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:23:03.0781 3892 RDPCDD - ok
11:23:04.0000 3892 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:23:04.0000 3892 rdpdr - ok
11:23:04.0234 3892 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
11:23:04.0234 3892 RDPWD - ok
11:23:04.0515 3892 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:23:04.0515 3892 redbook - ok
11:23:04.0828 3892 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
11:23:04.0828 3892 RTL8023xp - ok
11:23:05.0062 3892 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:23:05.0062 3892 Secdrv - ok
11:23:05.0281 3892 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
11:23:05.0281 3892 Serial - ok
11:23:05.0406 3892 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:23:05.0406 3892 Sfloppy - ok
11:23:05.0625 3892 Simbad - ok
11:23:05.0734 3892 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:23:05.0734 3892 sisagp - ok
11:23:05.0953 3892 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:23:05.0953 3892 Sparrow - ok
11:23:06.0218 3892 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
11:23:06.0234 3892 splitter - ok
11:23:06.0484 3892 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
11:23:06.0484 3892 sr - ok
11:23:06.0812 3892 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
11:23:06.0828 3892 Srv - ok
11:23:07.0093 3892 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:23:07.0109 3892 swenum - ok
11:23:07.0328 3892 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
11:23:07.0328 3892 swmidi - ok
11:23:07.0593 3892 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:23:07.0593 3892 symc810 - ok
11:23:07.0984 3892 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:23:07.0984 3892 symc8xx - ok
11:23:08.0250 3892 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:23:08.0250 3892 sym_hi - ok
11:23:08.0515 3892 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:23:08.0515 3892 sym_u3 - ok
11:23:08.0812 3892 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:23:08.0812 3892 SynTP - ok
11:23:09.0078 3892 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
11:23:09.0078 3892 sysaudio - ok
11:23:09.0453 3892 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:23:09.0468 3892 Tcpip - ok
11:23:09.0703 3892 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:23:09.0703 3892 TDPIPE - ok
11:23:09.0890 3892 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
11:23:09.0890 3892 TDTCP - ok
11:23:10.0078 3892 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:23:10.0078 3892 TermDD - ok
11:23:10.0328 3892 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
11:23:10.0328 3892 tmactmon - ok
11:23:10.0578 3892 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
11:23:10.0578 3892 tmcomm - ok
11:23:10.0859 3892 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
11:23:10.0859 3892 tmevtmgr - ok
11:23:11.0093 3892 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
11:23:11.0093 3892 tmtdi - ok
11:23:11.0281 3892 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:23:11.0296 3892 TosIde - ok
11:23:11.0609 3892 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
11:23:11.0656 3892 UBHelper - ok
11:23:11.0859 3892 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
11:23:11.0859 3892 Udfs - ok
11:23:12.0046 3892 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:23:12.0046 3892 ultra - ok
11:23:12.0296 3892 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
11:23:12.0296 3892 Update - ok
11:23:12.0640 3892 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:23:12.0640 3892 usbccgp - ok
11:23:12.0921 3892 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:23:12.0921 3892 usbehci - ok
11:23:13.0187 3892 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:23:13.0203 3892 usbhub - ok
11:23:13.0484 3892 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:23:13.0484 3892 usbprint - ok
11:23:13.0765 3892 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:23:13.0765 3892 usbscan - ok
11:23:13.0984 3892 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:23:13.0984 3892 usbstor - ok
11:23:14.0234 3892 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:23:14.0234 3892 usbuhci - ok
11:23:14.0437 3892 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
11:23:14.0437 3892 VgaSave - ok
11:23:14.0625 3892 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:23:14.0640 3892 viaagp - ok
11:23:14.0906 3892 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:23:14.0906 3892 ViaIde - ok
11:23:15.0093 3892 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
11:23:15.0093 3892 VolSnap - ok
11:23:15.0312 3892 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:23:15.0312 3892 Wanarp - ok
11:23:15.0515 3892 Wbutton - ok
11:23:15.0703 3892 WDICA - ok
11:23:15.0906 3892 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
11:23:15.0906 3892 wdmaud - ok
11:23:16.0234 3892 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:23:16.0250 3892 winachsf - ok
11:23:16.0546 3892 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:23:16.0546 3892 WmiAcpi - ok
11:23:16.0640 3892 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
11:23:16.0656 3892 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
11:23:16.0656 3892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
11:23:16.0671 3892 Boot (0x1200) (ba2db0cbf04bb9dacc292677c5017b52) \Device\Harddisk0\DR0\Partition0
11:23:16.0671 3892 \Device\Harddisk0\DR0\Partition0 - ok
11:23:16.0687 3892 ============================================================
11:23:16.0687 3892 Scan finished
11:23:16.0687 3892 ============================================================
11:23:16.0703 2824 Detected object count: 1
11:23:16.0703 2824 Actual detected object count: 1
11:24:03.0046 2824 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
11:24:03.0046 2824 \Device\Harddisk0\DR0 - ok
11:24:03.0046 2824 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
11:28:36.0187 3936 Deinitialize success

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 04 January 2012 - 01:06 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 mrallyn

mrallyn
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 January 2012 - 06:19 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 14:50:00
-----------------------------
14:50:00.062 OS Version: Windows 5.1.2600 Service Pack 2
14:50:00.062 Number of processors: 1 586 0xD08
14:50:00.062 ComputerName: ACER-684C9A655D UserName: Uncle
14:50:01.015 Initialize success
15:23:21.609 AVAST engine defs: 12010401
17:01:58.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:01:58.078 Disk 0 Vendor: HTS421240H9AT00 HACOA70G Size: 38154MB BusType: 3
17:01:58.109 Disk 0 MBR read successfully
17:01:58.109 Disk 0 MBR scan
17:01:58.265 Disk 0 Windows XP default MBR code
17:01:58.281 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 38146 MB offset 63
17:01:58.328 Disk 0 scanning sectors +78124095
17:01:58.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:02:33.593 Service scanning
17:02:35.703 Modules scanning
17:02:51.593 Disk 0 trace - called modules:
17:02:51.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:02:51.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8336e6f0]
17:02:51.625 3 CLASSPNP.SYS[f882405b] -> nt!IofCallDriver -> \Device\0000009e[0x833e2ae8]
17:02:51.625 5 ACPI.sys[f86fa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x833e3b58]
17:02:52.281 AVAST engine scan C:\WINDOWS
17:03:18.015 AVAST engine scan C:\WINDOWS\system32
17:07:25.484 AVAST engine scan C:\WINDOWS\system32\drivers
17:07:48.875 AVAST engine scan C:\Documents and Settings\Uncle
17:15:36.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Uncle\Desktop\MBR.dat"
17:15:36.671 The log file has been saved successfully to "C:\Documents and Settings\Uncle\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users