Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 9newstoday.net Google redirect


  • This topic is locked This topic is locked
68 replies to this topic

#1 Andrew12

Andrew12

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 14 January 2012 - 10:48 AM

The other day I became infected with the Vista Antispyware 2012 malware while connected to my work network. I went through the steps to remove that from my computer using the posting here on the forum, but I still am plagued by popups and Google redirects that lead first to 9newstoday.net and then to other sites that I don't want to visit. It seems to be a transient problem, because after running the steps to remove Vista Antispyware 2012 it went away, but returned several times afterwards on all the user profiles on my computer, not just my work profile. I have run both a full Malwarebytes scan and a full McAfee Security Center 11 virus scan, and neither one detected any infections. Can you please help me figure out if my system is still infected and how to remove the infection?

I have attached the relevant files below. These were generated last night after my last usage of the computer.

Thanks,
Andrew

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Andrew work at 17:42:38 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.795 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081114
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120101235802.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\andrew~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 199.242.236.1 199.242.237.1
TCP: Interfaces\{0B8C9B7E-DB96-4EB3-91A0-8C91F8352669} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DB2A8038-9238-484B-B47B-C339697BD059} : DhcpNameServer = 199.242.236.1 199.242.237.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrew work\appdata\roaming\mozilla\firefox\profiles\eatw8728.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.utsouthwestern.net/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-13 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-5 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 165680]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2009-10-10 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-16 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 150856]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 57600]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-13 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-13 180816]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 338176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 214904]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-13 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-13 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-13 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-13 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-13 22:22:36 -------- d-s---w- C:\ComboFix
2012-01-13 22:18:19 208896 ----a-w- c:\windows\MBR.exe
2012-01-13 22:18:16 256000 ----a-w- c:\windows\PEV.exe
2012-01-13 22:18:15 98816 ----a-w- c:\windows\sed.exe
2012-01-13 22:18:15 518144 ----a-w- c:\windows\SWREG.exe
2012-01-12 15:23:44 -------- d-----w- c:\users\andrew work\appdata\roaming\Malwarebytes
2012-01-12 03:44:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 03:44:07 -------- d-----w- c:\programdata\Malwarebytes
2012-01-12 03:44:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-11 23:09:42 -------- d-----w- c:\users\andrew work\appdata\local\DNASTAR
2012-01-11 23:09:10 -------- d-----w- c:\users\andrew work\DNASTAR
2012-01-11 23:05:13 -------- d-----w- c:\programdata\InstallMate
2012-01-11 23:03:56 90112 ----a-w- c:\windows\unvise32.exe
2012-01-11 22:59:54 -------- d-----w- c:\programdata\DNASTAR
2012-01-11 22:59:46 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-01-11 22:59:44 -------- d-----w- c:\program files\DNASTAR
2012-01-11 22:50:37 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-10 18:30:56 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-10 18:30:55 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-10 18:30:52 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 18:30:49 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-10 18:30:47 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-10 18:30:45 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-10 18:30:41 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 18:30:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-07 07:58:15 -------- d-----r- c:\program files\Skype
2012-01-06 15:48:47 -------- d-----w- c:\users\andrew work\appdata\roaming\EndNote
2012-01-05 22:03:56 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-01-05 22:01:10 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp091.DLL
2012-01-05 22:00:00 161280 ----a-w- c:\windows\system32\hpcpn091.dll
2012-01-05 21:56:15 -------- d-----w- C:\HP_CLJ_CP4020_CP4520_Installer_AM
2012-01-05 21:33:54 -------- d-----w- c:\users\andrew work\appdata\local\Microsoft Games
2012-01-05 20:52:20 -------- d-----w- c:\users\andrew work\appdata\local\Adobe
2012-01-05 20:45:48 -------- d-----w- c:\users\andrew work\appdata\roaming\GraphPad Software
2012-01-05 20:10:19 -------- d--h--w- c:\users\andrew work\InstallAnywhere
2012-01-05 20:05:17 -------- d-----w- c:\users\andrew work\appdata\local\Mozilla
2012-01-05 19:49:09 -------- d-----w- c:\users\andrew work\appdata\local\Google
2012-01-05 19:48:31 -------- d-----w- c:\users\andrew work\appdata\local\SupportSoft
2012-01-05 19:48:23 -------- d-----w- c:\users\andrew work\appdata\local\Stardock_Corporation
2012-01-05 19:48:19 -------- d-----w- c:\users\andrew work\appdata\local\MediaDirect
2012-01-05 19:47:34 -------- d-----w- c:\users\andrew work\appdata\roaming\Dell
2012-01-04 05:18:29 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-04 05:18:29 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-04 05:18:29 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-04 05:18:29 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-03 14:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 14:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-03 13:10:50 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-01-03 13:10:48 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-12-30 21:42:10 -------- d-----w- c:\program files\ATT-HSI
2011-12-30 21:41:51 -------- d-----w- c:\program files\common files\Motive
2011-12-16 03:38:22 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-16 03:38:22 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-16 03:38:19 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 03:38:18 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 03:37:24 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 03:37:16 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-11-29 04:09:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:44:37.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 01:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 10:32 AM

Hi Gringo,

I tried to disable McAfee Security Center 11 in order to run Combofix, but no matter what I do, I cannot disable realtime scanning. I told it to turn it off and not turn it back on ever, and it says "Real-time scanning off", but when I click "Done", it does not turn off the real-time scanner. I started Combofix and it gave me an error saying that it could not find the file "NIRKMD" three times.

Is this normal, or is there something else I can do to get around this? I want to run the Combofix properly, but for some reason I can't get McAfee to cooperate with me. I'm hoping that's not a problem with the infection itself.

Thanks.

#4 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 11:51 AM

Also, Combofix has been running for over an hour now and has yet to produce any log at all. I didn't click the mouse in the window or anything like that, but the program does not seem to be doing anything. All it says is "Scanning for infected files. This typically doesn't take more than 10 minutes. However, scan times for badly infected machines can easily double." and has a blinking cursor.

Any thoughts?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 11:59 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 01:07 PM

Again, it is taking a long time. When it started it said that there was no administrator access to run a process, but continued to the scan. Also, it still said that McAfee was running despite my attempts to disable it. The scan has now been going for over 45 minutes with no output log showing. Is this normal and to be expected?

#7 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 02:12 PM

Cannot get a successful combofix scan completion. This time I let it run for almost two hours with no results.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 08:11 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 08:19 PM

Ok, here's the TDSSKiller log file:

19:16:29.0806 0604 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
19:16:31.0809 0604 ============================================================
19:16:31.0809 0604 Current date / time: 2012/01/16 19:16:31.0809
19:16:31.0809 0604 SystemInfo:
19:16:31.0809 0604
19:16:31.0809 0604 OS Version: 6.0.6002 ServicePack: 2.0
19:16:31.0809 0604 Product type: Workstation
19:16:31.0810 0604 ComputerName: ANDREW-PC
19:16:31.0810 0604 UserName: Andrew work
19:16:31.0810 0604 Windows directory: C:\Windows
19:16:31.0810 0604 System windows directory: C:\Windows
19:16:31.0810 0604 Processor architecture: Intel x86
19:16:31.0810 0604 Number of processors: 2
19:16:31.0810 0604 Page size: 0x1000
19:16:31.0810 0604 Boot type: Normal boot
19:16:31.0810 0604 ============================================================
19:16:37.0838 0604 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
19:16:39.0325 0604 Initialize success
19:16:45.0137 2864 ============================================================
19:16:45.0137 2864 Scan started
19:16:45.0137 2864 Mode: Manual;
19:16:45.0137 2864 ============================================================
19:17:00.0755 2864 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:17:00.0764 2864 ACPI - ok
19:17:01.0832 2864 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:17:01.0921 2864 adp94xx - ok
19:17:02.0571 2864 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:17:02.0624 2864 adpahci - ok
19:17:03.0299 2864 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:17:03.0304 2864 adpu160m - ok
19:17:03.0597 2864 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:17:03.0607 2864 adpu320 - ok
19:17:03.0919 2864 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:17:04.0196 2864 AFD - ok
19:17:04.0814 2864 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:17:04.0837 2864 agp440 - ok
19:17:05.0831 2864 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:17:05.0839 2864 aic78xx - ok
19:17:06.0281 2864 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:17:06.0345 2864 aliide - ok
19:17:07.0150 2864 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:17:07.0178 2864 amdagp - ok
19:17:07.0879 2864 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:17:07.0932 2864 amdide - ok
19:17:08.0762 2864 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:17:08.0766 2864 AmdK7 - ok
19:17:10.0018 2864 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:17:10.0061 2864 AmdK8 - ok
19:17:10.0509 2864 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:17:10.0937 2864 ApfiltrService - ok
19:17:12.0702 2864 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:17:12.0709 2864 arc - ok
19:17:13.0469 2864 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:17:13.0476 2864 arcsas - ok
19:17:13.0728 2864 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:13.0730 2864 AsyncMac - ok
19:17:14.0174 2864 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:17:14.0179 2864 atapi - ok
19:17:14.0679 2864 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
19:17:14.0798 2864 BCM42RLY - ok
19:17:15.0780 2864 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:17:16.0293 2864 BCM43XX - ok
19:17:16.0807 2864 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:17:16.0810 2864 Beep - ok
19:17:17.0186 2864 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:17:17.0191 2864 blbdrive - ok
19:17:17.0938 2864 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:17:18.0001 2864 bowser - ok
19:17:19.0129 2864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:17:19.0136 2864 BrFiltLo - ok
19:17:19.0525 2864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:17:19.0531 2864 BrFiltUp - ok
19:17:19.0904 2864 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:17:19.0912 2864 Brserid - ok
19:17:20.0131 2864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:17:20.0138 2864 BrSerWdm - ok
19:17:20.0451 2864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:17:20.0454 2864 BrUsbMdm - ok
19:17:22.0029 2864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:17:22.0035 2864 BrUsbSer - ok
19:17:22.0753 2864 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:17:22.0758 2864 BTHMODEM - ok
19:17:24.0094 2864 catchme - ok
19:17:24.0397 2864 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:17:24.0403 2864 cdfs - ok
19:17:24.0867 2864 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:17:24.0874 2864 cdrom - ok
19:17:25.0055 2864 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
19:17:25.0057 2864 cfwids - ok
19:17:25.0174 2864 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:17:25.0185 2864 circlass - ok
19:17:25.0404 2864 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:17:25.0412 2864 CLFS - ok
19:17:25.0757 2864 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:25.0765 2864 CmBatt - ok
19:17:25.0878 2864 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:17:25.0930 2864 cmdide - ok
19:17:26.0141 2864 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:17:26.0148 2864 Compbatt - ok
19:17:27.0092 2864 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:17:27.0098 2864 crcdisk - ok
19:17:27.0617 2864 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:17:27.0623 2864 Crusoe - ok
19:17:27.0795 2864 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:17:27.0888 2864 DfsC - ok
19:17:28.0082 2864 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:17:28.0089 2864 disk - ok
19:17:28.0258 2864 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:17:28.0267 2864 drmkaud - ok
19:17:28.0966 2864 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:17:29.0942 2864 DXGKrnl - ok
19:17:30.0511 2864 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:17:30.0522 2864 e1express - ok
19:17:30.0696 2864 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:17:30.0704 2864 E1G60 - ok
19:17:30.0968 2864 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:17:30.0978 2864 Ecache - ok
19:17:31.0181 2864 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:17:31.0194 2864 elxstor - ok
19:17:31.0245 2864 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:17:31.0249 2864 ErrDev - ok
19:17:31.0672 2864 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:17:31.0678 2864 exfat - ok
19:17:31.0941 2864 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:17:31.0950 2864 fastfat - ok
19:17:32.0135 2864 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:17:32.0143 2864 fdc - ok
19:17:32.0818 2864 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:17:32.0822 2864 FileInfo - ok
19:17:32.0915 2864 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:17:32.0919 2864 Filetrace - ok
19:17:33.0055 2864 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:33.0064 2864 flpydisk - ok
19:17:33.0114 2864 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:17:33.0120 2864 FltMgr - ok
19:17:33.0304 2864 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:17:33.0312 2864 Fs_Rec - ok
19:17:33.0415 2864 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:17:33.0427 2864 gagp30kx - ok
19:17:34.0326 2864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:17:34.0510 2864 GEARAspiWDM - ok
19:17:35.0917 2864 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:17:36.0055 2864 HdAudAddService - ok
19:17:36.0252 2864 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:17:36.0269 2864 HDAudBus - ok
19:17:36.0308 2864 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:17:36.0314 2864 HidBth - ok
19:17:36.0940 2864 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:17:36.0950 2864 HidIr - ok
19:17:37.0159 2864 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:17:37.0168 2864 HidUsb - ok
19:17:37.0218 2864 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:17:37.0226 2864 HpCISSs - ok
19:17:37.0504 2864 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:17:38.0556 2864 HSF_DPV - ok
19:17:39.0144 2864 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:17:39.0278 2864 HSXHWAZL - ok
19:17:39.0562 2864 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:17:39.0577 2864 HTTP - ok
19:17:39.0739 2864 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:17:39.0751 2864 i2omp - ok
19:17:39.0818 2864 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:17:39.0824 2864 i8042prt - ok
19:17:40.0060 2864 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
19:17:40.0063 2864 iaStor - ok
19:17:40.0249 2864 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:17:40.0260 2864 iaStorV - ok
19:17:40.0763 2864 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:17:41.0008 2864 igfx - ok
19:17:41.0126 2864 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:17:41.0134 2864 iirsp - ok
19:17:41.0195 2864 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
19:17:41.0343 2864 IntcHdmiAddService - ok
19:17:41.0497 2864 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
19:17:41.0502 2864 intelide - ok
19:17:41.0547 2864 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:17:41.0554 2864 intelppm - ok
19:17:41.0689 2864 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:41.0697 2864 IpFilterDriver - ok
19:17:41.0706 2864 IpInIp - ok
19:17:41.0752 2864 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:17:41.0758 2864 IPMIDRV - ok
19:17:41.0798 2864 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:17:41.0805 2864 IPNAT - ok
19:17:41.0976 2864 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:17:41.0982 2864 IRENUM - ok
19:17:42.0039 2864 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:17:42.0045 2864 isapnp - ok
19:17:42.0220 2864 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:17:42.0230 2864 iScsiPrt - ok
19:17:42.0278 2864 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:17:42.0285 2864 iteatapi - ok
19:17:42.0456 2864 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:17:42.0461 2864 iteraid - ok
19:17:42.0526 2864 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:42.0531 2864 kbdclass - ok
19:17:42.0594 2864 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:42.0601 2864 kbdhid - ok
19:17:42.0695 2864 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:17:42.0710 2864 KSecDD - ok
19:17:42.0910 2864 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:42.0917 2864 lltdio - ok
19:17:42.0996 2864 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:17:43.0004 2864 LSI_FC - ok
19:17:43.0051 2864 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:17:43.0058 2864 LSI_SAS - ok
19:17:43.0223 2864 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:17:43.0235 2864 LSI_SCSI - ok
19:17:43.0308 2864 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:17:43.0314 2864 luafv - ok
19:17:43.0544 2864 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\Drivers\LVPr2Mon.sys
19:17:43.0692 2864 LVPr2Mon - ok
19:17:44.0005 2864 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
19:17:44.0247 2864 LVRS - ok
19:17:44.0595 2864 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
19:17:44.0749 2864 LVUSBSta - ok
19:17:45.0241 2864 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
19:17:45.0659 2864 LVUVC - ok
19:17:45.0829 2864 ManyCam - ok
19:17:46.0114 2864 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:17:46.0123 2864 mdmxsdk - ok
19:17:46.0179 2864 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:17:46.0183 2864 megasas - ok
19:17:46.0335 2864 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:17:46.0347 2864 MegaSR - ok
19:17:46.0645 2864 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
19:17:46.0718 2864 mfeapfk - ok
19:17:46.0910 2864 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
19:17:46.0994 2864 mfeavfk - ok
19:17:47.0135 2864 mfeavfk01 - ok
19:17:47.0211 2864 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
19:17:47.0299 2864 mfebopk - ok
19:17:47.0750 2864 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
19:17:47.0841 2864 mfefirek - ok
19:17:47.0896 2864 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
19:17:48.0053 2864 mfehidk - ok
19:17:48.0159 2864 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:17:48.0219 2864 mfenlfk - ok
19:17:48.0261 2864 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
19:17:48.0337 2864 mferkdet - ok
19:17:48.0518 2864 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
19:17:48.0611 2864 mferkdk - ok
19:17:48.0643 2864 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
19:17:48.0742 2864 mfesmfk - ok
19:17:48.0941 2864 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
19:17:49.0037 2864 mfewfpk - ok
19:17:49.0081 2864 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:17:49.0089 2864 Modem - ok
19:17:49.0204 2864 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:17:49.0212 2864 monitor - ok
19:17:49.0229 2864 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:17:49.0233 2864 mouclass - ok
19:17:49.0250 2864 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:49.0261 2864 mouhid - ok
19:17:49.0298 2864 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:17:49.0302 2864 MountMgr - ok
19:17:49.0453 2864 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:17:49.0462 2864 mpio - ok
19:17:49.0509 2864 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:17:49.0517 2864 mpsdrv - ok
19:17:49.0599 2864 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:17:49.0606 2864 Mraid35x - ok
19:17:49.0826 2864 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:17:49.0888 2864 MREMP50 - ok
19:17:49.0895 2864 MREMPR5 - ok
19:17:49.0903 2864 MRENDIS5 - ok
19:17:49.0961 2864 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:17:50.0019 2864 MRESP50 - ok
19:17:50.0285 2864 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:17:50.0291 2864 MRxDAV - ok
19:17:50.0567 2864 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:50.0753 2864 mrxsmb - ok
19:17:50.0918 2864 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:51.0058 2864 mrxsmb10 - ok
19:17:51.0216 2864 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:51.0353 2864 mrxsmb20 - ok
19:17:51.0409 2864 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:17:51.0516 2864 msahci - ok
19:17:51.0665 2864 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:17:51.0703 2864 msdsm - ok
19:17:51.0748 2864 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:17:51.0754 2864 Msfs - ok
19:17:51.0825 2864 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:17:51.0830 2864 msisadrv - ok
19:17:52.0078 2864 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:52.0085 2864 MSKSSRV - ok
19:17:52.0234 2864 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:52.0237 2864 MSPCLOCK - ok
19:17:52.0369 2864 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:17:52.0373 2864 MSPQM - ok
19:17:52.0605 2864 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:17:52.0618 2864 MsRPC - ok
19:17:52.0651 2864 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:17:52.0665 2864 mssmbios - ok
19:17:52.0736 2864 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:17:52.0742 2864 MSTEE - ok
19:17:52.0838 2864 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:17:52.0848 2864 Mup - ok
19:17:53.0046 2864 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:17:53.0056 2864 NativeWifiP - ok
19:17:53.0109 2864 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:17:53.0125 2864 NDIS - ok
19:17:53.0249 2864 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:53.0252 2864 NdisTapi - ok
19:17:53.0298 2864 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:53.0305 2864 Ndisuio - ok
19:17:53.0551 2864 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:53.0560 2864 NdisWan - ok
19:17:53.0630 2864 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:17:53.0635 2864 NDProxy - ok
19:17:53.0749 2864 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:17:53.0755 2864 NetBIOS - ok
19:17:53.0856 2864 netbt (635f9e72bb66afddaa4dfeedf622ff1f) C:\Windows\system32\DRIVERS\netbt.sys
19:17:53.0905 2864 netbt - ok
19:17:54.0092 2864 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:17:54.0101 2864 nfrd960 - ok
19:17:54.0182 2864 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:17:54.0186 2864 Npfs - ok
19:17:54.0320 2864 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:17:54.0327 2864 nsiproxy - ok
19:17:54.0491 2864 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:17:54.0689 2864 Ntfs - ok
19:17:55.0019 2864 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:17:55.0035 2864 ntrigdigi - ok
19:17:55.0060 2864 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:17:55.0066 2864 Null - ok
19:17:55.0119 2864 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:17:55.0128 2864 nvraid - ok
19:17:55.0333 2864 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:17:55.0339 2864 nvstor - ok
19:17:55.0528 2864 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:17:55.0536 2864 nv_agp - ok
19:17:55.0645 2864 NwlnkFlt - ok
19:17:55.0658 2864 NwlnkFwd - ok
19:17:55.0737 2864 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:17:55.0744 2864 ohci1394 - ok
19:17:55.0918 2864 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
19:17:55.0993 2864 PalmUSBD - ok
19:17:56.0096 2864 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:17:56.0101 2864 Parport - ok
19:17:56.0255 2864 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:17:56.0260 2864 partmgr - ok
19:17:56.0318 2864 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:17:56.0323 2864 Parvdm - ok
19:17:56.0650 2864 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:17:56.0654 2864 pci - ok
19:17:56.0799 2864 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:17:56.0805 2864 pciide - ok
19:17:56.0879 2864 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:17:56.0888 2864 pcmcia - ok
19:17:57.0004 2864 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:17:57.0026 2864 PEAUTH - ok
19:17:57.0310 2864 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
19:17:57.0490 2864 PID_0928 - ok
19:17:57.0665 2864 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
19:17:57.0745 2864 Point32 - ok
19:17:57.0911 2864 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:17:57.0919 2864 PptpMiniport - ok
19:17:57.0944 2864 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:17:57.0949 2864 Processor - ok
19:17:58.0029 2864 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:17:58.0031 2864 PSched - ok
19:17:58.0326 2864 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:17:58.0387 2864 PxHelp20 - ok
19:17:58.0665 2864 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:17:58.0720 2864 ql2300 - ok
19:17:58.0859 2864 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:17:58.0864 2864 ql40xx - ok
19:17:58.0913 2864 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:17:58.0918 2864 QWAVEdrv - ok
19:17:59.0186 2864 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:17:59.0224 2864 R300 - ok
19:17:59.0443 2864 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:17:59.0449 2864 RasAcd - ok
19:17:59.0645 2864 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:59.0652 2864 Rasl2tp - ok
19:17:59.0696 2864 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:59.0702 2864 RasPppoe - ok
19:17:59.0777 2864 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:17:59.0785 2864 RasSstp - ok
19:17:59.0964 2864 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:17:59.0984 2864 rdbss - ok
19:18:00.0118 2864 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:00.0121 2864 RDPCDD - ok
19:18:00.0292 2864 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:18:00.0301 2864 rdpdr - ok
19:18:00.0641 2864 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:18:00.0650 2864 RDPENCDD - ok
19:18:00.0903 2864 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:18:00.0912 2864 RDPWD - ok
19:18:01.0078 2864 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:18:01.0157 2864 rimmptsk - ok
19:18:01.0248 2864 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:18:01.0333 2864 rimsptsk - ok
19:18:01.0484 2864 RimUsb - ok
19:18:01.0556 2864 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
19:18:01.0609 2864 RimVSerPort - ok
19:18:01.0680 2864 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:18:01.0691 2864 rismxdp - ok
19:18:01.0909 2864 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:18:01.0913 2864 ROOTMODEM - ok
19:18:02.0007 2864 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:18:02.0014 2864 rspndr - ok
19:18:02.0057 2864 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:18:02.0065 2864 sbp2port - ok
19:18:02.0218 2864 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:18:02.0226 2864 sdbus - ok
19:18:02.0342 2864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:18:02.0346 2864 secdrv - ok
19:18:02.0544 2864 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:18:02.0549 2864 Serenum - ok
19:18:02.0625 2864 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:18:02.0634 2864 Serial - ok
19:18:02.0733 2864 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:18:02.0738 2864 sermouse - ok
19:18:02.0789 2864 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:18:02.0794 2864 sffdisk - ok
19:18:02.0889 2864 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:18:02.0894 2864 sffp_mmc - ok
19:18:03.0085 2864 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:18:03.0092 2864 sffp_sd - ok
19:18:03.0180 2864 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:18:03.0186 2864 sfloppy - ok
19:18:03.0302 2864 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:18:03.0309 2864 sisagp - ok
19:18:03.0439 2864 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:18:03.0441 2864 SiSRaid2 - ok
19:18:03.0546 2864 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:18:03.0552 2864 SiSRaid4 - ok
19:18:03.0702 2864 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:18:03.0710 2864 Smb - ok
19:18:03.0815 2864 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:18:03.0822 2864 spldr - ok
19:18:04.0095 2864 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:18:04.0254 2864 srv - ok
19:18:04.0648 2864 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:18:04.0791 2864 srv2 - ok
19:18:04.0996 2864 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:05.0112 2864 srvnet - ok
19:18:05.0359 2864 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
19:18:05.0554 2864 STHDA - ok
19:18:05.0764 2864 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:18:05.0768 2864 swenum - ok
19:18:05.0811 2864 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:18:05.0816 2864 Symc8xx - ok
19:18:05.0853 2864 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:18:05.0859 2864 Sym_hi - ok
19:18:05.0970 2864 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:18:05.0975 2864 Sym_u3 - ok
19:18:06.0143 2864 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:18:06.0230 2864 Tcpip - ok
19:18:06.0298 2864 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:06.0306 2864 Tcpip6 - ok
19:18:06.0358 2864 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:18:06.0365 2864 tcpipreg - ok
19:18:06.0505 2864 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:18:06.0514 2864 TDPIPE - ok
19:18:06.0592 2864 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:18:06.0599 2864 TDTCP - ok
19:18:06.0671 2864 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:18:06.0678 2864 tdx - ok
19:18:06.0755 2864 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:18:06.0763 2864 TermDD - ok
19:18:06.0959 2864 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:06.0966 2864 tssecsrv - ok
19:18:07.0065 2864 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:18:07.0073 2864 tunmp - ok
19:18:07.0119 2864 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:07.0131 2864 tunnel - ok
19:18:07.0269 2864 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:18:07.0275 2864 uagp35 - ok
19:18:07.0441 2864 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:18:07.0453 2864 udfs - ok
19:18:07.0689 2864 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:18:07.0695 2864 uliagpkx - ok
19:18:07.0739 2864 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:18:07.0748 2864 uliahci - ok
19:18:07.0894 2864 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:18:07.0903 2864 UlSata - ok
19:18:07.0954 2864 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:18:07.0962 2864 ulsata2 - ok
19:18:08.0119 2864 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:18:08.0128 2864 umbus - ok
19:18:08.0193 2864 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
19:18:08.0298 2864 USBAAPL - ok
19:18:08.0472 2864 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:18:08.0478 2864 usbaudio - ok
19:18:08.0524 2864 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:08.0539 2864 usbccgp - ok
19:18:08.0660 2864 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:18:08.0667 2864 usbcir - ok
19:18:08.0742 2864 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:18:08.0747 2864 usbehci - ok
19:18:08.0876 2864 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:08.0883 2864 usbhub - ok
19:18:08.0942 2864 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:18:08.0947 2864 usbohci - ok
19:18:09.0101 2864 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:09.0109 2864 usbprint - ok
19:18:09.0165 2864 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:09.0171 2864 USBSTOR - ok
19:18:09.0289 2864 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:09.0295 2864 usbuhci - ok
19:18:09.0441 2864 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:18:09.0450 2864 usbvideo - ok
19:18:09.0599 2864 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:09.0603 2864 vga - ok
19:18:09.0635 2864 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:18:09.0646 2864 VgaSave - ok
19:18:09.0686 2864 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:18:09.0693 2864 viaagp - ok
19:18:09.0725 2864 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:18:09.0731 2864 ViaC7 - ok
19:18:09.0846 2864 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:18:09.0851 2864 viaide - ok
19:18:09.0902 2864 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:18:09.0910 2864 volmgr - ok
19:18:09.0967 2864 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:18:09.0975 2864 volmgrx - ok
19:18:10.0117 2864 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:18:10.0126 2864 volsnap - ok
19:18:10.0204 2864 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:18:10.0212 2864 vsmraid - ok
19:18:10.0374 2864 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:18:10.0377 2864 WacomPen - ok
19:18:10.0427 2864 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:10.0434 2864 Wanarp - ok
19:18:10.0457 2864 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:10.0459 2864 Wanarpv6 - ok
19:18:10.0514 2864 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:18:10.0518 2864 Wd - ok
19:18:10.0655 2864 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:18:10.0673 2864 Wdf01000 - ok
19:18:10.0799 2864 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:18:10.0980 2864 winachsf - ok
19:18:11.0243 2864 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:11.0249 2864 WmiAcpi - ok
19:18:11.0327 2864 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:18:11.0331 2864 WpdUsb - ok
19:18:11.0546 2864 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:11.0570 2864 ws2ifsl - ok
19:18:12.0001 2864 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:12.0012 2864 WUDFRd - ok
19:18:12.0163 2864 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:18:12.0245 2864 XAudio - ok
19:18:12.0474 2864 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
19:18:12.0613 2864 yukonwlh - ok
19:18:12.0645 2864 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:18:12.0707 2864 \Device\Harddisk0\DR0 - ok
19:18:12.0726 2864 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
19:18:12.0737 2864 \Device\Harddisk0\DR0\Partition0 - ok
19:18:12.0742 2864 Boot (0x1200) (f805fa144e726ceaa4cf9a250587b283) \Device\Harddisk0\DR0\Partition1
19:18:12.0743 2864 \Device\Harddisk0\DR0\Partition1 - ok
19:18:12.0746 2864 ============================================================
19:18:12.0746 2864 Scan finished
19:18:12.0746 2864 ============================================================
19:18:12.0768 2440 Detected object count: 0
19:18:12.0768 2440 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 08:53 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 09:32 PM

Looks like it found a couple of infected items. Here's the log text:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 19:56:53
-----------------------------
19:56:53.384 OS Version: Windows 6.0.6002 Service Pack 2
19:56:53.384 Number of processors: 2 586 0xF0D
19:56:53.386 ComputerName: ANDREW-PC UserName:
19:58:25.542 Initialize success
20:10:24.630 AVAST engine defs: 12011601
20:10:55.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:10:55.717 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
20:10:55.733 Disk 0 MBR read successfully
20:10:55.733 Disk 0 MBR scan
20:10:55.748 Disk 0 Windows VISTA default MBR code
20:10:55.764 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:10:55.779 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
20:10:55.811 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
20:10:55.826 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
20:10:55.873 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
20:10:55.873 Disk 0 scanning sectors +488394752
20:10:55.935 Disk 0 scanning C:\Windows\system32\drivers
20:11:05.264 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:11:11.239 Disk 0 trace - called modules:
20:11:11.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8761fff0]<<
20:11:11.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a6450]
20:11:11.301 3 CLASSPNP.SYS[889a58b3] -> nt!IofCallDriver -> [0x875acb48]
20:11:11.317 \Driver\00001181[0x875acc80] -> IRP_MJ_CREATE -> 0x8761fff0
20:11:14.936 AVAST engine scan C:\Windows
20:11:27.380 AVAST engine scan C:\Windows\system32
20:15:41.006 AVAST engine scan C:\Windows\system32\drivers
20:15:53.097 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:16:08.374 AVAST engine scan C:\Users\Andrew work
20:21:21.519 AVAST engine scan C:\ProgramData
20:29:58.703 Scan finished successfully
20:30:13.697 Disk 0 MBR has been saved successfully to "C:\Users\Andrew work\Desktop\MBR.dat"
20:30:13.724 The log file has been saved successfully to "C:\Users\Andrew work\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 09:55 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 10:40 PM

It says Backdoor.Tidserv has not been found on your computer. Running aswMBR again now.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 AM

Posted 16 January 2012 - 10:55 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Andrew12

Andrew12
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 16 January 2012 - 11:15 PM

Looks like it's the same as last time. That "netbt.sys" file seems to be infected per the scan.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 21:44:08
-----------------------------
21:44:08.558 OS Version: Windows 6.0.6002 Service Pack 2
21:44:08.559 Number of processors: 2 586 0xF0D
21:44:08.566 ComputerName: ANDREW-PC UserName:
21:45:11.822 Initialize success
21:45:22.990 AVAST engine defs: 12011601
21:46:32.722 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:46:32.725 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
21:46:32.744 Disk 0 MBR read successfully
21:46:32.747 Disk 0 MBR scan
21:46:32.753 Disk 0 Windows VISTA default MBR code
21:46:32.758 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:46:32.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
21:46:32.806 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
21:46:32.814 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
21:46:32.898 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
21:46:32.909 Disk 0 scanning sectors +488394752
21:46:33.051 Disk 0 scanning C:\Windows\system32\drivers
21:46:41.350 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
21:46:50.690 Disk 0 trace - called modules:
21:46:50.731 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x875fcff0]<<
21:46:50.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8659cac8]
21:46:50.751 3 CLASSPNP.SYS[889a88b3] -> nt!IofCallDriver -> [0x8751b628]
21:46:50.761 \Driver\00000984[0x8751b760] -> IRP_MJ_CREATE -> 0x875fcff0
21:46:51.960 AVAST engine scan C:\Windows
21:46:58.749 AVAST engine scan C:\Windows\system32
21:52:19.593 AVAST engine scan C:\Windows\system32\drivers
21:52:27.674 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
21:52:33.898 AVAST engine scan C:\Users\Andrew work
21:55:49.111 AVAST engine scan C:\ProgramData
22:04:32.741 Scan finished successfully
22:13:55.090 Disk 0 MBR has been saved successfully to "C:\Users\Andrew work\Desktop\MBR.dat"
22:13:55.140 The log file has been saved successfully to "C:\Users\Andrew work\Desktop\aswMBR2.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users