Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects to googlr


  • This topic is locked This topic is locked
12 replies to this topic

#1 nuxi

nuxi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 January 2012 - 01:30 PM

I recently inherited this pc that I'd like to use as a media cener. Unfortunately, it seems to be heavily infested. I've run half a dozen different anti-virus and rootkit programs, and many of them claim to have found things, and things seem clear for a while, but eventually I either get redirected to hxxp://googlr.com (yes, xx) or the network connections just start hanging. The computer did not come with install disks.

GMER crashed about 2 minutes in. Should I try running in safe mode? I should probably note that I ran both ddr and gmer with MSE off and wireless networking disabled.

Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 12:08:00 on 2012-01-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1607 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
J:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
j:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\WINDOWS\system32\spoolsv.exe
svchost.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Google\Update\GoogleUpdate.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\WINDOWS\System32\svchost.exe -k HPZ12
J:\WINDOWS\System32\svchost.exe -k HPZ12
J:\WINDOWS\system32\PRISMSVC.EXE
J:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\PRISMSVR.EXE
J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
J:\Program Files\Microsoft IntelliType Pro\itype.exe
J:\Program Files\Microsoft IntelliPoint\ipoint.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
J:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
J:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe
J:\Program Files\Common Files\Java\Java Update\jusched.exe
J:\Program Files\Microsoft Security Client\msseces.exe
J:\Program Files\DivX\DivX Update\DivXUpdate.exe
J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
J:\Program Files\Dell Wireless\PRISMCFG.exe
J:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
J:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.googlr.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - j:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - j:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - j:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - j:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\google toolbar\GoogleToolbar.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - j:\progra~1\verizo~1\VERIZO~1.DLL
EB: Google Find Bar: {e16dc1fe-7c34-43f2-b754-f3ad12ddf97c} - j:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] "j:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIModeChange] "j:\windows\system32\Ati2mdxx.exe"
mRun: [RemoteControl] "j:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] "j:\windows\system32\NeroCheck.exe"
mRun: [itype] "j:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "j:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] "j:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "j:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NCNETWORKSDM] "j:\program files\ncnetworksdm\bin\sprtcmd.exe" /P NCNETWORKSDM
mRun: [QuickTime Task] "j:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "j:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "j:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "j:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - j:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - j:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - j:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197485920687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{CC9A8007-8214-436C-9F2F-11F0457CDE7E} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - j:\documents and settings\owner\application data\mozilla\firefox\profiles\bjw3owvx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z180&ocid=zdhp&install_date=20120120
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z180&form=ZGAADF&install_date=20120120&q=
FF - component: j:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: j:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: j:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;j:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SBRE;SBRE;j:\windows\system32\drivers\SBREDrv.sys [2012-1-19 98392]
R2 PRISMSVC;PRISMSVC;j:\windows\system32\PRISMSVC.exe [2012-1-18 61529]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);j:\program files\ncnetworksdm\bin\sprtsvc.exe [2010-6-17 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);j:\program files\ncnetworksdm\bin\tgsrvc.exe [2010-6-17 185640]
S2 gupdate1cabfda90c05a02;Google Update Service (gupdate1cabfda90c05a02);j:\program files\google\update\GoogleUpdate.exe [2010-3-9 133104]
S3 BlackBox;BlackBox SR2; [x]
S3 gupdatem;Google Update Service (gupdatem);j:\program files\google\update\GoogleUpdate.exe [2010-3-9 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;j:\windows\system32\drivers\hitmanpro36.sys [2012-1-21 23624]
.
=============== Created Last 30 ================
.
2012-01-23 12:22:04 6557240 ----a-w- j:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc1dde4e-0e78-41ae-be5e-08b6611b8749}\mpengine.dll
2012-01-21 21:32:07 -------- d-----w- j:\program files\common files\PC Tools
2012-01-21 21:31:46 -------- d-----w- j:\documents and settings\all users\application data\PC Tools
2012-01-21 21:27:31 23624 ----a-w- j:\windows\system32\drivers\hitmanpro36.sys
2012-01-21 21:27:10 -------- d-----w- j:\documents and settings\all users\application data\HitmanPro
2012-01-21 03:28:20 -------- d-----w- J:\ComboFix
2012-01-21 01:59:00 414368 ----a-w- j:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 04:31:59 -------- d-----w- j:\program files\Spybot - Search & Destroy
2012-01-20 04:31:59 -------- d-----w- j:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-20 03:06:30 98392 ----a-w- j:\windows\system32\drivers\SBREDrv.sys
2012-01-20 03:06:30 27984 ----a-w- j:\windows\system32\sbbd.exe
2012-01-20 02:47:08 -------- d--h--w- j:\windows\msdownld.tmp
2012-01-20 02:45:59 -------- d-----w- j:\program files\Essentials Codec Pack
2012-01-20 02:45:16 -------- d-----w- j:\documents and settings\owner\application data\Nullsoft
2012-01-20 02:42:52 -------- d-----w- j:\program files\VideoLAN
2012-01-20 01:15:50 -------- d-----w- j:\documents and settings\owner\DoctorWeb
2012-01-20 01:12:25 205072 ----a-w- j:\windows\system32\drivers\tmcomm.sys
2012-01-20 01:07:04 -------- d-----w- j:\documents and settings\owner\application data\XBMC
2012-01-20 00:56:19 2106216 ----a-w- j:\windows\system32\D3DCompiler_43.dll
2012-01-20 00:56:17 1998168 ----a-w- j:\windows\system32\D3DX9_43.dll
2012-01-20 00:55:37 -------- d-----w- j:\program files\XBMC
2012-01-19 23:55:45 -------- d-----w- j:\documents and settings\owner\application data\Malwarebytes
2012-01-19 23:54:49 20464 ----a-w- j:\windows\system32\drivers\mbam.sys
2012-01-19 23:54:49 -------- d-----w- j:\program files\Malwarebytes' Anti-Malware
2012-01-19 23:54:49 -------- d-----w- j:\documents and settings\all users\application data\Malwarebytes
2012-01-19 18:23:47 -------- d-----w- j:\program files\common files\DivX Shared
2012-01-19 18:21:56 -------- d-----w- j:\program files\DivX
2012-01-19 18:21:07 -------- d-----w- j:\documents and settings\all users\application data\DivX
2012-01-19 17:37:15 645632 ----a-w- j:\windows\system32\xvidcore.dll
2012-01-19 17:37:15 240640 ----a-w- j:\windows\system32\xvidvfw.dll
2012-01-19 17:37:15 153088 ----a-w- j:\windows\system32\xvid.ax
2012-01-19 17:37:05 -------- d-----w- j:\program files\Xvid
2012-01-19 04:39:58 192644 ----a-w- j:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2012-01-19 04:39:57 323716 ----a-w- j:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2012-01-18 20:11:37 222080 ------w- j:\windows\system32\MpSigStub.exe
2012-01-18 20:07:55 -------- d-----w- j:\program files\Microsoft Security Client
2012-01-18 17:50:10 -------- d-sha-r- J:\cmdcons
2012-01-18 17:48:21 98816 ----a-w- j:\windows\sed.exe
2012-01-18 17:48:21 518144 ----a-w- j:\windows\SWREG.exe
2012-01-18 17:48:21 256000 ----a-w- j:\windows\PEV.exe
2012-01-18 17:48:21 208896 ----a-w- j:\windows\MBR.exe
2012-01-04 00:48:42 354176 ----a-w- j:\windows\system32\DivXControlPanelApplet.cpl
.
==================== Find3M ====================
.
2012-01-19 23:49:28 162816 ----a-w- j:\windows\system32\drivers\netbt.sys
2012-01-18 17:40:47 52480 ----a-w- j:\windows\system32\drivers\i8042prt.sys
2012-01-18 17:40:46 187776 ----a-w- j:\windows\system32\drivers\acpi.sys
2011-11-29 02:28:28 9200 ------w- j:\windows\system32\drivers\cdralw2k.sys
2011-11-29 02:28:28 9072 ------w- j:\windows\system32\drivers\cdr4_xp.sys
2011-11-29 02:28:28 45648 ------w- j:\windows\system32\drivers\PxHelp20.sys
2011-11-29 02:28:28 133616 ------w- j:\windows\system32\pxafs.dll
2011-11-29 02:28:28 126448 ------w- j:\windows\system32\pxinsi64.exe
2011-11-29 02:28:28 123888 ------w- j:\windows\system32\pxcpyi64.exe
.
============= FINISH: 12:08:59.07 ===============

Edited by hamluis, 23 January 2012 - 01:42 PM.
Moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 27 January 2012 - 07:22 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nuxi

nuxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 28 January 2012 - 09:50 PM

Thanks so much!

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 14:13:30
-----------------------------
14:13:30.293 OS Version: Windows 5.1.2600 Service Pack 3
14:13:30.293 Number of processors: 2 586 0x209
14:13:30.293 ComputerName: THOMPSON UserName: Owner
14:13:33.386 Initialize success
14:18:12.558 AVAST engine defs: 12012800
14:18:51.089 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:18:51.089 Disk 0 Vendor: MAXTOR_STM3160812A 3.AAJ Size: 152627MB BusType: 3
14:18:51.136 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:18:51.136 Disk 1 Vendor: WDC_WD1600BB-98DWA0 15.05R15 Size: 152627MB BusType: 3
14:18:51.168 Disk 1 MBR read successfully
14:18:51.168 Disk 1 MBR scan
14:18:51.683 Disk 1 unknown MBR code
14:18:51.730 Disk 1 Partition - 00 0F Extended LBA 11976 MB offset 16126
14:18:51.808 Disk 1 Partition 1 80 (A) BF Solaris 140595 MB offset 24543232
14:18:51.886 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 8977 MB offset 16128
14:18:51.949 Disk 1 scanning sectors +312481792
14:18:52.277 Disk 1 scanning J:\WINDOWS\system32\drivers
14:21:52.027 Service scanning
14:21:56.417 Modules scanning
14:22:13.058 Disk 1 trace - called modules:
14:22:13.074 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:22:13.074 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a695ab8]
14:22:13.074 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a6f39e8]
14:22:13.074 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a6ffb00]
14:22:14.886 AVAST engine scan J:\WINDOWS
14:22:44.714 AVAST engine scan J:\WINDOWS\system32
14:34:30.183 AVAST engine scan J:\WINDOWS\system32\drivers
14:35:11.964 AVAST engine scan J:\Documents and Settings\Owner
14:56:19.980 AVAST engine scan J:\Documents and Settings\All Users
15:01:40.417 Scan finished successfully
16:39:31.667 Disk 1 MBR has been saved successfully to "J:\Documents and Settings\Owner\Desktop\MBR.dat"
16:39:31.667 The log file has been saved successfully to "J:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 28 January 2012 - 10:31 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 nuxi

nuxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 30 January 2012 - 09:27 PM

Here's he log. It did say that it detected rootkit activiy and had to reboot.


ComboFix 12-01-29.02 - Owner 01/29/2012 13:09:24.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1702 [GMT -6:00]
Running from: j:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
j:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-28 20:20 . 2012-01-17 10:39 6557240 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-28 20:17 . 2012-01-17 10:39 6557240 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE6E3878-1335-473E-87C9-36A6492D3172}\mpengine.dll
2012-01-22 01:58 . 2012-01-23 12:17 -------- d-----w- j:\documents and settings\TV
2012-01-21 21:32 . 2012-01-22 01:58 -------- d-----w- j:\program files\Common Files\PC Tools
2012-01-21 21:31 . 2012-01-21 21:31 -------- d-----w- j:\documents and settings\All Users\Application Data\PC Tools
2012-01-21 21:31 . 2012-01-21 21:31 -------- d-----w- j:\documents and settings\Administrator\Application Data\TestApp
2012-01-21 21:27 . 2012-01-21 21:28 23624 ----a-w- j:\windows\system32\drivers\hitmanpro36.sys
2012-01-21 21:27 . 2012-01-21 21:27 -------- d-----w- j:\documents and settings\All Users\Application Data\HitmanPro
2012-01-21 01:59 . 2012-01-21 01:59 414368 ----a-w- j:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 04:31 . 2012-01-20 05:11 -------- d-----w- j:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-20 04:31 . 2012-01-20 04:45 -------- d-----w- j:\program files\Spybot - Search & Destroy
2012-01-20 03:06 . 2010-11-09 19:56 98392 ----a-w- j:\windows\system32\drivers\SBREDrv.sys
2012-01-20 03:06 . 2010-11-09 19:56 27984 ----a-w- j:\windows\system32\sbbd.exe
2012-01-20 02:45 . 2012-01-20 02:46 -------- d-----w- j:\program files\Essentials Codec Pack
2012-01-20 02:45 . 2012-01-20 02:45 -------- d-----w- j:\documents and settings\Owner\Application Data\Nullsoft
2012-01-20 02:43 . 2012-01-20 02:43 -------- d-----w- j:\documents and settings\Owner\Application Data\dvdcss
2012-01-20 02:43 . 2012-01-20 02:43 -------- d-----w- j:\documents and settings\Owner\Application Data\vlc
2012-01-20 02:42 . 2012-01-20 02:42 -------- d-----w- j:\program files\VideoLAN
2012-01-20 01:15 . 2012-01-20 01:15 -------- d-----w- j:\documents and settings\Owner\DoctorWeb
2012-01-20 01:12 . 2012-01-20 01:12 205072 ----a-w- j:\windows\system32\drivers\tmcomm.sys
2012-01-20 01:07 . 2012-01-20 05:14 -------- d-----w- j:\documents and settings\Owner\Application Data\XBMC
2012-01-20 00:56 . 2010-05-26 17:41 2106216 ----a-w- j:\windows\system32\D3DCompiler_43.dll
2012-01-20 00:56 . 2010-05-26 17:41 1998168 ----a-w- j:\windows\system32\D3DX9_43.dll
2012-01-20 00:55 . 2012-01-20 00:55 -------- d-----w- j:\program files\XBMC
2012-01-19 23:55 . 2012-01-19 23:55 -------- d-----w- j:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-19 23:54 . 2012-01-19 23:55 -------- d-----w- j:\program files\Malwarebytes' Anti-Malware
2012-01-19 23:54 . 2012-01-19 23:54 -------- d-----w- j:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-19 23:54 . 2011-12-10 21:24 20464 ----a-w- j:\windows\system32\drivers\mbam.sys
2012-01-19 18:25 . 2012-01-19 18:25 -------- d-----w- j:\documents and settings\Owner\Application Data\DivX
2012-01-19 18:21 . 2012-01-19 18:25 -------- d-----w- j:\program files\DivX
2012-01-19 18:21 . 2012-01-19 18:25 -------- d-----w- j:\documents and settings\All Users\Application Data\DivX
2012-01-19 17:37 . 2011-05-30 13:42 240640 ----a-w- j:\windows\system32\xvidvfw.dll
2012-01-19 17:37 . 2011-05-23 09:52 153088 ----a-w- j:\windows\system32\xvid.ax
2012-01-19 17:37 . 2011-05-23 07:46 645632 ----a-w- j:\windows\system32\xvidcore.dll
2012-01-19 17:37 . 2012-01-19 17:37 -------- d-----w- j:\program files\Xvid
2012-01-19 04:39 . 2012-01-19 04:39 192644 ----a-w- j:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-19 04:39 . 2012-01-19 04:39 323716 ----a-w- j:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-19 03:09 . 2012-01-19 03:09 -------- d-----w- j:\program files\Microsoft Silverlight
2012-01-18 20:11 . 2011-11-15 20:29 222080 ------w- j:\windows\system32\MpSigStub.exe
2012-01-18 20:07 . 2012-01-18 20:08 -------- d-----w- j:\program files\Microsoft Security Client
2012-01-18 16:12 . 2012-01-18 16:12 -------- d-sh--w- j:\documents and settings\Administrator\PrivacIE
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- j:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 23:49 . 2006-02-28 12:00 162816 ----a-w- j:\windows\system32\drivers\netbt.sys
2012-01-18 17:40 . 2006-02-28 12:00 52480 ----a-w- j:\windows\system32\drivers\i8042prt.sys
2012-01-18 17:40 . 2006-02-28 12:00 187776 ----a-w- j:\windows\system32\drivers\acpi.sys
2006-10-11 08:04 . 2008-04-19 23:57 61036 ----a-w- j:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-19 23:57 48742 ----a-w- j:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-19 23:57 29313 ----a-w- j:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-19 23:57 41082 ----a-w- j:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-19 23:57 166510 ----a-w- j:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="j:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="j:\windows\system32\Ati2mdxx.exe" [2001-09-04 28672]
"RemoteControl"="j:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="j:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="j:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"IntelliPoint"="j:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"HP Software Update"="j:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="j:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="j:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NCNETWORKSDM"="j:\program files\NCNETWORKSDM\bin\sprtcmd.exe" [2010-06-17 206120]
"QuickTime Task"="j:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="j:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="j:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"DivXUpdate"="j:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
j:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - j:\program files\Dell Wireless\PRISMCFG.exe [2012-1-18 921707]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 15:42 450649 ----a-r- j:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"j:\\Program Files\\eMule\\emule.exe"=
"j:\\Program Files\\BitTornado\\btdownloadgui.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:DCOM(135)
.
R1 SBRE;SBRE;j:\windows\system32\drivers\SBREDrv.sys [1/19/2012 9:06 PM 98392]
R2 PRISMSVC;PRISMSVC;j:\windows\system32\PRISMSVC.exe [1/18/2012 10:40 PM 61529]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);j:\program files\NCNETWORKSDM\bin\sprtsvc.exe [6/17/2010 3:59 AM 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);j:\program files\NCNETWORKSDM\bin\tgsrvc.exe [6/17/2010 3:59 AM 185640]
S2 gupdate1cabfda90c05a02;Google Update Service (gupdate1cabfda90c05a02);j:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 4:47 PM 133104]
S3 BlackBox;BlackBox SR2; [x]
S3 gupdatem;Google Update Service (gupdatem);j:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 4:47 PM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;j:\windows\system32\drivers\hitmanpro36.sys [1/21/2012 3:27 PM 23624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 j:\windows\Tasks\AppleSoftwareUpdate.job
- j:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-01-28 j:\windows\Tasks\Windows Codec Update Service.job
- j:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googlr.com/
IE: E&xport to Microsoft Excel - j:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - j:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bjw3owvx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z180&ocid=zdhp&install_date=20120120
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z180&form=ZGAADF&install_date=20120120&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
j:\windows\system32\PRISMAPI.DLL
.
Completion time: 2012-01-29 13:24:03
ComboFix-quarantined-files.txt 2012-01-29 19:23
.
Pre-Run: 121,615,347,712 bytes free
Post-Run: 121,796,276,224 bytes free

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 31 January 2012 - 06:45 PM

Hi

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 nuxi

nuxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 February 2012 - 12:50 AM

Here's the latest TDSS log. I've gone ahead and included just the malware sections of a couple of previous logs, just so you could see what it has found on prevous runs. I can attach the full versions if you'd like.





18:41:50.0796 3956 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
18:41:51.0078 3956 ============================================================
18:41:51.0078 3956 Current date / time: 2012/02/01 18:41:51.0078
18:41:51.0078 3956 SystemInfo:
18:41:51.0078 3956
18:41:51.0078 3956 OS Version: 5.1.2600 ServicePack: 3.0
18:41:51.0078 3956 Product type: Workstation
18:41:51.0078 3956 ComputerName: THOMPSON
18:41:51.0078 3956 UserName: Owner
18:41:51.0078 3956 Windows directory: J:\WINDOWS
18:41:51.0078 3956 System windows directory: J:\WINDOWS
18:41:51.0078 3956 Processor architecture: Intel x86
18:41:51.0078 3956 Number of processors: 2
18:41:51.0078 3956 Page size: 0x1000
18:41:51.0078 3956 Boot type: Normal boot
18:41:51.0078 3956 ============================================================
18:41:52.0640 3956 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:41:52.0656 3956 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:41:52.0703 3956 \Device\Harddisk0\DR0:
18:41:52.0703 3956 MBR used
18:41:52.0703 3956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
18:41:52.0703 3956 \Device\Harddisk1\DR1:
18:41:52.0703 3956 MBR used
18:41:52.0703 3956 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1188BFD
18:41:52.0734 3956 Initialize success
18:41:52.0734 3956 ============================================================
18:42:02.0250 0516 ============================================================
18:42:02.0250 0516 Scan started
18:42:02.0250 0516 Mode: Manual; TDLFS;
18:42:02.0250 0516 ============================================================
18:42:02.0906 0516 Abiosdsk - ok
18:42:03.0140 0516 abp480n5 - ok
18:42:03.0468 0516 ACPI (8fd99680a539792a30e97944fdaecf17) J:\WINDOWS\system32\DRIVERS\ACPI.sys
18:42:03.0468 0516 ACPI - ok
18:42:03.0718 0516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) J:\WINDOWS\system32\drivers\ACPIEC.sys
18:42:03.0718 0516 ACPIEC - ok
18:42:03.0953 0516 adpu160m - ok
18:42:04.0281 0516 aeaudio (11c04b17ed2abbb4833694bcd644ac90) J:\WINDOWS\system32\drivers\aeaudio.sys
18:42:04.0281 0516 aeaudio - ok
18:42:04.0609 0516 aec (8bed39e3c35d6a489438b8141717a557) J:\WINDOWS\system32\drivers\aec.sys
18:42:04.0609 0516 aec - ok
18:42:04.0890 0516 AegisP (2f7f3e8da380325866e566f5d5ec23d5) J:\WINDOWS\system32\DRIVERS\AegisP.sys
18:42:04.0890 0516 AegisP - ok
18:42:05.0171 0516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) J:\WINDOWS\System32\drivers\afd.sys
18:42:05.0171 0516 AFD - ok
18:42:05.0468 0516 AFS2K (0ebb674888cbdefd5773341c16dd6a07) J:\WINDOWS\system32\drivers\AFS2K.sys
18:42:05.0468 0516 AFS2K - ok
18:42:05.0765 0516 agp440 (08fd04aa961bdc77fb983f328334e3d7) J:\WINDOWS\system32\DRIVERS\agp440.sys
18:42:05.0765 0516 agp440 - ok
18:42:06.0015 0516 Aha154x - ok
18:42:06.0312 0516 aic78u2 - ok
18:42:06.0562 0516 aic78xx - ok
18:42:06.0812 0516 AliIde - ok
18:42:07.0046 0516 amsint - ok
18:42:07.0343 0516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) J:\WINDOWS\system32\DRIVERS\arp1394.sys
18:42:07.0343 0516 Arp1394 - ok
18:42:07.0593 0516 asc - ok
18:42:07.0843 0516 asc3350p - ok
18:42:08.0109 0516 asc3550 - ok
18:42:08.0421 0516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) J:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:42:08.0421 0516 AsyncMac - ok
18:42:08.0718 0516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) J:\WINDOWS\system32\DRIVERS\atapi.sys
18:42:08.0718 0516 atapi - ok
18:42:08.0968 0516 Atdisk - ok
18:42:09.0468 0516 ati2mtag (f72b6633a6f796cfe04cae038cb77418) J:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:42:09.0468 0516 ati2mtag - ok
18:42:09.0734 0516 Atmarpc (9916c1225104ba14794209cfa8012159) J:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:42:09.0734 0516 Atmarpc - ok
18:42:10.0078 0516 audstub (d9f724aa26c010a217c97606b160ed68) J:\WINDOWS\system32\DRIVERS\audstub.sys
18:42:10.0078 0516 audstub - ok
18:42:10.0515 0516 Beep (da1f27d85e0d1525f6621372e7b685e9) J:\WINDOWS\system32\drivers\Beep.sys
18:42:10.0515 0516 Beep - ok
18:42:10.0828 0516 BlackBox - ok
18:42:10.0953 0516 catchme - ok
18:42:11.0203 0516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) J:\WINDOWS\system32\drivers\cbidf2k.sys
18:42:11.0203 0516 cbidf2k - ok
18:42:11.0468 0516 CCDECODE (0be5aef125be881c4f854c554f2b025c) J:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:42:11.0468 0516 CCDECODE - ok
18:42:11.0703 0516 cd20xrnt - ok
18:42:11.0984 0516 Cdaudio (c1b486a7658353d33a10cc15211a873b) J:\WINDOWS\system32\drivers\Cdaudio.sys
18:42:11.0984 0516 Cdaudio - ok
18:42:12.0296 0516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) J:\WINDOWS\system32\drivers\Cdfs.sys
18:42:12.0296 0516 Cdfs - ok
18:42:12.0546 0516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) J:\WINDOWS\system32\DRIVERS\cdrom.sys
18:42:12.0546 0516 Cdrom - ok
18:42:12.0796 0516 Changer - ok
18:42:13.0031 0516 CmdIde - ok
18:42:13.0265 0516 Cpqarray - ok
18:42:13.0484 0516 dac2w2k - ok
18:42:13.0703 0516 dac960nt - ok
18:42:14.0078 0516 DELL_A02 (f45086cd562b583dcbe4459d4dcf3a32) J:\WINDOWS\system32\DRIVERS\PRISMA02.sys
18:42:14.0078 0516 DELL_A02 - ok
18:42:14.0359 0516 Disk (044452051f3e02e7963599fc8f4f3e25) J:\WINDOWS\system32\DRIVERS\disk.sys
18:42:14.0359 0516 Disk - ok
18:42:14.0875 0516 dmboot (d992fe1274bde0f84ad826acae022a41) J:\WINDOWS\system32\drivers\dmboot.sys
18:42:14.0890 0516 dmboot - ok
18:42:15.0218 0516 dmio (7c824cf7bbde77d95c08005717a95f6f) J:\WINDOWS\system32\drivers\dmio.sys
18:42:15.0218 0516 dmio - ok
18:42:15.0468 0516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) J:\WINDOWS\system32\drivers\dmload.sys
18:42:15.0468 0516 dmload - ok
18:42:15.0765 0516 DMusic (8a208dfcf89792a484e76c40e5f50b45) J:\WINDOWS\system32\drivers\DMusic.sys
18:42:15.0765 0516 DMusic - ok
18:42:16.0031 0516 dpti2o - ok
18:42:16.0343 0516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) J:\WINDOWS\system32\drivers\drmkaud.sys
18:42:16.0343 0516 drmkaud - ok
18:42:16.0656 0516 E100B (98b46b331404a951cabad8b4877e1276) J:\WINDOWS\system32\DRIVERS\e100b325.sys
18:42:16.0656 0516 E100B - ok
18:42:16.0984 0516 Fastfat (38d332a6d56af32635675f132548343e) J:\WINDOWS\system32\drivers\Fastfat.sys
18:42:16.0984 0516 Fastfat - ok
18:42:17.0250 0516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) J:\WINDOWS\system32\DRIVERS\fdc.sys
18:42:17.0250 0516 Fdc - ok
18:42:17.0562 0516 Fips (d45926117eb9fa946a6af572fbe1caa3) J:\WINDOWS\system32\drivers\Fips.sys
18:42:17.0562 0516 Fips - ok
18:42:17.0812 0516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) J:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:42:17.0812 0516 Flpydisk - ok
18:42:18.0109 0516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) J:\WINDOWS\system32\drivers\fltmgr.sys
18:42:18.0109 0516 FltMgr - ok
18:42:18.0359 0516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) J:\WINDOWS\system32\drivers\Fs_Rec.sys
18:42:18.0375 0516 Fs_Rec - ok
18:42:18.0656 0516 Ftdisk (6ac26732762483366c3969c9e4d2259d) J:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:42:18.0671 0516 Ftdisk - ok
18:42:18.0937 0516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) J:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:42:18.0937 0516 GEARAspiWDM - ok
18:42:19.0234 0516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) J:\WINDOWS\system32\DRIVERS\msgpc.sys
18:42:19.0234 0516 Gpc - ok
18:42:19.0500 0516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) J:\WINDOWS\system32\DRIVERS\hidusb.sys
18:42:19.0515 0516 HidUsb - ok
18:42:19.0750 0516 hitmanpro35 (411bce825fca2b296ff89b833de11321) J:\WINDOWS\system32\drivers\hitmanpro36.sys
18:42:19.0750 0516 hitmanpro35 - ok
18:42:20.0000 0516 hpn - ok
18:42:20.0296 0516 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) J:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:42:20.0296 0516 HPZid412 - ok
18:42:20.0593 0516 HPZipr12 (89f41658929393487b6b7d13c8528ce3) J:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:42:20.0593 0516 HPZipr12 - ok
18:42:20.0859 0516 HPZius12 (abcb05ccdbf03000354b9553820e39f8) J:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:42:20.0859 0516 HPZius12 - ok
18:42:21.0218 0516 HTTP (f80a415ef82cd06ffaf0d971528ead38) J:\WINDOWS\system32\Drivers\HTTP.sys
18:42:21.0234 0516 HTTP - ok
18:42:21.0500 0516 i2omgmt - ok
18:42:21.0765 0516 i2omp - ok
18:42:22.0062 0516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) J:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:42:22.0062 0516 i8042prt - ok
18:42:22.0359 0516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) J:\WINDOWS\system32\DRIVERS\imapi.sys
18:42:22.0359 0516 Imapi - ok
18:42:22.0593 0516 ini910u - ok
18:42:22.0843 0516 IntelIde (b5466a9250342a7aa0cd1fba13420678) J:\WINDOWS\system32\DRIVERS\intelide.sys
18:42:22.0843 0516 IntelIde - ok
18:42:23.0062 0516 intelppm (8c953733d8f36eb2133f5bb58808b66b) J:\WINDOWS\system32\DRIVERS\intelppm.sys
18:42:23.0078 0516 intelppm - ok
18:42:23.0359 0516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) J:\WINDOWS\system32\drivers\ip6fw.sys
18:42:23.0359 0516 Ip6Fw - ok
18:42:23.0640 0516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:42:23.0640 0516 IpFilterDriver - ok
18:42:23.0937 0516 IpInIp (b87ab476dcf76e72010632b5550955f5) J:\WINDOWS\system32\DRIVERS\ipinip.sys
18:42:23.0937 0516 IpInIp - ok
18:42:24.0250 0516 IpNat (cc748ea12c6effde940ee98098bf96bb) J:\WINDOWS\system32\DRIVERS\ipnat.sys
18:42:24.0250 0516 IpNat - ok
18:42:24.0562 0516 IPSec (23c74d75e36e7158768dd63d92789a91) J:\WINDOWS\system32\DRIVERS\ipsec.sys
18:42:24.0562 0516 IPSec - ok
18:42:24.0812 0516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) J:\WINDOWS\system32\DRIVERS\irenum.sys
18:42:24.0812 0516 IRENUM - ok
18:42:25.0109 0516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) J:\WINDOWS\system32\DRIVERS\isapnp.sys
18:42:25.0109 0516 isapnp - ok
18:42:25.0390 0516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) J:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:42:25.0390 0516 Kbdclass - ok
18:42:25.0671 0516 kbdhid (9ef487a186dea361aa06913a75b3fa99) J:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:42:25.0671 0516 kbdhid - ok
18:42:25.0984 0516 kmixer (692bcf44383d056aed41b045a323d378) J:\WINDOWS\system32\drivers\kmixer.sys
18:42:26.0000 0516 kmixer - ok
18:42:26.0312 0516 KSecDD (b467646c54cc746128904e1654c750c1) J:\WINDOWS\system32\drivers\KSecDD.sys
18:42:26.0312 0516 KSecDD - ok
18:42:26.0562 0516 lbrtfdc - ok
18:42:26.0859 0516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) J:\WINDOWS\system32\drivers\mnmdd.sys
18:42:26.0859 0516 mnmdd - ok
18:42:27.0156 0516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) J:\WINDOWS\system32\drivers\Modem.sys
18:42:27.0156 0516 Modem - ok
18:42:27.0421 0516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) J:\WINDOWS\system32\DRIVERS\mouclass.sys
18:42:27.0421 0516 Mouclass - ok
18:42:27.0703 0516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) J:\WINDOWS\system32\DRIVERS\mouhid.sys
18:42:27.0703 0516 mouhid - ok
18:42:28.0015 0516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) J:\WINDOWS\system32\drivers\MountMgr.sys
18:42:28.0015 0516 MountMgr - ok
18:42:28.0343 0516 MpFilter (fee0baded54222e9f1dae9541212aab1) J:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:42:28.0343 0516 MpFilter - ok
18:42:28.0578 0516 mraid35x - ok
18:42:28.0656 0516 MREMP50 - ok
18:42:28.0687 0516 MREMPR5 - ok
18:42:28.0718 0516 MRENDIS5 - ok
18:42:28.0734 0516 MRESP50 - ok
18:42:29.0031 0516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) J:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:42:29.0031 0516 MRxDAV - ok
18:42:29.0421 0516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:42:29.0421 0516 MRxSmb - ok
18:42:29.0765 0516 Msfs (c941ea2454ba8350021d774daf0f1027) J:\WINDOWS\system32\drivers\Msfs.sys
18:42:29.0765 0516 Msfs - ok
18:42:30.0031 0516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) J:\WINDOWS\system32\drivers\MSKSSRV.sys
18:42:30.0031 0516 MSKSSRV - ok
18:42:30.0312 0516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) J:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:42:30.0312 0516 MSPCLOCK - ok
18:42:30.0656 0516 MSPQM (bad59648ba099da4a17680b39730cb3d) J:\WINDOWS\system32\drivers\MSPQM.sys
18:42:30.0656 0516 MSPQM - ok
18:42:30.0937 0516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) J:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:42:30.0953 0516 mssmbios - ok
18:42:31.0187 0516 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) J:\WINDOWS\system32\drivers\MSTEE.sys
18:42:31.0187 0516 MSTEE - ok
18:42:31.0500 0516 Mup (de6a75f5c270e756c5508d94b6cf68f5) J:\WINDOWS\system32\drivers\Mup.sys
18:42:31.0500 0516 Mup - ok
18:42:31.0812 0516 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) J:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:42:31.0812 0516 NABTSFEC - ok
18:42:32.0156 0516 NDIS (1df7f42665c94b825322fae71721130d) J:\WINDOWS\system32\drivers\NDIS.sys
18:42:32.0156 0516 NDIS - ok
18:42:32.0437 0516 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) J:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:42:32.0437 0516 NdisIP - ok
18:42:32.0687 0516 NdisTapi (0109c4f3850dfbab279542515386ae22) J:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:42:32.0687 0516 NdisTapi - ok
18:42:32.0937 0516 Ndisuio (f927a4434c5028758a842943ef1a3849) J:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:42:32.0937 0516 Ndisuio - ok
18:42:33.0203 0516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) J:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:42:33.0203 0516 NdisWan - ok
18:42:33.0484 0516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) J:\WINDOWS\system32\drivers\NDProxy.sys
18:42:33.0484 0516 NDProxy - ok
18:42:33.0765 0516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) J:\WINDOWS\system32\DRIVERS\netbios.sys
18:42:33.0765 0516 NetBIOS - ok
18:42:34.0093 0516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) J:\WINDOWS\system32\DRIVERS\netbt.sys
18:42:34.0093 0516 NetBT - ok
18:42:34.0421 0516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) J:\WINDOWS\system32\DRIVERS\nic1394.sys
18:42:34.0437 0516 NIC1394 - ok
18:42:34.0765 0516 Npfs (3182d64ae053d6fb034f44b6def8034a) J:\WINDOWS\system32\drivers\Npfs.sys
18:42:34.0765 0516 Npfs - ok
18:42:35.0218 0516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) J:\WINDOWS\system32\drivers\Ntfs.sys
18:42:35.0234 0516 Ntfs - ok
18:42:35.0515 0516 NuidFltr (cf7e041663119e09d2e118521ada9300) J:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:42:35.0515 0516 NuidFltr - ok
18:42:35.0765 0516 Null (73c1e1f395918bc2c6dd67af7591a3ad) J:\WINDOWS\system32\drivers\Null.sys
18:42:35.0765 0516 Null - ok
18:42:36.0015 0516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:42:36.0015 0516 NwlnkFlt - ok
18:42:36.0296 0516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:42:36.0296 0516 NwlnkFwd - ok
18:42:36.0593 0516 ohci1394 (ca33832df41afb202ee7aeb05145922f) J:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:42:36.0593 0516 ohci1394 - ok
18:42:36.0890 0516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) J:\WINDOWS\system32\DRIVERS\parport.sys
18:42:36.0890 0516 Parport - ok
18:42:37.0156 0516 PartMgr (beb3ba25197665d82ec7065b724171c6) J:\WINDOWS\system32\drivers\PartMgr.sys
18:42:37.0156 0516 PartMgr - ok
18:42:37.0437 0516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) J:\WINDOWS\system32\drivers\ParVdm.sys
18:42:37.0437 0516 ParVdm - ok
18:42:37.0703 0516 PCI (a219903ccf74233761d92bef471a07b1) J:\WINDOWS\system32\DRIVERS\pci.sys
18:42:37.0703 0516 PCI - ok
18:42:37.0953 0516 PCIDump - ok
18:42:38.0250 0516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) J:\WINDOWS\system32\drivers\PCIIde.sys
18:42:38.0250 0516 PCIIde - ok
18:42:38.0578 0516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) J:\WINDOWS\system32\drivers\Pcmcia.sys
18:42:38.0578 0516 Pcmcia - ok
18:42:38.0828 0516 PDCOMP - ok
18:42:39.0046 0516 PDFRAME - ok
18:42:39.0281 0516 PDRELI - ok
18:42:39.0515 0516 PDRFRAME - ok
18:42:39.0765 0516 perc2 - ok
18:42:40.0046 0516 perc2hib - ok
18:42:40.0375 0516 Point32 (e552d6598670b1e7655cb73d562e0cd9) J:\WINDOWS\system32\DRIVERS\point32.sys
18:42:40.0375 0516 Point32 - ok
18:42:40.0640 0516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) J:\WINDOWS\system32\DRIVERS\raspptp.sys
18:42:40.0656 0516 PptpMiniport - ok
18:42:40.0937 0516 PSched (09298ec810b07e5d582cb3a3f9255424) J:\WINDOWS\system32\DRIVERS\psched.sys
18:42:40.0937 0516 PSched - ok
18:42:41.0203 0516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) J:\WINDOWS\system32\DRIVERS\ptilink.sys
18:42:41.0203 0516 Ptilink - ok
18:42:41.0500 0516 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) J:\WINDOWS\system32\Drivers\PxHelp20.sys
18:42:41.0500 0516 PxHelp20 - ok
18:42:41.0765 0516 ql1080 - ok
18:42:42.0000 0516 Ql10wnt - ok
18:42:42.0250 0516 ql12160 - ok
18:42:42.0531 0516 ql1240 - ok
18:42:42.0765 0516 ql1280 - ok
18:42:43.0031 0516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) J:\WINDOWS\system32\DRIVERS\rasacd.sys
18:42:43.0031 0516 RasAcd - ok
18:42:43.0281 0516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:42:43.0281 0516 Rasl2tp - ok
18:42:43.0531 0516 RasPppoe (5bc962f2654137c9909c3d4603587dee) J:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:42:43.0531 0516 RasPppoe - ok
18:42:43.0796 0516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) J:\WINDOWS\system32\DRIVERS\raspti.sys
18:42:43.0796 0516 Raspti - ok
18:42:44.0140 0516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) J:\WINDOWS\system32\DRIVERS\rdbss.sys
18:42:44.0140 0516 Rdbss - ok
18:42:44.0390 0516 RDPCDD (4912d5b403614ce99c28420f75353332) J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:42:44.0390 0516 RDPCDD - ok
18:42:44.0703 0516 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) J:\WINDOWS\system32\drivers\RDPWD.sys
18:42:44.0703 0516 RDPWD - ok
18:42:44.0968 0516 redbook (f828dd7e1419b6653894a8f97a0094c5) J:\WINDOWS\system32\DRIVERS\redbook.sys
18:42:44.0968 0516 redbook - ok
18:42:45.0265 0516 SBRE (c1ae5d1f53285d79a0b73a62af20734f) J:\WINDOWS\system32\drivers\SBREdrv.sys
18:42:45.0265 0516 SBRE - ok
18:42:45.0562 0516 Secdrv (90a3935d05b494a5a39d37e71f09a677) J:\WINDOWS\system32\DRIVERS\secdrv.sys
18:42:45.0562 0516 Secdrv - ok
18:42:45.0859 0516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) J:\WINDOWS\system32\drivers\Serial.sys
18:42:45.0859 0516 Serial - ok
18:42:46.0156 0516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) J:\WINDOWS\system32\drivers\Sfloppy.sys
18:42:46.0156 0516 Sfloppy - ok
18:42:46.0406 0516 Simbad - ok
18:42:46.0703 0516 SLIP (866d538ebe33709a5c9f5c62b73b7d14) J:\WINDOWS\system32\DRIVERS\SLIP.sys
18:42:46.0703 0516 SLIP - ok
18:42:47.0218 0516 smrt (40a7793800b4efd1e391fd02a3fc3354) J:\WINDOWS\system32\DRIVERS\smrt.sys
18:42:47.0218 0516 smrt - ok
18:42:47.0656 0516 smwdm (13739b36bd8d94d0fed7662aa7a4235d) J:\WINDOWS\system32\drivers\smwdm.sys
18:42:47.0656 0516 smwdm - ok
18:42:47.0906 0516 Sparrow - ok
18:42:48.0187 0516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) J:\WINDOWS\system32\drivers\splitter.sys
18:42:48.0187 0516 splitter - ok
18:42:48.0500 0516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) J:\WINDOWS\system32\DRIVERS\sr.sys
18:42:48.0500 0516 sr - ok
18:42:48.0890 0516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) J:\WINDOWS\system32\DRIVERS\srv.sys
18:42:48.0890 0516 Srv - ok
18:42:49.0171 0516 SSKBFD (8564bc9598be1705477b7fa61d657c2b) J:\WINDOWS\system32\Drivers\sskbfd.sys
18:42:49.0171 0516 SSKBFD - ok
18:42:49.0468 0516 streamip (77813007ba6265c4b6098187e6ed79d2) J:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:42:49.0468 0516 streamip - ok
18:42:49.0765 0516 swenum (3941d127aef12e93addf6fe6ee027e0f) J:\WINDOWS\system32\DRIVERS\swenum.sys
18:42:49.0765 0516 swenum - ok
18:42:50.0093 0516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) J:\WINDOWS\system32\drivers\swmidi.sys
18:42:50.0093 0516 swmidi - ok
18:42:50.0328 0516 symc810 - ok
18:42:50.0546 0516 symc8xx - ok
18:42:50.0750 0516 sym_hi - ok
18:42:50.0968 0516 sym_u3 - ok
18:42:51.0250 0516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) J:\WINDOWS\system32\drivers\sysaudio.sys
18:42:51.0265 0516 sysaudio - ok
18:42:51.0671 0516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) J:\WINDOWS\system32\DRIVERS\tcpip.sys
18:42:51.0687 0516 Tcpip - ok
18:42:51.0953 0516 TDPIPE (6471a66807f5e104e4885f5b67349397) J:\WINDOWS\system32\drivers\TDPIPE.sys
18:42:51.0953 0516 TDPIPE - ok
18:42:52.0203 0516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) J:\WINDOWS\system32\drivers\TDTCP.sys
18:42:52.0203 0516 TDTCP - ok
18:42:52.0468 0516 TermDD (88155247177638048422893737429d9e) J:\WINDOWS\system32\DRIVERS\termdd.sys
18:42:52.0468 0516 TermDD - ok
18:42:52.0718 0516 TosIde - ok
18:42:52.0984 0516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) J:\WINDOWS\system32\drivers\Udfs.sys
18:42:52.0984 0516 Udfs - ok
18:42:53.0203 0516 ultra - ok
18:42:53.0593 0516 Update (402ddc88356b1bac0ee3dd1580c76a31) J:\WINDOWS\system32\DRIVERS\update.sys
18:42:53.0593 0516 Update - ok
18:42:53.0875 0516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) J:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:42:53.0875 0516 usbccgp - ok
18:42:54.0125 0516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) J:\WINDOWS\system32\DRIVERS\usbehci.sys
18:42:54.0125 0516 usbehci - ok
18:42:54.0390 0516 usbhub (1ab3cdde553b6e064d2e754efe20285c) J:\WINDOWS\system32\DRIVERS\usbhub.sys
18:42:54.0390 0516 usbhub - ok
18:42:54.0640 0516 usbprint (a717c8721046828520c9edf31288fc00) J:\WINDOWS\system32\DRIVERS\usbprint.sys
18:42:54.0640 0516 usbprint - ok
18:42:54.0859 0516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) J:\WINDOWS\system32\DRIVERS\usbscan.sys
18:42:54.0875 0516 usbscan - ok
18:42:55.0125 0516 usbstor (a32426d9b14a089eaa1d922e0c5801a9) J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:42:55.0125 0516 usbstor - ok
18:42:55.0375 0516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) J:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:42:55.0375 0516 usbuhci - ok
18:42:55.0609 0516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) J:\WINDOWS\System32\drivers\vga.sys
18:42:55.0609 0516 VgaSave - ok
18:42:55.0828 0516 ViaIde - ok
18:42:56.0093 0516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) J:\WINDOWS\system32\drivers\VolSnap.sys
18:42:56.0093 0516 VolSnap - ok
18:42:56.0375 0516 Wanarp (e20b95baedb550f32dd489265c1da1f6) J:\WINDOWS\system32\DRIVERS\wanarp.sys
18:42:56.0375 0516 Wanarp - ok
18:42:56.0796 0516 Wdf01000 (fd47474bd21794508af449d9d91af6e6) J:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:42:56.0812 0516 Wdf01000 - ok
18:42:57.0046 0516 WDICA - ok
18:42:57.0343 0516 wdmaud (6768acf64b18196494413695f0c3a00f) J:\WINDOWS\system32\drivers\wdmaud.sys
18:42:57.0343 0516 wdmaud - ok
18:42:57.0625 0516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) J:\WINDOWS\System32\drivers\ws2ifsl.sys
18:42:57.0640 0516 WS2IFSL - ok
18:42:57.0906 0516 WSTCODEC (c98b39829c2bbd34e454150633c62c78) J:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:42:57.0906 0516 WSTCODEC - ok
18:42:58.0203 0516 WudfPf (f15feafffbb3644ccc80c5da584e6311) J:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:42:58.0203 0516 WudfPf - ok
18:42:58.0484 0516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) J:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:42:58.0500 0516 WudfRd - ok
18:42:58.0546 0516 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
18:42:58.0718 0516 \Device\Harddisk0\DR0 - ok
18:42:58.0734 0516 MBR (0x1B8) (97ddc3a5a25e63367e2c45cb1d03d73c) \Device\Harddisk1\DR1
18:42:58.0906 0516 \Device\Harddisk1\DR1 - ok
18:42:58.0906 0516 Boot (0x1200) (101d4f53df0fdc550665beda87825d94) \Device\Harddisk0\DR0\Partition0
18:42:58.0906 0516 \Device\Harddisk0\DR0\Partition0 - ok
18:42:58.0906 0516 Boot (0x1200) (54da14b67b8fbb51bad0172eaba43032) \Device\Harddisk1\DR1\Partition0
18:42:58.0921 0516 \Device\Harddisk1\DR1\Partition0 - ok
18:42:58.0921 0516 ============================================================
18:42:58.0921 0516 Scan finished
18:42:58.0921 0516 ============================================================
18:42:58.0937 3356 Detected object count: 0
18:42:58.0937 3356 Actual detected object count: 0
19:09:16.0218 3172 ============================================================
19:09:16.0218 3172 Scan started
19:09:16.0218 3172 Mode: Manual; SigCheck; TDLFS;
19:09:16.0218 3172 ============================================================
19:09:16.0875 3172 Abiosdsk - ok
19:09:17.0093 3172 abp480n5 - ok
19:09:17.0468 3172 ACPI (8fd99680a539792a30e97944fdaecf17) J:\WINDOWS\system32\DRIVERS\ACPI.sys
19:09:17.0843 3172 ACPI - ok
19:09:18.0125 3172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) J:\WINDOWS\system32\drivers\ACPIEC.sys
19:09:18.0281 3172 ACPIEC - ok
19:09:18.0515 3172 adpu160m - ok
19:09:18.0781 3172 aeaudio (11c04b17ed2abbb4833694bcd644ac90) J:\WINDOWS\system32\drivers\aeaudio.sys
19:09:18.0828 3172 aeaudio - ok
19:09:19.0125 3172 aec (8bed39e3c35d6a489438b8141717a557) J:\WINDOWS\system32\drivers\aec.sys
19:09:19.0281 3172 aec - ok
19:09:19.0578 3172 AegisP (2f7f3e8da380325866e566f5d5ec23d5) J:\WINDOWS\system32\DRIVERS\AegisP.sys
19:09:19.0609 3172 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:09:19.0609 3172 AegisP - detected UnsignedFile.Multi.Generic (1)
19:09:19.0906 3172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) J:\WINDOWS\System32\drivers\afd.sys
19:09:19.0968 3172 AFD - ok
19:09:20.0265 3172 AFS2K (0ebb674888cbdefd5773341c16dd6a07) J:\WINDOWS\system32\drivers\AFS2K.sys
19:09:20.0296 3172 AFS2K - ok
19:09:20.0578 3172 agp440 (08fd04aa961bdc77fb983f328334e3d7) J:\WINDOWS\system32\DRIVERS\agp440.sys
19:09:20.0718 3172 agp440 - ok
19:09:20.0953 3172 Aha154x - ok
19:09:21.0187 3172 aic78u2 - ok
19:09:21.0453 3172 aic78xx - ok
19:09:21.0703 3172 AliIde - ok
19:09:21.0937 3172 amsint - ok
19:09:22.0265 3172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) J:\WINDOWS\system32\DRIVERS\arp1394.sys
19:09:22.0421 3172 Arp1394 - ok
19:09:22.0656 3172 asc - ok
19:09:22.0906 3172 asc3350p - ok
19:09:23.0140 3172 asc3550 - ok
19:09:23.0453 3172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) J:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:09:23.0609 3172 AsyncMac - ok
19:09:23.0921 3172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) J:\WINDOWS\system32\DRIVERS\atapi.sys
19:09:24.0062 3172 atapi - ok
19:09:24.0343 3172 Atdisk - ok
19:09:24.0812 3172 ati2mtag (f72b6633a6f796cfe04cae038cb77418) J:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:09:25.0031 3172 ati2mtag - ok
19:09:25.0343 3172 Atmarpc (9916c1225104ba14794209cfa8012159) J:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:09:25.0484 3172 Atmarpc - ok
19:09:25.0750 3172 audstub (d9f724aa26c010a217c97606b160ed68) J:\WINDOWS\system32\DRIVERS\audstub.sys
19:09:25.0906 3172 audstub - ok
19:09:26.0187 3172 Beep (da1f27d85e0d1525f6621372e7b685e9) J:\WINDOWS\system32\drivers\Beep.sys
19:09:26.0390 3172 Beep - ok
19:09:26.0625 3172 BlackBox - ok
19:09:26.0718 3172 catchme - ok
19:09:26.0968 3172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) J:\WINDOWS\system32\drivers\cbidf2k.sys
19:09:27.0140 3172 cbidf2k - ok
19:09:27.0406 3172 CCDECODE (0be5aef125be881c4f854c554f2b025c) J:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:09:27.0562 3172 CCDECODE - ok
19:09:27.0812 3172 cd20xrnt - ok
19:09:28.0062 3172 Cdaudio (c1b486a7658353d33a10cc15211a873b) J:\WINDOWS\system32\drivers\Cdaudio.sys
19:09:28.0234 3172 Cdaudio - ok
19:09:28.0515 3172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) J:\WINDOWS\system32\drivers\Cdfs.sys
19:09:28.0656 3172 Cdfs - ok
19:09:28.0984 3172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) J:\WINDOWS\system32\DRIVERS\cdrom.sys
19:09:29.0140 3172 Cdrom - ok
19:09:29.0390 3172 Changer - ok
19:09:29.0609 3172 CmdIde - ok
19:09:29.0843 3172 Cpqarray - ok
19:09:30.0046 3172 dac2w2k - ok
19:09:30.0265 3172 dac960nt - ok
19:09:30.0640 3172 DELL_A02 (f45086cd562b583dcbe4459d4dcf3a32) J:\WINDOWS\system32\DRIVERS\PRISMA02.sys
19:09:30.0750 3172 DELL_A02 - ok
19:09:31.0031 3172 Disk (044452051f3e02e7963599fc8f4f3e25) J:\WINDOWS\system32\DRIVERS\disk.sys
19:09:31.0171 3172 Disk - ok
19:09:31.0718 3172 dmboot (d992fe1274bde0f84ad826acae022a41) J:\WINDOWS\system32\drivers\dmboot.sys
19:09:32.0031 3172 dmboot - ok
19:09:32.0343 3172 dmio (7c824cf7bbde77d95c08005717a95f6f) J:\WINDOWS\system32\drivers\dmio.sys
19:09:32.0531 3172 dmio - ok
19:09:32.0812 3172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) J:\WINDOWS\system32\drivers\dmload.sys
19:09:32.0968 3172 dmload - ok
19:09:33.0250 3172 DMusic (8a208dfcf89792a484e76c40e5f50b45) J:\WINDOWS\system32\drivers\DMusic.sys
19:09:33.0390 3172 DMusic - ok
19:09:33.0656 3172 dpti2o - ok
19:09:33.0921 3172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) J:\WINDOWS\system32\drivers\drmkaud.sys
19:09:34.0046 3172 drmkaud - ok
19:09:34.0375 3172 E100B (98b46b331404a951cabad8b4877e1276) J:\WINDOWS\system32\DRIVERS\e100b325.sys
19:09:34.0421 3172 E100B - ok
19:09:34.0765 3172 Fastfat (38d332a6d56af32635675f132548343e) J:\WINDOWS\system32\drivers\Fastfat.sys
19:09:34.0937 3172 Fastfat - ok
19:09:35.0265 3172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) J:\WINDOWS\system32\DRIVERS\fdc.sys
19:09:35.0406 3172 Fdc - ok
19:09:35.0734 3172 Fips (d45926117eb9fa946a6af572fbe1caa3) J:\WINDOWS\system32\drivers\Fips.sys
19:09:35.0890 3172 Fips - ok
19:09:36.0140 3172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) J:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:09:36.0281 3172 Flpydisk - ok
19:09:36.0671 3172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) J:\WINDOWS\system32\drivers\fltmgr.sys
19:09:36.0828 3172 FltMgr - ok
19:09:37.0109 3172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) J:\WINDOWS\system32\drivers\Fs_Rec.sys
19:09:37.0265 3172 Fs_Rec - ok
19:09:37.0609 3172 Ftdisk (6ac26732762483366c3969c9e4d2259d) J:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:09:37.0781 3172 Ftdisk - ok
19:09:38.0156 3172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) J:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:09:38.0171 3172 GEARAspiWDM - ok
19:09:38.0484 3172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) J:\WINDOWS\system32\DRIVERS\msgpc.sys
19:09:38.0625 3172 Gpc - ok
19:09:39.0015 3172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) J:\WINDOWS\system32\DRIVERS\hidusb.sys
19:09:39.0156 3172 HidUsb - ok
19:09:39.0421 3172 hitmanpro35 (411bce825fca2b296ff89b833de11321) J:\WINDOWS\system32\drivers\hitmanpro36.sys
19:09:39.0734 3172 hitmanpro35 - ok
19:09:40.0000 3172 hpn - ok
19:09:40.0281 3172 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) J:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:09:40.0484 3172 HPZid412 - ok
19:09:40.0750 3172 HPZipr12 (89f41658929393487b6b7d13c8528ce3) J:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:09:40.0796 3172 HPZipr12 - ok
19:09:41.0046 3172 HPZius12 (abcb05ccdbf03000354b9553820e39f8) J:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:09:41.0078 3172 HPZius12 - ok
19:09:41.0453 3172 HTTP (f80a415ef82cd06ffaf0d971528ead38) J:\WINDOWS\system32\Drivers\HTTP.sys
19:09:41.0500 3172 HTTP - ok
19:09:41.0781 3172 i2omgmt - ok
19:09:42.0031 3172 i2omp - ok
19:09:42.0312 3172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) J:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:09:42.0468 3172 i8042prt - ok
19:09:42.0781 3172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) J:\WINDOWS\system32\DRIVERS\imapi.sys
19:09:42.0953 3172 Imapi - ok
19:09:43.0187 3172 ini910u - ok
19:09:43.0453 3172 IntelIde (b5466a9250342a7aa0cd1fba13420678) J:\WINDOWS\system32\DRIVERS\intelide.sys
19:09:43.0593 3172 IntelIde - ok
19:09:43.0890 3172 intelppm (8c953733d8f36eb2133f5bb58808b66b) J:\WINDOWS\system32\DRIVERS\intelppm.sys
19:09:44.0015 3172 intelppm - ok
19:09:44.0281 3172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) J:\WINDOWS\system32\drivers\ip6fw.sys
19:09:44.0437 3172 Ip6Fw - ok
19:09:44.0734 3172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:09:44.0875 3172 IpFilterDriver - ok
19:09:45.0156 3172 IpInIp (b87ab476dcf76e72010632b5550955f5) J:\WINDOWS\system32\DRIVERS\ipinip.sys
19:09:45.0281 3172 IpInIp - ok
19:09:45.0609 3172 IpNat (cc748ea12c6effde940ee98098bf96bb) J:\WINDOWS\system32\DRIVERS\ipnat.sys
19:09:45.0781 3172 IpNat - ok
19:09:46.0062 3172 IPSec (23c74d75e36e7158768dd63d92789a91) J:\WINDOWS\system32\DRIVERS\ipsec.sys
19:09:46.0203 3172 IPSec - ok
19:09:46.0468 3172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) J:\WINDOWS\system32\DRIVERS\irenum.sys
19:09:46.0640 3172 IRENUM - ok
19:09:46.0937 3172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) J:\WINDOWS\system32\DRIVERS\isapnp.sys
19:09:47.0078 3172 isapnp - ok
19:09:47.0375 3172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) J:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:09:47.0515 3172 Kbdclass - ok
19:09:47.0812 3172 kbdhid (9ef487a186dea361aa06913a75b3fa99) J:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:09:47.0937 3172 kbdhid - ok
19:09:48.0250 3172 kmixer (692bcf44383d056aed41b045a323d378) J:\WINDOWS\system32\drivers\kmixer.sys
19:09:48.0406 3172 kmixer - ok
19:09:48.0734 3172 KSecDD (b467646c54cc746128904e1654c750c1) J:\WINDOWS\system32\drivers\KSecDD.sys
19:09:48.0796 3172 KSecDD - ok
19:09:49.0046 3172 lbrtfdc - ok
19:09:49.0343 3172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) J:\WINDOWS\system32\drivers\mnmdd.sys
19:09:49.0484 3172 mnmdd - ok
19:09:49.0812 3172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) J:\WINDOWS\system32\drivers\Modem.sys
19:09:49.0953 3172 Modem - ok
19:09:50.0234 3172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) J:\WINDOWS\system32\DRIVERS\mouclass.sys
19:09:50.0359 3172 Mouclass - ok
19:09:50.0625 3172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) J:\WINDOWS\system32\DRIVERS\mouhid.sys
19:09:50.0781 3172 mouhid - ok
19:09:51.0093 3172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) J:\WINDOWS\system32\drivers\MountMgr.sys
19:09:51.0218 3172 MountMgr - ok
19:09:51.0562 3172 MpFilter (fee0baded54222e9f1dae9541212aab1) J:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:09:51.0578 3172 MpFilter - ok
19:09:51.0859 3172 mraid35x - ok
19:09:51.0921 3172 MREMP50 - ok
19:09:51.0968 3172 MREMPR5 - ok
19:09:52.0000 3172 MRENDIS5 - ok
19:09:52.0046 3172 MRESP50 - ok
19:09:52.0375 3172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) J:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:09:52.0531 3172 MRxDAV - ok
19:09:52.0921 3172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:09:53.0078 3172 MRxSmb - ok
19:09:53.0406 3172 Msfs (c941ea2454ba8350021d774daf0f1027) J:\WINDOWS\system32\drivers\Msfs.sys
19:09:53.0671 3172 Msfs - ok
19:09:53.0953 3172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) J:\WINDOWS\system32\drivers\MSKSSRV.sys
19:09:54.0078 3172 MSKSSRV - ok
19:09:54.0375 3172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) J:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:09:54.0515 3172 MSPCLOCK - ok
19:09:54.0796 3172 MSPQM (bad59648ba099da4a17680b39730cb3d) J:\WINDOWS\system32\drivers\MSPQM.sys
19:09:54.0937 3172 MSPQM - ok
19:09:55.0203 3172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) J:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:09:55.0343 3172 mssmbios - ok
19:09:55.0640 3172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) J:\WINDOWS\system32\drivers\MSTEE.sys
19:09:55.0781 3172 MSTEE - ok
19:09:56.0093 3172 Mup (de6a75f5c270e756c5508d94b6cf68f5) J:\WINDOWS\system32\drivers\Mup.sys
19:09:56.0156 3172 Mup - ok
19:09:56.0437 3172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) J:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:09:56.0609 3172 NABTSFEC - ok
19:09:56.0968 3172 NDIS (1df7f42665c94b825322fae71721130d) J:\WINDOWS\system32\drivers\NDIS.sys
19:09:57.0125 3172 NDIS - ok
19:09:57.0390 3172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) J:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:09:57.0546 3172 NdisIP - ok
19:09:57.0828 3172 NdisTapi (0109c4f3850dfbab279542515386ae22) J:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:09:57.0859 3172 NdisTapi - ok
19:09:58.0140 3172 Ndisuio (f927a4434c5028758a842943ef1a3849) J:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:09:58.0265 3172 Ndisuio - ok
19:09:58.0562 3172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) J:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:09:58.0703 3172 NdisWan - ok
19:09:59.0000 3172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) J:\WINDOWS\system32\drivers\NDProxy.sys
19:09:59.0046 3172 NDProxy - ok
19:09:59.0328 3172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) J:\WINDOWS\system32\DRIVERS\netbios.sys
19:09:59.0468 3172 NetBIOS - ok
19:09:59.0812 3172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) J:\WINDOWS\system32\DRIVERS\netbt.sys
19:09:59.0953 3172 NetBT - ok
19:10:00.0296 3172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) J:\WINDOWS\system32\DRIVERS\nic1394.sys
19:10:00.0562 3172 NIC1394 - ok
19:10:01.0250 3172 Npfs (3182d64ae053d6fb034f44b6def8034a) J:\WINDOWS\system32\drivers\Npfs.sys
19:10:01.0406 3172 Npfs - ok
19:10:01.0890 3172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) J:\WINDOWS\system32\drivers\Ntfs.sys
19:10:02.0125 3172 Ntfs - ok
19:10:02.0390 3172 NuidFltr (cf7e041663119e09d2e118521ada9300) J:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:10:02.0390 3172 NuidFltr - ok
19:10:02.0703 3172 Null (73c1e1f395918bc2c6dd67af7591a3ad) J:\WINDOWS\system32\drivers\Null.sys
19:10:02.0875 3172 Null - ok
19:10:03.0140 3172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:10:03.0296 3172 NwlnkFlt - ok
19:10:03.0578 3172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:10:03.0750 3172 NwlnkFwd - ok
19:10:04.0031 3172 ohci1394 (ca33832df41afb202ee7aeb05145922f) J:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:10:04.0171 3172 ohci1394 - ok
19:10:04.0437 3172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) J:\WINDOWS\system32\DRIVERS\parport.sys
19:10:04.0609 3172 Parport - ok
19:10:04.0890 3172 PartMgr (beb3ba25197665d82ec7065b724171c6) J:\WINDOWS\system32\drivers\PartMgr.sys
19:10:05.0031 3172 PartMgr - ok
19:10:05.0312 3172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) J:\WINDOWS\system32\drivers\ParVdm.sys
19:10:05.0484 3172 ParVdm - ok
19:10:05.0765 3172 PCI (a219903ccf74233761d92bef471a07b1) J:\WINDOWS\system32\DRIVERS\pci.sys
19:10:05.0906 3172 PCI - ok
19:10:06.0125 3172 PCIDump - ok
19:10:06.0406 3172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) J:\WINDOWS\system32\drivers\PCIIde.sys
19:10:06.0875 3172 PCIIde - ok
19:10:07.0250 3172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) J:\WINDOWS\system32\drivers\Pcmcia.sys
19:10:07.0406 3172 Pcmcia - ok
19:10:07.0843 3172 PDCOMP - ok
19:10:08.0062 3172 PDFRAME - ok
19:10:08.0343 3172 PDRELI - ok
19:10:08.0562 3172 PDRFRAME - ok
19:10:08.0828 3172 perc2 - ok
19:10:09.0093 3172 perc2hib - ok
19:10:09.0375 3172 Point32 (e552d6598670b1e7655cb73d562e0cd9) J:\WINDOWS\system32\DRIVERS\point32.sys
19:10:09.0390 3172 Point32 - ok
19:10:09.0687 3172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) J:\WINDOWS\system32\DRIVERS\raspptp.sys
19:10:09.0828 3172 PptpMiniport - ok
19:10:10.0125 3172 PSched (09298ec810b07e5d582cb3a3f9255424) J:\WINDOWS\system32\DRIVERS\psched.sys
19:10:10.0250 3172 PSched - ok
19:10:10.0546 3172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) J:\WINDOWS\system32\DRIVERS\ptilink.sys
19:10:10.0703 3172 Ptilink - ok
19:10:10.0968 3172 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) J:\WINDOWS\system32\Drivers\PxHelp20.sys
19:10:10.0984 3172 PxHelp20 - ok
19:10:11.0218 3172 ql1080 - ok
19:10:11.0437 3172 Ql10wnt - ok
19:10:11.0687 3172 ql12160 - ok
19:10:11.0906 3172 ql1240 - ok
19:10:12.0171 3172 ql1280 - ok
19:10:12.0421 3172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) J:\WINDOWS\system32\DRIVERS\rasacd.sys
19:10:12.0593 3172 RasAcd - ok
19:10:12.0890 3172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:10:13.0031 3172 Rasl2tp - ok
19:10:13.0312 3172 RasPppoe (5bc962f2654137c9909c3d4603587dee) J:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:10:13.0453 3172 RasPppoe - ok
19:10:13.0750 3172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) J:\WINDOWS\system32\DRIVERS\raspti.sys
19:10:13.0906 3172 Raspti - ok
19:10:14.0250 3172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) J:\WINDOWS\system32\DRIVERS\rdbss.sys
19:10:14.0390 3172 Rdbss - ok
19:10:14.0687 3172 RDPCDD (4912d5b403614ce99c28420f75353332) J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:10:14.0859 3172 RDPCDD - ok
19:10:15.0171 3172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) J:\WINDOWS\system32\drivers\RDPWD.sys
19:10:15.0218 3172 RDPWD - ok
19:10:15.0484 3172 redbook (f828dd7e1419b6653894a8f97a0094c5) J:\WINDOWS\system32\DRIVERS\redbook.sys
19:10:15.0640 3172 redbook - ok
19:10:16.0000 3172 SBRE (c1ae5d1f53285d79a0b73a62af20734f) J:\WINDOWS\system32\drivers\SBREdrv.sys
19:10:16.0000 3172 SBRE - ok
19:10:16.0281 3172 Secdrv (90a3935d05b494a5a39d37e71f09a677) J:\WINDOWS\system32\DRIVERS\secdrv.sys
19:10:16.0421 3172 Secdrv - ok
19:10:16.0750 3172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) J:\WINDOWS\system32\drivers\Serial.sys
19:10:16.0875 3172 Serial - ok
19:10:17.0203 3172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) J:\WINDOWS\system32\drivers\Sfloppy.sys
19:10:17.0343 3172 Sfloppy - ok
19:10:17.0609 3172 Simbad - ok
19:10:17.0921 3172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) J:\WINDOWS\system32\DRIVERS\SLIP.sys
19:10:18.0062 3172 SLIP - ok
19:10:18.0609 3172 smrt (40a7793800b4efd1e391fd02a3fc3354) J:\WINDOWS\system32\DRIVERS\smrt.sys
19:10:18.0843 3172 smrt - ok
19:10:19.0281 3172 smwdm (13739b36bd8d94d0fed7662aa7a4235d) J:\WINDOWS\system32\drivers\smwdm.sys
19:10:19.0468 3172 smwdm - ok
19:10:19.0796 3172 Sparrow - ok
19:10:20.0062 3172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) J:\WINDOWS\system32\drivers\splitter.sys
19:10:20.0203 3172 splitter - ok
19:10:20.0546 3172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) J:\WINDOWS\system32\DRIVERS\sr.sys
19:10:20.0687 3172 sr - ok
19:10:21.0093 3172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) J:\WINDOWS\system32\DRIVERS\srv.sys
19:10:21.0234 3172 Srv - ok
19:10:21.0484 3172 SSKBFD (8564bc9598be1705477b7fa61d657c2b) J:\WINDOWS\system32\Drivers\sskbfd.sys
19:10:21.0500 3172 SSKBFD - ok
19:10:21.0796 3172 streamip (77813007ba6265c4b6098187e6ed79d2) J:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:10:21.0968 3172 streamip - ok
19:10:22.0250 3172 swenum (3941d127aef12e93addf6fe6ee027e0f) J:\WINDOWS\system32\DRIVERS\swenum.sys
19:10:22.0375 3172 swenum - ok
19:10:22.0671 3172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) J:\WINDOWS\system32\drivers\swmidi.sys
19:10:22.0812 3172 swmidi - ok
19:10:23.0062 3172 symc810 - ok
19:10:23.0328 3172 symc8xx - ok
19:10:23.0578 3172 sym_hi - ok
19:10:23.0812 3172 sym_u3 - ok
19:10:24.0109 3172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) J:\WINDOWS\system32\drivers\sysaudio.sys
19:10:24.0250 3172 sysaudio - ok
19:10:24.0656 3172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) J:\WINDOWS\system32\DRIVERS\tcpip.sys
19:10:24.0796 3172 Tcpip - ok
19:10:25.0109 3172 TDPIPE (6471a66807f5e104e4885f5b67349397) J:\WINDOWS\system32\drivers\TDPIPE.sys
19:10:25.0234 3172 TDPIPE - ok
19:10:25.0515 3172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) J:\WINDOWS\system32\drivers\TDTCP.sys
19:10:25.0656 3172 TDTCP - ok
19:10:25.0953 3172 TermDD (88155247177638048422893737429d9e) J:\WINDOWS\system32\DRIVERS\termdd.sys
19:10:26.0093 3172 TermDD - ok
19:10:26.0359 3172 TosIde - ok
19:10:26.0671 3172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) J:\WINDOWS\system32\drivers\Udfs.sys
19:10:26.0812 3172 Udfs - ok
19:10:27.0078 3172 ultra - ok
19:10:27.0500 3172 Update (402ddc88356b1bac0ee3dd1580c76a31) J:\WINDOWS\system32\DRIVERS\update.sys
19:10:27.0703 3172 Update - ok
19:10:28.0000 3172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) J:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:10:28.0140 3172 usbccgp - ok
19:10:28.0421 3172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) J:\WINDOWS\system32\DRIVERS\usbehci.sys
19:10:28.0562 3172 usbehci - ok
19:10:28.0828 3172 usbhub (1ab3cdde553b6e064d2e754efe20285c) J:\WINDOWS\system32\DRIVERS\usbhub.sys
19:10:28.0953 3172 usbhub - ok
19:10:29.0234 3172 usbprint (a717c8721046828520c9edf31288fc00) J:\WINDOWS\system32\DRIVERS\usbprint.sys
19:10:29.0375 3172 usbprint - ok
19:10:29.0640 3172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) J:\WINDOWS\system32\DRIVERS\usbscan.sys
19:10:29.0765 3172 usbscan - ok
19:10:30.0062 3172 usbstor (a32426d9b14a089eaa1d922e0c5801a9) J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:10:30.0203 3172 usbstor - ok
19:10:30.0468 3172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) J:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:10:30.0640 3172 usbuhci - ok
19:10:30.0890 3172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) J:\WINDOWS\System32\drivers\vga.sys
19:10:31.0031 3172 VgaSave - ok
19:10:31.0281 3172 ViaIde - ok
19:10:31.0593 3172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) J:\WINDOWS\system32\drivers\VolSnap.sys
19:10:31.0750 3172 VolSnap - ok
19:10:32.0031 3172 Wanarp (e20b95baedb550f32dd489265c1da1f6) J:\WINDOWS\system32\DRIVERS\wanarp.sys
19:10:32.0171 3172 Wanarp - ok
19:10:32.0687 3172 Wdf01000 (fd47474bd21794508af449d9d91af6e6) J:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:10:32.0781 3172 Wdf01000 - ok
19:10:33.0015 3172 WDICA - ok
19:10:33.0312 3172 wdmaud (6768acf64b18196494413695f0c3a00f) J:\WINDOWS\system32\drivers\wdmaud.sys
19:10:33.0453 3172 wdmaud - ok
19:10:33.0796 3172 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) J:\WINDOWS\System32\drivers\ws2ifsl.sys
19:10:33.0968 3172 WS2IFSL - ok
19:10:34.0250 3172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) J:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:10:34.0390 3172 WSTCODEC - ok
19:10:34.0687 3172 WudfPf (f15feafffbb3644ccc80c5da584e6311) J:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:10:34.0734 3172 WudfPf - ok
19:10:35.0062 3172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) J:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:10:35.0078 3172 WudfRd - ok
19:10:35.0140 3172 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
19:10:35.0296 3172 \Device\Harddisk0\DR0 - ok
19:10:35.0328 3172 MBR (0x1B8) (97ddc3a5a25e63367e2c45cb1d03d73c) \Device\Harddisk1\DR1
19:10:35.0484 3172 \Device\Harddisk1\DR1 - ok
19:10:35.0484 3172 Boot (0x1200) (101d4f53df0fdc550665beda87825d94) \Device\Harddisk0\DR0\Partition0
19:10:35.0484 3172 \Device\Harddisk0\DR0\Partition0 - ok
19:10:35.0484 3172 Boot (0x1200) (54da14b67b8fbb51bad0172eaba43032) \Device\Harddisk1\DR1\Partition0
19:10:35.0500 3172 \Device\Harddisk1\DR1\Partition0 - ok
19:10:35.0500 3172 ============================================================
19:10:35.0500 3172 Scan finished
19:10:35.0500 3172 ============================================================
19:10:35.0609 1504 Detected object count: 1
19:10:35.0609 1504 Actual detected object count: 1
19:12:57.0875 1504 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:57.0875 1504 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:01.0968 3720 Deinitialize success


11:29:37.0077 3204 Detected object count: 2
11:29:37.0077 3204 Actual detected object count: 2
11:29:46.0202 3204 Backup copy found, using it..
11:29:46.0281 3204 J:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
11:29:46.0281 3204 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
11:29:46.0374 3204 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(J:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
11:29:47.0077 3204 Backup copy found, using it..
11:29:47.0109 3204 J:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
11:29:51.0062 3204 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
11:31:02.0937 3068 Deinitialize success



17:48:09.0859 1948 Detected object count: 1
17:48:09.0859 1948 Actual detected object count: 1
17:48:17.0937 1948 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(J:\WINDOWS\system32\drivers\netbt.sys) error 1813
17:48:21.0546 1948 Backup copy found, using it..
17:48:21.0546 1948 J:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:48:23.0953 1948 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:48:28.0953 0532 Deinitialize success


Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: THOMPSON [administrator]

2/1/2012 7:18:18 PM
mbam-log-2012-02-01 (19-18-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199607
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESET:



J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\57ee8ccd-284de690 multiple threats
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\4e2fd025-5387a18f a variant of Java/Exploit.CVE-2011-3544.B trojan
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7e2f8a65-4a2425ce multiple threats
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\5214f2b4-6787fbb8 a variant of Java/Exploit.CVE-2011-3544.B trojan
J:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\c61d41-2a5b7ba3 multiple threats
J:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\3db3dfe5-6ed4f95c multiple threats
J:\Documents and Settings\Owner\My Documents\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 02 February 2012 - 04:54 PM

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\57ee8ccd-284de690 
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\4e2fd025-5387a18f 
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7e2f8a65-4a2425ce 
J:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\5214f2b4-6787fbb8 
J:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\c61d41-2a5b7ba3 
J:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\3db3dfe5-6ed4f95c 
J:\Documents and Settings\Owner\My Documents\Downloads\InternationalPrimoPDF.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 24 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 nuxi

nuxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 February 2012 - 08:26 PM

I got a popup that it found the zeroaccess rootkit, but I don't see anything about it in the logs.

I'll play with it for a day and see what happens.



ComboFix 12-01-29.02 - Owner 02/02/2012 17:03:37.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1694 [GMT -6:00]
Running from: j:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: j:\documents and settings\Owner\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"j:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\57ee8ccd-284de690"
"j:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\4e2fd025-5387a18f"
"j:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7e2f8a65-4a2425ce"
"j:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\5214f2b4-6787fbb8"
"j:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\c61d41-2a5b7ba3"
"j:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\3db3dfe5-6ed4f95c"
"j:\documents and settings\Owner\My Documents\Downloads\InternationalPrimoPDF.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
j:\documents and settings\Owner\My Documents\Downloads\InternationalPrimoPDF.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 01:51 . 2012-02-02 01:51 -------- d-----w- j:\program files\ESET
2012-01-30 19:06 . 2012-01-30 19:06 -------- d-----w- j:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-28 20:20 . 2012-01-17 10:39 6557240 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-28 20:17 . 2012-01-17 10:39 6557240 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE6E3878-1335-473E-87C9-36A6492D3172}\mpengine.dll
2012-01-22 01:58 . 2012-01-23 12:17 -------- d-----w- j:\documents and settings\TV
2012-01-21 21:32 . 2012-01-22 01:58 -------- d-----w- j:\program files\Common Files\PC Tools
2012-01-21 21:31 . 2012-01-21 21:31 -------- d-----w- j:\documents and settings\All Users\Application Data\PC Tools
2012-01-21 21:31 . 2012-01-21 21:31 -------- d-----w- j:\documents and settings\Administrator\Application Data\TestApp
2012-01-21 21:27 . 2012-01-21 21:28 23624 ----a-w- j:\windows\system32\drivers\hitmanpro36.sys
2012-01-21 21:27 . 2012-01-21 21:27 -------- d-----w- j:\documents and settings\All Users\Application Data\HitmanPro
2012-01-21 01:59 . 2012-01-21 01:59 414368 ----a-w- j:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 04:31 . 2012-01-20 05:11 -------- d-----w- j:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-20 04:31 . 2012-01-20 04:45 -------- d-----w- j:\program files\Spybot - Search & Destroy
2012-01-20 03:06 . 2010-11-09 19:56 98392 ----a-w- j:\windows\system32\drivers\SBREDrv.sys
2012-01-20 03:06 . 2010-11-09 19:56 27984 ----a-w- j:\windows\system32\sbbd.exe
2012-01-20 02:45 . 2012-01-20 02:46 -------- d-----w- j:\program files\Essentials Codec Pack
2012-01-20 02:45 . 2012-01-20 02:45 -------- d-----w- j:\documents and settings\Owner\Application Data\Nullsoft
2012-01-20 02:43 . 2012-01-20 02:43 -------- d-----w- j:\documents and settings\Owner\Application Data\dvdcss
2012-01-20 02:43 . 2012-01-20 02:43 -------- d-----w- j:\documents and settings\Owner\Application Data\vlc
2012-01-20 02:42 . 2012-01-20 02:42 -------- d-----w- j:\program files\VideoLAN
2012-01-20 01:15 . 2012-01-20 01:15 -------- d-----w- j:\documents and settings\Owner\DoctorWeb
2012-01-20 01:12 . 2012-01-20 01:12 205072 ----a-w- j:\windows\system32\drivers\tmcomm.sys
2012-01-20 01:07 . 2012-01-20 05:14 -------- d-----w- j:\documents and settings\Owner\Application Data\XBMC
2012-01-20 00:56 . 2010-05-26 17:41 2106216 ----a-w- j:\windows\system32\D3DCompiler_43.dll
2012-01-20 00:56 . 2010-05-26 17:41 1998168 ----a-w- j:\windows\system32\D3DX9_43.dll
2012-01-20 00:55 . 2012-01-20 00:55 -------- d-----w- j:\program files\XBMC
2012-01-19 23:55 . 2012-01-19 23:55 -------- d-----w- j:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-19 23:54 . 2012-02-02 01:16 -------- d-----w- j:\program files\Malwarebytes' Anti-Malware
2012-01-19 23:54 . 2012-01-19 23:54 -------- d-----w- j:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-19 23:54 . 2011-12-10 21:24 20464 ----a-w- j:\windows\system32\drivers\mbam.sys
2012-01-19 18:25 . 2012-01-19 18:25 -------- d-----w- j:\documents and settings\Owner\Application Data\DivX
2012-01-19 18:21 . 2012-01-19 18:25 -------- d-----w- j:\program files\DivX
2012-01-19 18:21 . 2012-01-19 18:25 -------- d-----w- j:\documents and settings\All Users\Application Data\DivX
2012-01-19 17:37 . 2011-05-30 13:42 240640 ----a-w- j:\windows\system32\xvidvfw.dll
2012-01-19 17:37 . 2011-05-23 09:52 153088 ----a-w- j:\windows\system32\xvid.ax
2012-01-19 17:37 . 2011-05-23 07:46 645632 ----a-w- j:\windows\system32\xvidcore.dll
2012-01-19 17:37 . 2012-01-19 17:37 -------- d-----w- j:\program files\Xvid
2012-01-19 04:39 . 2012-01-19 04:39 192644 ----a-w- j:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-19 04:39 . 2012-01-19 04:39 323716 ----a-w- j:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-19 03:09 . 2012-01-19 03:09 -------- d-----w- j:\program files\Microsoft Silverlight
2012-01-18 20:11 . 2011-11-15 20:29 222080 ------w- j:\windows\system32\MpSigStub.exe
2012-01-18 20:07 . 2012-01-18 20:08 -------- d-----w- j:\program files\Microsoft Security Client
2012-01-18 16:12 . 2012-01-18 16:12 -------- d-sh--w- j:\documents and settings\Administrator\PrivacIE
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- j:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 23:49 . 2006-02-28 12:00 162816 ----a-w- j:\windows\system32\drivers\netbt.sys
2012-01-18 17:40 . 2006-02-28 12:00 52480 ----a-w- j:\windows\system32\drivers\i8042prt.sys
2012-01-18 17:40 . 2006-02-28 12:00 187776 ----a-w- j:\windows\system32\drivers\acpi.sys
2006-10-11 08:04 . 2008-04-19 23:57 61036 ----a-w- j:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-19 23:57 48742 ----a-w- j:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-19 23:57 29313 ----a-w- j:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-19 23:57 41082 ----a-w- j:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-19 23:57 166510 ----a-w- j:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-20_17.35.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 23:01 . 2012-02-02 23:01 16384 j:\windows\temp\Perflib_Perfdata_610.dat
+ 2006-02-28 12:00 . 2012-02-02 22:51 72424 j:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-01-20 17:30 72424 j:\windows\system32\perfc009.dat
+ 2012-02-02 01:05 . 2012-02-02 01:05 22016 j:\windows\Installer\10c35409.msi
+ 2006-02-28 12:00 . 2012-02-02 22:51 444548 j:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-20 17:30 444548 j:\windows\system32\perfh009.dat
+ 2012-01-21 01:58 . 2012-01-21 01:58 247968 j:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-01-21 01:58 . 2012-01-21 01:58 335520 j:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="j:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="j:\windows\system32\Ati2mdxx.exe" [2001-09-04 28672]
"RemoteControl"="j:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="j:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="j:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"IntelliPoint"="j:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"HP Software Update"="j:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="j:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="j:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NCNETWORKSDM"="j:\program files\NCNETWORKSDM\bin\sprtcmd.exe" [2010-06-17 206120]
"QuickTime Task"="j:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="j:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="j:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"DivXUpdate"="j:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="j:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="j:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
j:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - j:\program files\Dell Wireless\PRISMCFG.exe [2012-1-18 921707]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 15:42 450649 ----a-r- j:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"j:\\Program Files\\eMule\\emule.exe"=
"j:\\Program Files\\BitTornado\\btdownloadgui.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:DCOM(135)
.
R1 SBRE;SBRE;j:\windows\system32\drivers\SBREDrv.sys [1/19/2012 9:06 PM 98392]
R2 PRISMSVC;PRISMSVC;j:\windows\system32\PRISMSVC.exe [1/18/2012 10:40 PM 61529]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);j:\program files\NCNETWORKSDM\bin\sprtsvc.exe [6/17/2010 3:59 AM 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);j:\program files\NCNETWORKSDM\bin\tgsrvc.exe [6/17/2010 3:59 AM 185640]
S2 gupdate1cabfda90c05a02;Google Update Service (gupdate1cabfda90c05a02);j:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 4:47 PM 133104]
S3 BlackBox;BlackBox SR2; [x]
S3 gupdatem;Google Update Service (gupdatem);j:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 4:47 PM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;j:\windows\system32\drivers\hitmanpro36.sys [1/21/2012 3:27 PM 23624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 j:\windows\Tasks\AppleSoftwareUpdate.job
- j:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-02-02 j:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- j:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 22:47]
.
2012-02-02 j:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- j:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 22:47]
.
2012-02-02 j:\windows\Tasks\Windows Codec Update Service.job
- j:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - j:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - j:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bjw3owvx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z180&ocid=zdhp&install_date=20120120
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z180&form=ZGAADF&install_date=20120120&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
j:\windows\system32\PRISMAPI.DLL
.
Completion time: 2012-02-02 17:19:03
ComboFix-quarantined-files.txt 2012-02-02 23:19
ComboFix2.txt 2012-01-29 19:41
.
Pre-Run: 121,602,740,224 bytes free
Post-Run: 121,650,319,360 bytes free

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 02 February 2012 - 08:41 PM

Let's see if it is hidden somewhere

please run the following

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\WINDOWS).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

NEXT

give GMER another try


Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file (it will have a random name)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
[/QUOTE]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 nuxi

nuxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 03 February 2012 - 05:34 PM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\j:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\j:\\pagefile.sys: The process cannot access the file because it is being used by another process.


.
Failed to open \\?\j:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Access is denied.


..

...

...

...

...

...

...

...
Failed to open \\?\j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db: Access is denied.



Failed to open \\?\j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow: Access is denied.



Failed to open \\?\j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\j:\\Qoobox\BackEnv: Access is denied.


..

...

...

...

...

..\\?\j:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : J:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: J:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\j:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : J:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: J:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...

...

...

..

Attached Files

  • Attached File  gmer.zip   40.71KB   1 downloads


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 03 February 2012 - 06:58 PM

Nothing showing in the logs, the detection may have been in ComboFix quarantine


Please run the following:
  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db
j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db
j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow
j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
j:\\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow



  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.



NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:55 AM

Posted 10 February 2012 - 06:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users