Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/sirefef.N


  • Please log in to reply
18 replies to this topic

#1 wakko9

wakko9

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 01:13 AM

I have been working on this issue for a day or two now. This pc had XP Antispyware 2012 on it and it is not that hard to remove. After removing it and running Malwarebytes and MS Security Essentials this sirefef.n keeps coming up and I cant figure out how to removed it. It seems like it keeps coming back.

Please help

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 31 January 2012 - 02:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 31 January 2012 - 02:36 AM

Also

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 31 January 2012 - 02:41 AM.


#4 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 01 February 2012 - 08:46 AM

Here is the tdsskiller log...


23:34:56.0562 2972 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
23:34:56.0593 2972 ============================================================
23:34:56.0593 2972 Current date / time: 2012/01/31 23:34:56.0593
23:34:56.0593 2972 SystemInfo:
23:34:56.0593 2972
23:34:56.0593 2972 OS Version: 5.1.2600 ServicePack: 3.0
23:34:56.0593 2972 Product type: Workstation
23:34:56.0593 2972 ComputerName: YOUR-4105E587B6
23:34:56.0593 2972 UserName: Owner
23:34:56.0593 2972 Windows directory: C:\WINDOWS
23:34:56.0593 2972 System windows directory: C:\WINDOWS
23:34:56.0593 2972 Processor architecture: Intel x86
23:34:56.0593 2972 Number of processors: 1
23:34:56.0593 2972 Page size: 0x1000
23:34:56.0593 2972 Boot type: Normal boot
23:34:56.0593 2972 ============================================================
23:34:58.0500 2972 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:34:58.0500 2972 Drive \Device\Harddisk1\DR3 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:34:58.0500 2972 Drive \Device\Harddisk2\DR5 - Size: 0x3F800000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:34:58.0500 2972 \Device\Harddisk0\DR0:
23:34:58.0500 2972 MBR used
23:34:58.0500 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9E6FA7
23:34:58.0500 2972 \Device\Harddisk1\DR3:
23:34:58.0500 2972 MBR used
23:34:58.0500 2972 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
23:34:58.0500 2972 \Device\Harddisk2\DR5:
23:34:58.0500 2972 MBR used
23:34:58.0500 2972 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1F3101
23:34:58.0531 2972 Initialize success
23:34:58.0531 2972 ============================================================
23:35:11.0484 3600 ============================================================
23:35:11.0484 3600 Scan started
23:35:11.0484 3600 Mode: Manual; TDLFS;
23:35:11.0484 3600 ============================================================
23:35:11.0984 3600 Abiosdsk - ok
23:35:12.0046 3600 abp480n5 - ok
23:35:12.0156 3600 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:12.0156 3600 ACPI - ok
23:35:12.0187 3600 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:35:12.0203 3600 ACPIEC - ok
23:35:12.0218 3600 adpu160m - ok
23:35:12.0281 3600 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:35:12.0281 3600 aec - ok
23:35:12.0375 3600 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:35:12.0375 3600 AFD - ok
23:35:12.0406 3600 Aha154x - ok
23:35:12.0421 3600 aic78u2 - ok
23:35:12.0453 3600 aic78xx - ok
23:35:12.0515 3600 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:35:12.0531 3600 AliIde - ok
23:35:12.0546 3600 amsint - ok
23:35:12.0593 3600 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:35:12.0593 3600 Arp1394 - ok
23:35:12.0625 3600 asc - ok
23:35:12.0640 3600 asc3350p - ok
23:35:12.0671 3600 asc3550 - ok
23:35:12.0734 3600 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:12.0750 3600 AsyncMac - ok
23:35:12.0781 3600 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:12.0781 3600 atapi - ok
23:35:12.0812 3600 Atdisk - ok
23:35:12.0843 3600 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:12.0843 3600 Atmarpc - ok
23:35:13.0062 3600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:13.0062 3600 audstub - ok
23:35:13.0203 3600 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:35:13.0203 3600 Beep - ok
23:35:13.0375 3600 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:35:13.0390 3600 BTKRNL - ok
23:35:13.0500 3600 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
23:35:13.0500 3600 BTWUSB - ok
23:35:13.0593 3600 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
23:35:13.0593 3600 CAMCAUD - ok
23:35:13.0828 3600 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
23:35:13.0843 3600 CAMCHALA - ok
23:35:14.0015 3600 catchme - ok
23:35:14.0156 3600 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:14.0156 3600 cbidf2k - ok
23:35:14.0218 3600 cd20xrnt - ok
23:35:14.0531 3600 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:14.0531 3600 Cdaudio - ok
23:35:14.0640 3600 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:14.0640 3600 Cdfs - ok
23:35:14.0718 3600 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:14.0734 3600 Cdrom - ok
23:35:14.0812 3600 Changer - ok
23:35:14.0921 3600 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:35:14.0921 3600 CmBatt - ok
23:35:15.0093 3600 CmdIde - ok
23:35:15.0140 3600 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:35:15.0156 3600 Compbatt - ok
23:35:15.0218 3600 Cpqarray - ok
23:35:15.0281 3600 dac2w2k - ok
23:35:15.0343 3600 dac960nt - ok
23:35:15.0468 3600 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:15.0468 3600 Disk - ok
23:35:15.0625 3600 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:35:15.0640 3600 dmboot - ok
23:35:15.0796 3600 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:35:15.0796 3600 dmio - ok
23:35:15.0906 3600 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:35:15.0906 3600 dmload - ok
23:35:16.0046 3600 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:35:16.0046 3600 DMusic - ok
23:35:16.0140 3600 dpti2o - ok
23:35:16.0218 3600 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:35:16.0218 3600 drmkaud - ok
23:35:16.0390 3600 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
23:35:16.0390 3600 eabfiltr - ok
23:35:16.0546 3600 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
23:35:16.0546 3600 eabusb - ok
23:35:16.0687 3600 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:35:16.0703 3600 eeCtrl - ok
23:35:16.0750 3600 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:35:16.0750 3600 EraserUtilRebootDrv - ok
23:35:17.0031 3600 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:35:17.0031 3600 Fastfat - ok
23:35:17.0171 3600 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:35:17.0187 3600 Fdc - ok
23:35:17.0312 3600 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:35:17.0312 3600 Fips - ok
23:35:17.0390 3600 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:35:17.0390 3600 Flpydisk - ok
23:35:17.0468 3600 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:35:17.0484 3600 FltMgr - ok
23:35:17.0609 3600 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:35:17.0609 3600 Fs_Rec - ok
23:35:17.0687 3600 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:35:17.0687 3600 Ftdisk - ok
23:35:17.0859 3600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:35:17.0859 3600 GEARAspiWDM - ok
23:35:18.0031 3600 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:35:18.0031 3600 Gpc - ok
23:35:18.0187 3600 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:35:18.0187 3600 HidUsb - ok
23:35:18.0281 3600 hpn - ok
23:35:18.0375 3600 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:35:18.0390 3600 HPZid412 - ok
23:35:18.0484 3600 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:35:18.0484 3600 HPZipr12 - ok
23:35:18.0625 3600 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:35:18.0625 3600 HPZius12 - ok
23:35:18.0765 3600 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:35:18.0765 3600 HSFHWICH - ok
23:35:18.0968 3600 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:35:18.0984 3600 HSF_DP - ok
23:35:19.0156 3600 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:35:19.0156 3600 HTTP - ok
23:35:19.0250 3600 i2omgmt - ok
23:35:19.0312 3600 i2omp - ok
23:35:19.0421 3600 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:35:19.0437 3600 i8042prt - ok
23:35:19.0640 3600 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:35:19.0656 3600 ialm - ok
23:35:19.0828 3600 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:19.0828 3600 Imapi - ok
23:35:19.0968 3600 ini910u - ok
23:35:20.0031 3600 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:35:20.0031 3600 IntelIde - ok
23:35:20.0156 3600 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:35:20.0156 3600 intelppm - ok
23:35:20.0281 3600 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:20.0281 3600 Ip6Fw - ok
23:35:20.0390 3600 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:20.0390 3600 IpFilterDriver - ok
23:35:20.0515 3600 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:20.0515 3600 IpInIp - ok
23:35:20.0640 3600 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:20.0656 3600 IpNat - ok
23:35:20.0812 3600 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:20.0812 3600 IPSec - ok
23:35:20.0953 3600 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:20.0953 3600 IRENUM - ok
23:35:21.0093 3600 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:21.0109 3600 isapnp - ok
23:35:21.0203 3600 Iviaspi (cd8abfff1387e0f42cf6c6d7cdc19f0d) C:\WINDOWS\system32\drivers\iviaspi.sys
23:35:21.0218 3600 Iviaspi - ok
23:35:21.0375 3600 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:21.0375 3600 Kbdclass - ok
23:35:21.0484 3600 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:35:21.0484 3600 kbdhid - ok
23:35:21.0609 3600 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:35:21.0609 3600 kmixer - ok
23:35:21.0734 3600 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:21.0734 3600 KSecDD - ok
23:35:21.0843 3600 lbrtfdc - ok
23:35:21.0984 3600 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:35:21.0984 3600 mdmxsdk - ok
23:35:22.0171 3600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:22.0171 3600 mnmdd - ok
23:35:22.0343 3600 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:35:22.0343 3600 Modem - ok
23:35:22.0453 3600 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:22.0468 3600 Mouclass - ok
23:35:22.0578 3600 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:22.0578 3600 mouhid - ok
23:35:22.0640 3600 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:22.0656 3600 MountMgr - ok
23:35:22.0703 3600 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:35:22.0703 3600 MpFilter - ok
23:35:22.0843 3600 MpKsl4d8600ef (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970B17CE-ECA9-453F-A0FF-2500F2AD8C75}\MpKsl4d8600ef.sys
23:35:22.0843 3600 MpKsl4d8600ef - ok
23:35:22.0984 3600 mraid35x - ok
23:35:23.0109 3600 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:35:23.0109 3600 MREMP50 - ok
23:35:23.0156 3600 MREMPR5 - ok
23:35:23.0171 3600 MRENDIS5 - ok
23:35:23.0218 3600 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:35:23.0218 3600 MRESP50 - ok
23:35:23.0406 3600 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:23.0406 3600 MRxDAV - ok
23:35:23.0531 3600 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:23.0531 3600 MRxSmb - ok
23:35:23.0671 3600 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:23.0671 3600 Msfs - ok
23:35:23.0765 3600 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:23.0765 3600 MSKSSRV - ok
23:35:23.0875 3600 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:23.0875 3600 MSPCLOCK - ok
23:35:23.0968 3600 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:23.0968 3600 MSPQM - ok
23:35:24.0125 3600 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:24.0140 3600 mssmbios - ok
23:35:24.0250 3600 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:35:24.0250 3600 Mup - ok
23:35:24.0421 3600 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:24.0437 3600 NDIS - ok
23:35:24.0531 3600 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:24.0546 3600 NdisTapi - ok
23:35:24.0578 3600 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:24.0578 3600 Ndisuio - ok
23:35:24.0656 3600 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:24.0671 3600 NdisWan - ok
23:35:24.0718 3600 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:24.0718 3600 NDProxy - ok
23:35:24.0750 3600 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:24.0750 3600 NetBIOS - ok
23:35:24.0828 3600 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:24.0828 3600 NetBT - ok
23:35:24.0937 3600 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:35:24.0937 3600 NIC1394 - ok
23:35:25.0031 3600 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:25.0031 3600 Npfs - ok
23:35:25.0218 3600 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:25.0234 3600 Ntfs - ok
23:35:25.0359 3600 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:25.0359 3600 Null - ok
23:35:25.0546 3600 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:25.0546 3600 NwlnkFlt - ok
23:35:25.0640 3600 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:25.0640 3600 NwlnkFwd - ok
23:35:25.0812 3600 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:35:25.0828 3600 ohci1394 - ok
23:35:25.0921 3600 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:35:25.0921 3600 Parport - ok
23:35:26.0062 3600 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:26.0062 3600 PartMgr - ok
23:35:26.0140 3600 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:26.0156 3600 ParVdm - ok
23:35:26.0296 3600 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:26.0296 3600 PCI - ok
23:35:26.0390 3600 PCIDump - ok
23:35:26.0515 3600 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:26.0515 3600 PCIIde - ok
23:35:26.0562 3600 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:35:26.0562 3600 Pcmcia - ok
23:35:26.0625 3600 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
23:35:26.0640 3600 PCTCore - ok
23:35:26.0796 3600 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
23:35:26.0796 3600 pctDS - ok
23:35:26.0937 3600 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
23:35:26.0937 3600 pctEFA - ok
23:35:27.0015 3600 PDCOMP - ok
23:35:27.0093 3600 PDFRAME - ok
23:35:27.0156 3600 PDRELI - ok
23:35:27.0265 3600 PDRFRAME - ok
23:35:27.0328 3600 perc2 - ok
23:35:27.0375 3600 perc2hib - ok
23:35:27.0625 3600 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:27.0625 3600 PptpMiniport - ok
23:35:27.0734 3600 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:27.0734 3600 PSched - ok
23:35:27.0875 3600 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:27.0875 3600 Ptilink - ok
23:35:28.0000 3600 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:35:28.0000 3600 PxHelp20 - ok
23:35:28.0140 3600 ql1080 - ok
23:35:28.0203 3600 Ql10wnt - ok
23:35:28.0265 3600 ql12160 - ok
23:35:28.0359 3600 ql1240 - ok
23:35:28.0468 3600 ql1280 - ok
23:35:28.0562 3600 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:28.0562 3600 RasAcd - ok
23:35:28.0625 3600 Rasirda - ok
23:35:28.0765 3600 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:28.0765 3600 Rasl2tp - ok
23:35:28.0828 3600 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:28.0828 3600 RasPppoe - ok
23:35:29.0015 3600 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:29.0015 3600 Raspti - ok
23:35:29.0109 3600 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:29.0109 3600 Rdbss - ok
23:35:29.0218 3600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:29.0218 3600 RDPCDD - ok
23:35:29.0359 3600 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:29.0359 3600 RDPWD - ok
23:35:29.0562 3600 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:35:29.0562 3600 RTL8023xp - ok
23:35:29.0703 3600 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:35:29.0703 3600 sdbus - ok
23:35:29.0796 3600 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:29.0796 3600 Secdrv - ok
23:35:30.0000 3600 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:30.0000 3600 serenum - ok
23:35:30.0140 3600 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:30.0140 3600 Serial - ok
23:35:30.0265 3600 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:30.0265 3600 Sfloppy - ok
23:35:30.0359 3600 Simbad - ok
23:35:30.0468 3600 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:35:30.0468 3600 SMCIRDA - ok
23:35:30.0562 3600 Sparrow - ok
23:35:30.0703 3600 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:35:30.0718 3600 splitter - ok
23:35:30.0812 3600 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:30.0812 3600 sr - ok
23:35:30.0984 3600 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:31.0000 3600 Srv - ok
23:35:31.0234 3600 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:31.0234 3600 swenum - ok
23:35:31.0437 3600 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:31.0437 3600 swmidi - ok
23:35:31.0578 3600 symc810 - ok
23:35:31.0671 3600 symc8xx - ok
23:35:31.0984 3600 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
23:35:31.0984 3600 symlcbrd - ok
23:35:32.0062 3600 sym_hi - ok
23:35:32.0078 3600 sym_u3 - ok
23:35:32.0156 3600 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:35:32.0156 3600 SynTP - ok
23:35:32.0234 3600 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:32.0234 3600 sysaudio - ok
23:35:32.0359 3600 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:32.0375 3600 Tcpip - ok
23:35:32.0421 3600 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:32.0421 3600 TDPIPE - ok
23:35:32.0562 3600 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:32.0562 3600 TDTCP - ok
23:35:32.0750 3600 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:32.0750 3600 TermDD - ok
23:35:32.0921 3600 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
23:35:32.0921 3600 tifm21 - ok
23:35:33.0031 3600 TosIde - ok
23:35:33.0140 3600 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:33.0140 3600 Udfs - ok
23:35:33.0265 3600 ultra - ok
23:35:33.0593 3600 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:33.0593 3600 Update - ok
23:35:33.0703 3600 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:35:33.0703 3600 USBAAPL - ok
23:35:33.0937 3600 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:33.0953 3600 usbccgp - ok
23:35:34.0187 3600 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:34.0203 3600 usbehci - ok
23:35:34.0281 3600 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:34.0281 3600 usbhub - ok
23:35:34.0375 3600 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:34.0375 3600 usbprint - ok
23:35:34.0468 3600 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:35:34.0468 3600 usbscan - ok
23:35:34.0625 3600 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:34.0625 3600 USBSTOR - ok
23:35:34.0781 3600 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:35:34.0781 3600 usbuhci - ok
23:35:34.0843 3600 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:35:34.0843 3600 VgaSave - ok
23:35:34.0953 3600 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:35:34.0953 3600 ViaIde - ok
23:35:35.0046 3600 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:35.0062 3600 VolSnap - ok
23:35:35.0406 3600 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
23:35:35.0437 3600 w29n51 - ok
23:35:35.0484 3600 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:35.0484 3600 Wanarp - ok
23:35:35.0515 3600 wanatw - ok
23:35:35.0531 3600 WDICA - ok
23:35:35.0562 3600 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:35.0562 3600 wdmaud - ok
23:35:35.0687 3600 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:35:35.0703 3600 winachsf - ok
23:35:35.0859 3600 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:35:35.0859 3600 WmiAcpi - ok
23:35:35.0984 3600 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:35:35.0984 3600 WpdUsb - ok
23:35:36.0078 3600 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:35:36.0078 3600 WS2IFSL - ok
23:35:36.0250 3600 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:35:36.0250 3600 WudfPf - ok
23:35:36.0312 3600 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:35:36.0312 3600 WudfRd - ok
23:35:36.0375 3600 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:35:36.0703 3600 \Device\Harddisk0\DR0 - ok
23:35:36.0718 3600 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
23:35:36.0843 3600 \Device\Harddisk1\DR3 - ok
23:35:36.0859 3600 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR5
23:35:45.0453 3600 \Device\Harddisk2\DR5 - ok
23:35:45.0468 3600 Boot (0x1200) (1a06ca67e6c99b8a998481b657265c8c) \Device\Harddisk0\DR0\Partition0
23:35:45.0468 3600 \Device\Harddisk0\DR0\Partition0 - ok
23:35:45.0484 3600 Boot (0x1200) (77de5ebd031a3762c877e131caedbedd) \Device\Harddisk1\DR3\Partition0
23:35:45.0484 3600 \Device\Harddisk1\DR3\Partition0 - ok
23:35:45.0500 3600 Boot (0x1200) (3f4ec7f6b3ce2249d5149bd08d2038c0) \Device\Harddisk2\DR5\Partition0
23:35:45.0500 3600 \Device\Harddisk2\DR5\Partition0 - ok
23:35:45.0515 3600 ============================================================
23:35:45.0515 3600 Scan finished
23:35:45.0515 3600 ============================================================
23:35:45.0531 3132 Detected object count: 0
23:35:45.0531 3132 Actual detected object count: 0




Here is the GMER log...



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 07:39:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2100AT_PL rev.008300A1
Running: GMER.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agxyyaog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF74A76E6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7485F68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7486230]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF74A80A0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF74A842A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74A6924]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF74A896E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74A7AA4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF74859D8]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6403ABF]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library E:\Cleanup\Remioval (*** hidden *** ) @ E:\Cleanup\Remioval [4072] 0x00400000

---- EOF - GMER 1.0.15 ----

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 01 February 2012 - 01:24 PM

Post the aswmbr log too

#6 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 01 February 2012 - 02:23 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 07:48:11
-----------------------------
07:48:11.140 OS Version: Windows 5.1.2600 Service Pack 3
07:48:11.140 Number of processors: 1 586 0xD08
07:48:11.156 ComputerName: YOUR-4105E587B6 UserName: Owner
07:48:14.421 Initialize success
07:50:53.234 AVAST engine defs: 12020100
07:52:27.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
07:52:27.171 Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
07:52:27.281 Disk 0 MBR read successfully
07:52:27.296 Disk 0 MBR scan
07:52:27.625 Disk 0 unknown MBR code
07:52:27.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95181 MB offset 63
07:52:27.906 Disk 0 Partition 2 00 88 Linux plaintext AKr' 203 MB offset 194948775
07:52:28.328 Disk 0 scanning sectors +195366465
07:52:29.093 Disk 0 scanning C:\WINDOWS\system32\drivers
07:54:51.015 Service scanning
07:54:58.765 Service MpKsl4d8600ef c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970B17CE-ECA9-453F-A0FF-2500F2AD8C75}\MpKsl4d8600ef.sys **LOCKED** 32
07:55:02.093 Modules scanning
07:57:31.906 Disk 0 trace - called modules:
07:57:32.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys
07:57:32.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fc7ab8]
07:57:32.093 3 CLASSPNP.SYS[f76dcfd7] -> nt!IofCallDriver -> [0x86fe4698]
07:57:32.109 5 PCTCore.sys[f7489099] -> nt!IofCallDriver -> \Device\00000077[0x86f68030]
07:57:32.140 7 ACPI.sys[f7533620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f7a940]
07:57:36.718 AVAST engine scan C:\WINDOWS
08:01:17.000 AVAST engine scan C:\WINDOWS\system32
08:22:48.750 AVAST engine scan C:\WINDOWS\system32\drivers
08:24:50.984 AVAST engine scan C:\Documents and Settings\Owner
08:47:19.546 AVAST engine scan C:\Documents and Settings\All Users
08:53:33.609 Scan finished successfully
13:22:09.390 Disk 0 MBR has been saved successfully to "E:\Cleanup\Remioval sirefef.N?\MBR.dat"
13:22:09.484 The log file has been saved successfully to "E:\Cleanup\Remioval sirefef.N?\aswMBR.txt"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 01 February 2012 - 08:30 PM

I want you to boot your PC into safemode and run TDSSkiller once

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#8 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 02 February 2012 - 12:50 AM

I have tried to boot in to safe mode and it gets stuck. The last line displayed on the screen is multi(0)disk(0)rdisk(0)partition(1)\windows\system32\drivers\mup.sys

Any ideas?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 02 February 2012 - 01:05 AM

Looks like you have other issues too

Press F8 at startup

select Repair your computer option

If you do not have that option,insert your XP CD

Press any key> when Install MENU comes up,press R key which should take you to recovery console

Enter your administrator password and run this command

chkdsk C: /r

After chkdsk gets completed,try to boot into safemode again

Edited by narenxp, 02 February 2012 - 01:05 AM.


#10 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 February 2012 - 09:20 AM

Ran check disk /r, able to boot safe mode, ran tdsskiller....


08:09:53.0343 1360 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
08:09:53.0468 1360 ============================================================
08:09:53.0468 1360 Current date / time: 2012/02/03 08:09:53.0468
08:09:53.0468 1360 SystemInfo:
08:09:53.0468 1360
08:09:53.0468 1360 OS Version: 5.1.2600 ServicePack: 3.0
08:09:53.0468 1360 Product type: Workstation
08:09:53.0468 1360 ComputerName: YOUR-4105E587B6
08:09:53.0468 1360 UserName: Owner
08:09:53.0468 1360 Windows directory: C:\WINDOWS
08:09:53.0468 1360 System windows directory: C:\WINDOWS
08:09:53.0468 1360 Processor architecture: Intel x86
08:09:53.0468 1360 Number of processors: 1
08:09:53.0468 1360 Page size: 0x1000
08:09:53.0468 1360 Boot type: Safe boot
08:09:53.0468 1360 ============================================================
08:09:58.0875 1360 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:09:58.0875 1360 Drive \Device\Harddisk1\DR3 - Size: 0x3F800000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:09:58.0875 1360 \Device\Harddisk0\DR0:
08:09:58.0875 1360 MBR used
08:09:58.0875 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9E6FA7
08:09:58.0875 1360 \Device\Harddisk1\DR3:
08:09:58.0875 1360 MBR used
08:09:58.0875 1360 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1F3101
08:09:59.0375 1360 Initialize success
08:09:59.0375 1360 ============================================================
08:10:12.0296 1400 ============================================================
08:10:12.0296 1400 Scan started
08:10:12.0296 1400 Mode: Manual; TDLFS;
08:10:12.0296 1400 ============================================================
08:10:13.0890 1400 Abiosdsk - ok
08:10:14.0359 1400 abp480n5 - ok
08:10:14.0921 1400 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:10:15.0015 1400 ACPI - ok
08:10:15.0500 1400 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:10:15.0515 1400 ACPIEC - ok
08:10:15.0968 1400 adpu160m - ok
08:10:16.0562 1400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:10:16.0625 1400 aec - ok
08:10:17.0203 1400 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:10:17.0265 1400 AFD - ok
08:10:17.0734 1400 Aha154x - ok
08:10:18.0171 1400 aic78u2 - ok
08:10:18.0625 1400 aic78xx - ok
08:10:19.0140 1400 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:10:19.0156 1400 AliIde - ok
08:10:19.0625 1400 amsint - ok
08:10:20.0156 1400 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:10:20.0203 1400 Arp1394 - ok
08:10:20.0640 1400 asc - ok
08:10:21.0125 1400 asc3350p - ok
08:10:21.0609 1400 asc3550 - ok
08:10:22.0156 1400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:10:22.0171 1400 AsyncMac - ok
08:10:22.0734 1400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:10:22.0734 1400 atapi - ok
08:10:23.0203 1400 Atdisk - ok
08:10:23.0703 1400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:10:23.0750 1400 Atmarpc - ok
08:10:24.0296 1400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:10:24.0296 1400 audstub - ok
08:10:24.0843 1400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:10:24.0859 1400 Beep - ok
08:10:26.0031 1400 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:10:26.0718 1400 BTKRNL - ok
08:10:27.0234 1400 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
08:10:27.0265 1400 BTWUSB - ok
08:10:27.0796 1400 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
08:10:27.0828 1400 CAMCAUD - ok
08:10:28.0468 1400 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
08:10:28.0656 1400 CAMCHALA - ok
08:10:28.0781 1400 catchme - ok
08:10:29.0500 1400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:10:29.0515 1400 cbidf2k - ok
08:10:29.0937 1400 cd20xrnt - ok
08:10:30.0406 1400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:10:30.0421 1400 Cdaudio - ok
08:10:30.0937 1400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:10:30.0968 1400 Cdfs - ok
08:10:31.0500 1400 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:10:31.0531 1400 Cdrom - ok
08:10:32.0031 1400 Changer - ok
08:10:32.0531 1400 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:10:32.0531 1400 CmBatt - ok
08:10:33.0000 1400 CmdIde - ok
08:10:33.0484 1400 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:10:33.0484 1400 Compbatt - ok
08:10:33.0984 1400 Cpqarray - ok
08:10:34.0437 1400 dac2w2k - ok
08:10:34.0906 1400 dac960nt - ok
08:10:35.0484 1400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:10:35.0500 1400 Disk - ok
08:10:36.0406 1400 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:10:36.0828 1400 dmboot - ok
08:10:37.0390 1400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:10:37.0484 1400 dmio - ok
08:10:38.0000 1400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:10:38.0000 1400 dmload - ok
08:10:38.0625 1400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:10:38.0656 1400 DMusic - ok
08:10:39.0187 1400 dpti2o - ok
08:10:39.0703 1400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:10:39.0703 1400 drmkaud - ok
08:10:40.0203 1400 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
08:10:40.0203 1400 eabfiltr - ok
08:10:40.0734 1400 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
08:10:40.0750 1400 eabusb - ok
08:10:41.0125 1400 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:10:41.0359 1400 eeCtrl - ok
08:10:41.0484 1400 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:10:41.0531 1400 EraserUtilRebootDrv - ok
08:10:42.0125 1400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:10:42.0203 1400 Fastfat - ok
08:10:42.0687 1400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:10:42.0703 1400 Fdc - ok
08:10:43.0203 1400 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:10:43.0234 1400 Fips - ok
08:10:43.0734 1400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:10:43.0750 1400 Flpydisk - ok
08:10:44.0359 1400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:10:44.0437 1400 FltMgr - ok
08:10:44.0937 1400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:10:44.0937 1400 Fs_Rec - ok
08:10:45.0484 1400 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:10:45.0546 1400 Ftdisk - ok
08:10:46.0046 1400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:10:46.0062 1400 GEARAspiWDM - ok
08:10:46.0609 1400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:10:46.0656 1400 Gpc - ok
08:10:47.0281 1400 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:10:47.0281 1400 HidUsb - ok
08:10:47.0765 1400 hpn - ok
08:10:48.0343 1400 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:10:48.0375 1400 HPZid412 - ok
08:10:48.0890 1400 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:10:48.0890 1400 HPZipr12 - ok
08:10:49.0375 1400 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:10:49.0390 1400 HPZius12 - ok
08:10:50.0000 1400 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
08:10:50.0109 1400 HSFHWICH - ok
08:10:51.0125 1400 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:10:51.0671 1400 HSF_DP - ok
08:10:52.0312 1400 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:10:52.0453 1400 HTTP - ok
08:10:52.0937 1400 i2omgmt - ok
08:10:53.0406 1400 i2omp - ok
08:10:53.0921 1400 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:10:53.0953 1400 i8042prt - ok
08:10:54.0875 1400 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:10:55.0296 1400 ialm - ok
08:10:55.0828 1400 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:10:55.0843 1400 Imapi - ok
08:10:56.0296 1400 ini910u - ok
08:10:56.0796 1400 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:10:56.0796 1400 IntelIde - ok
08:10:57.0296 1400 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:10:57.0312 1400 intelppm - ok
08:10:57.0843 1400 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:10:57.0859 1400 Ip6Fw - ok
08:10:58.0546 1400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:10:58.0578 1400 IpFilterDriver - ok
08:10:59.0093 1400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:10:59.0109 1400 IpInIp - ok
08:10:59.0656 1400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:10:59.0734 1400 IpNat - ok
08:11:00.0312 1400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:11:00.0343 1400 IPSec - ok
08:11:00.0828 1400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:11:00.0828 1400 IRENUM - ok
08:11:01.0453 1400 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:11:01.0468 1400 isapnp - ok
08:11:01.0984 1400 Iviaspi (cd8abfff1387e0f42cf6c6d7cdc19f0d) C:\WINDOWS\system32\drivers\iviaspi.sys
08:11:02.0000 1400 Iviaspi - ok
08:11:02.0546 1400 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:11:02.0593 1400 Kbdclass - ok
08:11:03.0125 1400 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:11:03.0140 1400 kbdhid - ok
08:11:03.0750 1400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:11:03.0828 1400 kmixer - ok
08:11:04.0375 1400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:11:04.0421 1400 KSecDD - ok
08:11:04.0984 1400 lbrtfdc - ok
08:11:05.0687 1400 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:11:05.0687 1400 mdmxsdk - ok
08:11:06.0234 1400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:11:06.0234 1400 mnmdd - ok
08:11:06.0765 1400 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:11:06.0781 1400 Modem - ok
08:11:07.0250 1400 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:11:07.0265 1400 Mouclass - ok
08:11:07.0781 1400 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:11:07.0796 1400 mouhid - ok
08:11:08.0343 1400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:11:08.0359 1400 MountMgr - ok
08:11:08.0953 1400 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:11:09.0031 1400 MpFilter - ok
08:11:09.0484 1400 mraid35x - ok
08:11:09.0640 1400 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:11:09.0687 1400 MREMP50 - ok
08:11:09.0734 1400 MREMPR5 - ok
08:11:09.0781 1400 MRENDIS5 - ok
08:11:09.0875 1400 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:11:09.0890 1400 MRESP50 - ok
08:11:10.0515 1400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:11:10.0609 1400 MRxDAV - ok
08:11:11.0312 1400 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:11:11.0562 1400 MRxSmb - ok
08:11:12.0046 1400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:11:12.0062 1400 Msfs - ok
08:11:12.0562 1400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:11:12.0562 1400 MSKSSRV - ok
08:11:13.0156 1400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:11:13.0156 1400 MSPCLOCK - ok
08:11:13.0625 1400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:11:13.0640 1400 MSPQM - ok
08:11:14.0156 1400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:11:14.0171 1400 mssmbios - ok
08:11:14.0703 1400 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:11:14.0750 1400 Mup - ok
08:11:15.0359 1400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:11:15.0453 1400 NDIS - ok
08:11:15.0937 1400 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:11:15.0953 1400 NdisTapi - ok
08:11:16.0468 1400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:11:16.0484 1400 Ndisuio - ok
08:11:16.0984 1400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:11:17.0031 1400 NdisWan - ok
08:11:17.0546 1400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:11:17.0578 1400 NDProxy - ok
08:11:18.0078 1400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:11:18.0093 1400 NetBIOS - ok
08:11:18.0718 1400 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:11:18.0796 1400 NetBT - ok
08:11:19.0359 1400 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:11:19.0390 1400 NIC1394 - ok
08:11:19.0906 1400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:11:19.0921 1400 Npfs - ok
08:11:20.0687 1400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:11:20.0984 1400 Ntfs - ok
08:11:21.0578 1400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:11:21.0578 1400 Null - ok
08:11:22.0062 1400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:11:22.0078 1400 NwlnkFlt - ok
08:11:22.0593 1400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:11:22.0609 1400 NwlnkFwd - ok
08:11:23.0109 1400 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:11:23.0156 1400 ohci1394 - ok
08:11:23.0703 1400 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:11:23.0750 1400 Parport - ok
08:11:24.0250 1400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:11:24.0312 1400 PartMgr - ok
08:11:24.0812 1400 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:11:24.0828 1400 ParVdm - ok
08:11:25.0359 1400 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:11:25.0421 1400 PCI - ok
08:11:25.0875 1400 PCIDump - ok
08:11:26.0359 1400 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:11:26.0359 1400 PCIIde - ok
08:11:26.0921 1400 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:11:26.0968 1400 Pcmcia - ok
08:11:27.0609 1400 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
08:11:27.0734 1400 PCTCore - ok
08:11:28.0453 1400 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
08:11:28.0640 1400 pctDS - ok
08:11:29.0468 1400 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
08:11:29.0812 1400 pctEFA - ok
08:11:30.0265 1400 PDCOMP - ok
08:11:30.0703 1400 PDFRAME - ok
08:11:31.0156 1400 PDRELI - ok
08:11:31.0625 1400 PDRFRAME - ok
08:11:32.0109 1400 perc2 - ok
08:11:32.0562 1400 perc2hib - ok
08:11:33.0125 1400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:11:33.0171 1400 PptpMiniport - ok
08:11:33.0687 1400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:11:33.0718 1400 PSched - ok
08:11:34.0203 1400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:11:34.0218 1400 Ptilink - ok
08:11:34.0750 1400 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:11:34.0781 1400 PxHelp20 - ok
08:11:35.0265 1400 ql1080 - ok
08:11:35.0718 1400 Ql10wnt - ok
08:11:36.0187 1400 ql12160 - ok
08:11:36.0625 1400 ql1240 - ok
08:11:37.0109 1400 ql1280 - ok
08:11:37.0609 1400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:11:37.0609 1400 RasAcd - ok
08:11:38.0093 1400 Rasirda - ok
08:11:38.0609 1400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:11:38.0640 1400 Rasl2tp - ok
08:11:39.0390 1400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:11:39.0421 1400 RasPppoe - ok
08:11:39.0875 1400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:11:39.0890 1400 Raspti - ok
08:11:40.0671 1400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:11:40.0765 1400 Rdbss - ok
08:11:41.0500 1400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:11:41.0500 1400 RDPCDD - ok
08:11:42.0093 1400 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:11:42.0171 1400 RDPWD - ok
08:11:42.0796 1400 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
08:11:42.0828 1400 RTL8023xp - ok
08:11:43.0453 1400 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:11:43.0500 1400 sdbus - ok
08:11:44.0031 1400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:11:44.0046 1400 Secdrv - ok
08:11:44.0671 1400 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:11:44.0687 1400 serenum - ok
08:11:45.0187 1400 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:11:45.0218 1400 Serial - ok
08:11:45.0750 1400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:11:45.0750 1400 Sfloppy - ok
08:11:46.0265 1400 Simbad - ok
08:11:46.0812 1400 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
08:11:46.0828 1400 SMCIRDA - ok
08:11:47.0296 1400 Sparrow - ok
08:11:47.0796 1400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:11:47.0796 1400 splitter - ok
08:11:48.0437 1400 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:11:48.0500 1400 sr - ok
08:11:49.0187 1400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:11:49.0406 1400 Srv - ok
08:11:49.0906 1400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:11:49.0906 1400 swenum - ok
08:11:50.0406 1400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:11:50.0453 1400 swmidi - ok
08:11:50.0953 1400 symc810 - ok
08:11:51.0421 1400 symc8xx - ok
08:11:51.0906 1400 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
08:11:51.0906 1400 symlcbrd - ok
08:11:52.0406 1400 sym_hi - ok
08:11:52.0843 1400 sym_u3 - ok
08:11:53.0437 1400 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:11:53.0531 1400 SynTP - ok
08:11:54.0062 1400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:11:54.0093 1400 sysaudio - ok
08:11:54.0796 1400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:11:54.0984 1400 Tcpip - ok
08:11:55.0640 1400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:11:55.0687 1400 TDPIPE - ok
08:11:56.0218 1400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:11:56.0234 1400 TDTCP - ok
08:11:56.0718 1400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:11:56.0750 1400 TermDD - ok
08:11:57.0312 1400 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
08:11:57.0390 1400 tifm21 - ok
08:11:57.0859 1400 TosIde - ok
08:11:58.0359 1400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:11:58.0406 1400 Udfs - ok
08:11:58.0875 1400 ultra - ok
08:11:59.0562 1400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:11:59.0765 1400 Update - ok
08:12:00.0328 1400 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:12:00.0359 1400 USBAAPL - ok
08:12:00.0859 1400 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:12:00.0875 1400 usbccgp - ok
08:12:01.0390 1400 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:12:01.0406 1400 usbehci - ok
08:12:01.0921 1400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:12:01.0953 1400 usbhub - ok
08:12:02.0500 1400 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:12:02.0515 1400 usbprint - ok
08:12:03.0015 1400 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:12:03.0015 1400 usbscan - ok
08:12:03.0546 1400 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:12:03.0562 1400 USBSTOR - ok
08:12:04.0062 1400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:12:04.0062 1400 usbuhci - ok
08:12:04.0625 1400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:12:04.0640 1400 VgaSave - ok
08:12:05.0093 1400 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:12:05.0093 1400 ViaIde - ok
08:12:05.0593 1400 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:12:05.0625 1400 VolSnap - ok
08:12:07.0828 1400 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
08:12:09.0453 1400 w29n51 - ok
08:12:10.0078 1400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:12:10.0093 1400 Wanarp - ok
08:12:10.0562 1400 wanatw - ok
08:12:11.0015 1400 WDICA - ok
08:12:11.0593 1400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:12:11.0640 1400 wdmaud - ok
08:12:12.0531 1400 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:12:12.0890 1400 winachsf - ok
08:12:13.0437 1400 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:12:13.0437 1400 WmiAcpi - ok
08:12:14.0031 1400 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
08:12:14.0062 1400 WpdUsb - ok
08:12:14.0625 1400 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:12:14.0640 1400 WS2IFSL - ok
08:12:15.0203 1400 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:12:15.0250 1400 WudfPf - ok
08:12:15.0812 1400 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:12:15.0843 1400 WudfRd - ok
08:12:15.0937 1400 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
08:12:16.0515 1400 \Device\Harddisk0\DR0 - ok
08:12:16.0531 1400 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
08:12:25.0312 1400 \Device\Harddisk1\DR3 - ok
08:12:25.0328 1400 Boot (0x1200) (1a06ca67e6c99b8a998481b657265c8c) \Device\Harddisk0\DR0\Partition0
08:12:25.0328 1400 \Device\Harddisk0\DR0\Partition0 - ok
08:12:25.0343 1400 Boot (0x1200) (818f5eaa6c069fdad4a8624816c2d260) \Device\Harddisk1\DR3\Partition0
08:12:25.0343 1400 \Device\Harddisk1\DR3\Partition0 - ok
08:12:25.0359 1400 ============================================================
08:12:25.0359 1400 Scan finished
08:12:25.0359 1400 ============================================================
08:12:25.0375 1392 Detected object count: 0
08:12:25.0375 1392 Actual detected object count: 0

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 03 February 2012 - 10:47 AM

ESET scanner log?

#12 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 04 February 2012 - 12:55 AM

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-77c14e17 a variant of Java/TrojanDownloader.Agent.ME trojan cleaned by deleting - quarantined

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 04 February 2012 - 07:53 AM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.



Do you still face issues?

#14 wakko9

wakko9
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 04 February 2012 - 11:08 AM

run in safe mode or regular boot?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:12 PM

Posted 04 February 2012 - 11:20 AM

regular mode.I want to know if microsoft security essentials still shows a sirefef pop up

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users