Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove rootkit virus and reset system


  • This topic is locked This topic is locked
52 replies to this topic

#1 paulwenman

paulwenman

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 16 February 2012 - 07:46 PM

We have been infected by a rootkit virus after a fake antivirus programme presented its window. We closed that window and ran an Avast scan which found the rootkit infection in Partition 3. We have no web-redirect symptoms yet. We have not tried to delete this via Avast because we have seen other reports that this doe not work. We have not run CCleaner or tried to re-start - because we fear boot problems. How should we proceed?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 16 February 2012 - 08:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 17 February 2012 - 11:49 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Susie at 16:44:30 on 2012-02-17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.2097 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnp2std.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Local Website Archive - C:\Users\Susie\AppData\Roaming\aignes\Local Website Archive\config\iearc.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100308103451
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7E58556C-7E59-4A1C-B8B0-F89815F5C2EF} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {60B3E30E-C23B-4F40-9342-3E917A50BF5B} - C:\Program Files (x86)\Local Website Archive\wsarc.exe
IE-X64: {761CC4D9-2BD0-4CE5-900C-07C7A244A239} - C:\Program Files (x86)\Local Website Archive\wsarc_add.exe
IE-X64: {E5BFCC0C-21D2-4FD5-A846-9F4AC8CF423A} - C:\Program Files (x86)\Local Website Archive\wsarc_add.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\lxi9uh08.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.telegraph.co.uk/?source=refresh
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-1-20 44768]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 3xHybr64;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybr64.sys --> C:\Windows\system32\DRIVERS\3xHybr64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\system32\drivers\hcw88aud.sys --> C:\Windows\system32\drivers\hcw88aud.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\system32\drivers\hcw88bda.sys --> C:\Windows\system32\drivers\hcw88bda.sys [?]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\system32\drivers\hcw88tse.sys --> C:\Windows\system32\drivers\hcw88tse.sys [?]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\system32\drivers\hcw88tun.sys --> C:\Windows\system32\drivers\hcw88tun.sys [?]
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\system32\drivers\hcw88vid.sys --> C:\Windows\system32\drivers\hcw88vid.sys [?]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\system32\drivers\HCW88BAR.sys --> C:\Windows\system32\drivers\HCW88BAR.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 rt61x64;RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 TFsExDisk;TFsExDisk;\??\C:\Windows\System32\Drivers\TFsExDisk.sys --> C:\Windows\System32\Drivers\TFsExDisk.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 bomgar-scc-1329494693;Bomgar Support Customer Client [1329494693];C:\ProgramData\bomgar-scc-000000004F3E7AA5\bomgar-scc.exe [2012-2-17 5164480]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-12 89920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-12-2 1181328]
S4 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-17 16:14:52 -------- d-----w- C:\ProgramData\SmartPCScan
2012-02-17 16:07:44 7680 ----a-w- C:\ProgramData\Z@!-ed0d1016-ee16-465b-9a8d-2d61329ee403.tmp
2012-02-17 16:04:53 -------- d-----w- C:\ProgramData\bomgar-scc-000000004F3E7AA5
2012-02-16 12:44:17 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 12:44:17 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 12:44:14 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 12:44:12 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 12:44:03 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-16 12:44:03 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-31 09:08:21 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-31 09:08:21 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-31 09:08:21 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-31 09:08:21 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-31 09:08:21 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-31 09:08:21 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-31 09:08:21 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-31 09:08:21 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-31 09:08:21 11264 ----a-w- C:\Windows\System32\lsass.exe
.
==================== Find3M ====================
.
2012-01-17 21:00:36 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-12-22 12:19:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 18:59:09 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-12-19 18:59:06 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-12-19 18:58:57 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-12-19 18:58:55 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-12-19 18:58:54 389840 ----a-w- C:\Windows\System32\guard64.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-30 18:05:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
.
============= FINISH: 16:45:45.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 08/12/2009 21:56:27
System Uptime: 17/02/2012 07:02:20 (9 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N73-AM
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 892 GiB total, 367.704 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP712: 02/02/2012 10:14:11 - Scheduled Checkpoint
RP713: 05/02/2012 14:55:37 - Scheduled Checkpoint
RP714: 06/02/2012 11:23:20 - Scheduled Checkpoint
RP715: 07/02/2012 11:11:32 - Scheduled Checkpoint
RP716: 08/02/2012 13:40:20 - Scheduled Checkpoint
RP717: 09/02/2012 10:53:06 - Scheduled Checkpoint
RP718: 10/02/2012 10:27:25 - Scheduled Checkpoint
RP719: 12/02/2012 21:36:32 - Scheduled Checkpoint
RP720: 13/02/2012 11:28:39 - Scheduled Checkpoint
RP721: 14/02/2012 09:27:46 - Scheduled Checkpoint
RP722: 15/02/2012 13:39:43 - Scheduled Checkpoint
RP723: 15/02/2012 15:39:33 - Device Driver Package Install: Hauppauge Sound, video and game controllers
RP724: 15/02/2012 15:40:49 - Device Driver Package Install: Hauppauge Sound, video and game controllers
RP725: 15/02/2012 15:41:31 - Device Driver Package Install: Hauppauge Sound, video and game controllers
RP726: 16/02/2012 13:17:48 - Scheduled Checkpoint
RP727: 16/02/2012 18:00:35 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
avast! Free Antivirus
BBC iPlayer Desktop
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
Chinese Simplified Fonts Support For Adobe Reader 9
COMODO GeekBuddy
EZ Vinyl/Tape Converter 7.4 by MixMeister
FileZilla Client 3.5.3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java™ 6 Update 29
Jing
Local Website Archive 3.1.1
Microsoft Expression Blend 2
Microsoft Expression Design 2
Microsoft Expression Encoder 2
Microsoft Expression Media 2 SP2
Microsoft Expression Studio 2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recover My Files
SAMSUNG Intelli-studio
Samsung PC Studio 3 USB Driver Installer
SamsungConnectivityCableDriver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Skype web features
Skype™ 5.3
Spotify
SpywareBlaster 4.5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 PC Camera (SN9C201&202)
Vista Services Optimizer
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.9
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
17/02/2012 16:12:17, Error: Service Control Manager [7034] - The Bomgar Support Customer Client [1329494693] service terminated unexpectedly. It has done this 1 time(s).
16/02/2012 18:27:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt is3srv szkg5
16/02/2012 18:27:56, Error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the path specified.
11/02/2012 23:43:08, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer CutePDF Writer with shared resource name CutePDF Writer. Error 2114. The printer cannot be used by others on the network.
11/02/2012 14:23:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

#4 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 17 February 2012 - 11:52 AM

Also, I contacted Avast to ask if I have their anti-virus installed properly. the did a remote scan and said many registry errors and also many Event errors in log files, e.g. Update and Bonjour. Don't know if that helps. They then tried to sell me unlimited technical support for one year for £110 which I did not take. The root kit has not been deleted even though Avast scan found it.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 18 February 2012 - 12:54 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 18 February 2012 - 01:17 PM

Ran Combofix - log attached. Was it a bad infection?

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 18 February 2012 - 10:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 20 February 2012 - 12:10 PM

No problems from TDSS:


16:57:42.0564 1028 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:57:42.0731 1028 ============================================================
16:57:42.0731 1028 Current date / time: 2012/02/20 16:57:42.0731
16:57:42.0732 1028 SystemInfo:
16:57:42.0732 1028
16:57:42.0732 1028 OS Version: 6.0.6002 ServicePack: 2.0
16:57:42.0732 1028 Product type: Workstation
16:57:42.0732 1028 ComputerName: MESH
16:57:42.0732 1028 UserName: Susie
16:57:42.0732 1028 Windows directory: C:\Windows
16:57:42.0732 1028 System windows directory: C:\Windows
16:57:42.0732 1028 Running under WOW64
16:57:42.0732 1028 Processor architecture: Intel x64
16:57:42.0732 1028 Number of processors: 2
16:57:42.0732 1028 Page size: 0x1000
16:57:42.0732 1028 Boot type: Normal boot
16:57:42.0732 1028 ============================================================
16:57:43.0125 1028 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:57:43.0144 1028 \Device\Harddisk0\DR0:
16:57:43.0144 1028 MBR used
16:57:43.0144 1028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x4E200A0, BlocksNum 0x6F8E5760
16:57:43.0187 1028 Initialize success
16:57:43.0187 1028 ============================================================
16:57:56.0614 2112 ============================================================
16:57:56.0614 2112 Scan started
16:57:56.0614 2112 Mode: Manual;
16:57:56.0614 2112 ============================================================
16:57:57.0118 2112 3xHybr64 (07373507704a202b263796a040057e7d) C:\Windows\system32\DRIVERS\3xHybr64.sys
16:57:57.0119 2112 3xHybr64 - ok
16:57:57.0163 2112 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:57:57.0167 2112 ACPI - ok
16:57:57.0204 2112 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:57:57.0210 2112 adp94xx - ok
16:57:57.0229 2112 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:57:57.0233 2112 adpahci - ok
16:57:57.0252 2112 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:57:57.0254 2112 adpu160m - ok
16:57:57.0279 2112 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:57:57.0281 2112 adpu320 - ok
16:57:57.0358 2112 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
16:57:57.0363 2112 AFD - ok
16:57:57.0400 2112 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:57:57.0401 2112 agp440 - ok
16:57:57.0420 2112 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:57:57.0421 2112 aic78xx - ok
16:57:57.0460 2112 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:57:57.0473 2112 aliide - ok
16:57:57.0498 2112 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:57:57.0499 2112 amdide - ok
16:57:57.0505 2112 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:57:57.0506 2112 AmdK8 - ok
16:57:57.0665 2112 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:57.0737 2112 amdkmdag - ok
16:57:57.0770 2112 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:57:57.0773 2112 amdkmdap - ok
16:57:57.0784 2112 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:57:57.0786 2112 arc - ok
16:57:57.0809 2112 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:57:57.0810 2112 arcsas - ok
16:57:57.0869 2112 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
16:57:57.0870 2112 aswFsBlk - ok
16:57:57.0926 2112 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
16:57:57.0927 2112 aswMonFlt - ok
16:57:57.0946 2112 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
16:57:57.0947 2112 aswRdr - ok
16:57:58.0024 2112 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
16:57:58.0030 2112 aswSnx - ok
16:57:58.0065 2112 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
16:57:58.0068 2112 aswSP - ok
16:57:58.0085 2112 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
16:57:58.0086 2112 aswTdi - ok
16:57:58.0103 2112 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:58.0104 2112 AsyncMac - ok
16:57:58.0158 2112 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:57:58.0158 2112 atapi - ok
16:57:58.0295 2112 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:58.0331 2112 atikmdag - ok
16:57:58.0368 2112 Beep - ok
16:57:58.0412 2112 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:57:58.0413 2112 blbdrive - ok
16:57:58.0498 2112 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:57:58.0516 2112 bowser - ok
16:57:58.0525 2112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:57:58.0526 2112 BrFiltLo - ok
16:57:58.0534 2112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:57:58.0535 2112 BrFiltUp - ok
16:57:58.0559 2112 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:57:58.0561 2112 Brserid - ok
16:57:58.0567 2112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:57:58.0568 2112 BrSerWdm - ok
16:57:58.0574 2112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:57:58.0575 2112 BrUsbMdm - ok
16:57:58.0581 2112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:57:58.0582 2112 BrUsbSer - ok
16:57:58.0589 2112 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:57:58.0590 2112 BTHMODEM - ok
16:57:58.0594 2112 catchme - ok
16:57:58.0626 2112 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:58.0629 2112 cdfs - ok
16:57:58.0667 2112 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:58.0669 2112 cdrom - ok
16:57:58.0681 2112 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:57:58.0682 2112 circlass - ok
16:57:58.0746 2112 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:57:58.0751 2112 CLFS - ok
16:57:58.0839 2112 cmdGuard (672ffce8f3911b66129ac0ce0a472234) C:\Windows\system32\DRIVERS\cmdguard.sys
16:57:58.0841 2112 cmdGuard - ok
16:57:58.0861 2112 cmdHlp (af45936bf2aaefc4d99dddf3c60bba3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
16:57:58.0862 2112 cmdHlp - ok
16:57:58.0881 2112 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:57:58.0886 2112 cmdide - ok
16:57:58.0898 2112 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:57:58.0899 2112 Compbatt - ok
16:57:58.0918 2112 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:57:58.0919 2112 crcdisk - ok
16:57:58.0964 2112 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
16:57:58.0969 2112 CSC - ok
16:57:59.0017 2112 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:57:59.0031 2112 DfsC - ok
16:57:59.0058 2112 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:57:59.0059 2112 disk - ok
16:57:59.0093 2112 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:57:59.0094 2112 drmkaud - ok
16:57:59.0149 2112 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:57:59.0160 2112 DXGKrnl - ok
16:57:59.0175 2112 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:57:59.0177 2112 E1G60 - ok
16:57:59.0205 2112 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:57:59.0207 2112 Ecache - ok
16:57:59.0244 2112 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:57:59.0248 2112 elxstor - ok
16:57:59.0258 2112 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:57:59.0259 2112 ErrDev - ok
16:57:59.0300 2112 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:57:59.0302 2112 exfat - ok
16:57:59.0402 2112 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:57:59.0404 2112 fastfat - ok
16:57:59.0425 2112 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:57:59.0426 2112 fdc - ok
16:57:59.0476 2112 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:57:59.0478 2112 FileInfo - ok
16:57:59.0484 2112 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:57:59.0485 2112 Filetrace - ok
16:57:59.0492 2112 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:59.0493 2112 flpydisk - ok
16:57:59.0543 2112 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:57:59.0546 2112 FltMgr - ok
16:57:59.0601 2112 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:57:59.0602 2112 Fs_Rec - ok
16:57:59.0620 2112 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
16:57:59.0622 2112 fvevol - ok
16:57:59.0650 2112 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:57:59.0651 2112 gagp30kx - ok
16:57:59.0688 2112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:57:59.0689 2112 GEARAspiWDM - ok
16:57:59.0781 2112 HCW88AUD (1b6e0d2b57392c17286d7820c6d91b0e) C:\Windows\system32\drivers\hcw88aud.sys
16:57:59.0789 2112 HCW88AUD - ok
16:57:59.0838 2112 HCW88BDA (17c6ce4287e38b82483d4adb17cc5c7b) C:\Windows\system32\drivers\hcw88bda.sys
16:57:59.0841 2112 HCW88BDA - ok
16:57:59.0869 2112 HCW88TSE (7423815be41d612e13fd0a66d48b846b) C:\Windows\system32\drivers\hcw88tse.sys
16:57:59.0873 2112 HCW88TSE - ok
16:57:59.0903 2112 HCW88TUNE (db2d3cc1ebcd46d7490d69d53a574438) C:\Windows\system32\drivers\hcw88tun.sys
16:57:59.0904 2112 HCW88TUNE - ok
16:57:59.0951 2112 hcw88vid (167b7e198c6e80c525de500e0670d0ce) C:\Windows\system32\drivers\hcw88vid.sys
16:57:59.0955 2112 hcw88vid - ok
16:57:59.0989 2112 HCW88XBAR (0698cc6b0559882beaff425b7086b7a2) C:\Windows\system32\drivers\HCW88BAR.sys
16:57:59.0998 2112 HCW88XBAR - ok
16:58:00.0020 2112 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:58:00.0023 2112 HdAudAddService - ok
16:58:00.0041 2112 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:58:00.0050 2112 HDAudBus - ok
16:58:00.0089 2112 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:58:00.0090 2112 HidBth - ok
16:58:00.0127 2112 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:58:00.0128 2112 HidIr - ok
16:58:00.0150 2112 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:58:00.0151 2112 HidUsb - ok
16:58:00.0160 2112 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:58:00.0161 2112 HpCISSs - ok
16:58:00.0202 2112 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:58:00.0203 2112 HTCAND64 - ok
16:58:00.0264 2112 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
16:58:00.0264 2112 htcnprot - ok
16:58:00.0295 2112 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:58:00.0311 2112 HTTP - ok
16:58:00.0327 2112 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:58:00.0342 2112 i2omp - ok
16:58:00.0358 2112 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:58:00.0358 2112 i8042prt - ok
16:58:00.0373 2112 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:58:00.0373 2112 iaStorV - ok
16:58:00.0389 2112 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:58:00.0389 2112 iirsp - ok
16:58:00.0436 2112 inspect (940351053311eab726f5a99a96ab3a2f) C:\Windows\system32\DRIVERS\inspect.sys
16:58:00.0436 2112 inspect - ok
16:58:00.0436 2112 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:58:00.0436 2112 intelide - ok
16:58:00.0452 2112 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:58:00.0452 2112 intelppm - ok
16:58:00.0469 2112 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:58:00.0471 2112 IpFilterDriver - ok
16:58:00.0480 2112 IpInIp - ok
16:58:00.0488 2112 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:58:00.0490 2112 IPMIDRV - ok
16:58:00.0516 2112 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:58:00.0517 2112 IPNAT - ok
16:58:00.0528 2112 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:58:00.0529 2112 IRENUM - ok
16:58:00.0531 2112 is3srv - ok
16:58:00.0539 2112 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:58:00.0541 2112 isapnp - ok
16:58:00.0573 2112 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:58:00.0576 2112 iScsiPrt - ok
16:58:00.0582 2112 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:58:00.0584 2112 iteatapi - ok
16:58:00.0591 2112 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:58:00.0592 2112 iteraid - ok
16:58:00.0601 2112 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:58:00.0602 2112 kbdclass - ok
16:58:00.0639 2112 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:58:00.0648 2112 kbdhid - ok
16:58:00.0675 2112 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
16:58:00.0681 2112 KSecDD - ok
16:58:00.0688 2112 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:58:00.0689 2112 ksthunk - ok
16:58:00.0728 2112 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys
16:58:00.0729 2112 Lbd - ok
16:58:00.0766 2112 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:58:00.0768 2112 lltdio - ok
16:58:00.0807 2112 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:58:00.0809 2112 LSI_FC - ok
16:58:00.0822 2112 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:58:00.0824 2112 LSI_SAS - ok
16:58:00.0844 2112 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:58:00.0846 2112 LSI_SCSI - ok
16:58:00.0864 2112 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:58:00.0866 2112 luafv - ok
16:58:00.0875 2112 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:58:00.0877 2112 megasas - ok
16:58:00.0899 2112 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:58:00.0904 2112 MegaSR - ok
16:58:00.0914 2112 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:58:00.0915 2112 Modem - ok
16:58:00.0935 2112 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:58:00.0936 2112 monitor - ok
16:58:00.0943 2112 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:58:00.0944 2112 mouclass - ok
16:58:00.0951 2112 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:58:00.0952 2112 mouhid - ok
16:58:00.0969 2112 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:58:00.0970 2112 MountMgr - ok
16:58:00.0987 2112 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:58:00.0989 2112 mpio - ok
16:58:01.0009 2112 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:58:01.0011 2112 mpsdrv - ok
16:58:01.0019 2112 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:58:01.0020 2112 Mraid35x - ok
16:58:01.0040 2112 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:58:01.0042 2112 MRxDAV - ok
16:58:01.0078 2112 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:58:01.0080 2112 mrxsmb - ok
16:58:01.0122 2112 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:58:01.0125 2112 mrxsmb10 - ok
16:58:01.0146 2112 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:58:01.0148 2112 mrxsmb20 - ok
16:58:01.0168 2112 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:58:01.0170 2112 msahci - ok
16:58:01.0177 2112 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:58:01.0179 2112 msdsm - ok
16:58:01.0210 2112 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:58:01.0212 2112 Msfs - ok
16:58:01.0234 2112 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:58:01.0234 2112 msisadrv - ok
16:58:01.0259 2112 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:58:01.0260 2112 MSKSSRV - ok
16:58:01.0274 2112 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:58:01.0275 2112 MSPCLOCK - ok
16:58:01.0288 2112 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:58:01.0289 2112 MSPQM - ok
16:58:01.0329 2112 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:58:01.0332 2112 MsRPC - ok
16:58:01.0369 2112 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:58:01.0370 2112 mssmbios - ok
16:58:01.0397 2112 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:58:01.0397 2112 MSTEE - ok
16:58:01.0417 2112 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
16:58:01.0418 2112 MTsensor - ok
16:58:01.0426 2112 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:58:01.0427 2112 Mup - ok
16:58:01.0467 2112 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:58:01.0470 2112 NativeWifiP - ok
16:58:01.0517 2112 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:58:01.0521 2112 NDIS - ok
16:58:01.0557 2112 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:58:01.0558 2112 NdisTapi - ok
16:58:01.0584 2112 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:58:01.0586 2112 Ndisuio - ok
16:58:01.0649 2112 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:58:01.0652 2112 NdisWan - ok
16:58:01.0665 2112 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:58:01.0666 2112 NDProxy - ok
16:58:01.0703 2112 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:58:01.0704 2112 NetBIOS - ok
16:58:01.0721 2112 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:58:01.0723 2112 netbt - ok
16:58:01.0746 2112 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:58:01.0747 2112 nfrd960 - ok
16:58:01.0765 2112 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:58:01.0766 2112 Npfs - ok
16:58:01.0775 2112 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:58:01.0776 2112 nsiproxy - ok
16:58:01.0820 2112 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:58:01.0827 2112 Ntfs - ok
16:58:01.0852 2112 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:58:01.0852 2112 Null - ok
16:58:01.0907 2112 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:58:01.0921 2112 NVENETFD - ok
16:58:01.0953 2112 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:58:01.0955 2112 nvraid - ok
16:58:01.0963 2112 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:58:01.0964 2112 nvstor - ok
16:58:01.0991 2112 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:58:01.0992 2112 nv_agp - ok
16:58:01.0999 2112 NwlnkFlt - ok
16:58:02.0008 2112 NwlnkFwd - ok
16:58:02.0019 2112 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
16:58:02.0021 2112 ohci1394 - ok
16:58:02.0051 2112 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
16:58:02.0053 2112 Parport - ok
16:58:02.0089 2112 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:58:02.0090 2112 partmgr - ok
16:58:02.0102 2112 pccsmcfd - ok
16:58:02.0111 2112 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:58:02.0113 2112 pci - ok
16:58:02.0132 2112 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:58:02.0133 2112 pciide - ok
16:58:02.0153 2112 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:58:02.0156 2112 pcmcia - ok
16:58:02.0180 2112 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:58:02.0187 2112 PEAUTH - ok
16:58:02.0228 2112 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:58:02.0229 2112 PptpMiniport - ok
16:58:02.0259 2112 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:58:02.0260 2112 Processor - ok
16:58:02.0298 2112 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:58:02.0308 2112 PSched - ok
16:58:02.0337 2112 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:58:02.0349 2112 ql2300 - ok
16:58:02.0359 2112 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:58:02.0361 2112 ql40xx - ok
16:58:02.0376 2112 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:58:02.0378 2112 QWAVEdrv - ok
16:58:02.0385 2112 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:58:02.0386 2112 RasAcd - ok
16:58:02.0407 2112 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:58:02.0409 2112 Rasl2tp - ok
16:58:02.0447 2112 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:58:02.0448 2112 RasPppoe - ok
16:58:02.0456 2112 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:58:02.0457 2112 RasSstp - ok
16:58:02.0498 2112 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:58:02.0501 2112 rdbss - ok
16:58:02.0537 2112 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:58:02.0538 2112 RDPCDD - ok
16:58:02.0552 2112 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
16:58:02.0556 2112 rdpdr - ok
16:58:02.0563 2112 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:58:02.0564 2112 RDPENCDD - ok
16:58:02.0594 2112 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:58:02.0597 2112 RDPWD - ok
16:58:02.0624 2112 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:58:02.0626 2112 rspndr - ok
16:58:02.0675 2112 rt61x64 (0de3a20c7dbc58fcf8587045b25379a0) C:\Windows\system32\DRIVERS\netr6164.sys
16:58:02.0707 2112 rt61x64 - ok
16:58:02.0724 2112 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:58:02.0724 2112 sbp2port - ok
16:58:02.0740 2112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:58:02.0742 2112 secdrv - ok
16:58:02.0785 2112 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
16:58:02.0786 2112 Serenum - ok
16:58:02.0804 2112 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
16:58:02.0806 2112 Serial - ok
16:58:02.0835 2112 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:58:02.0836 2112 sermouse - ok
16:58:02.0852 2112 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:58:02.0853 2112 sffdisk - ok
16:58:02.0861 2112 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:58:02.0862 2112 sffp_mmc - ok
16:58:02.0872 2112 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:58:02.0873 2112 sffp_sd - ok
16:58:02.0909 2112 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
16:58:02.0910 2112 sfloppy - ok
16:58:02.0946 2112 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:58:02.0947 2112 SiSRaid2 - ok
16:58:02.0972 2112 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:58:02.0974 2112 SiSRaid4 - ok
16:58:03.0002 2112 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:58:03.0003 2112 Smb - ok
16:58:03.0210 2112 SNP2STD (ac8f1ef394faf226b64a8e937e6d812b) C:\Windows\system32\DRIVERS\snp2sxp.sys
16:58:03.0324 2112 SNP2STD - ok
16:58:03.0363 2112 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:58:03.0364 2112 spldr - ok
16:58:03.0412 2112 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:58:03.0424 2112 srv - ok
16:58:03.0466 2112 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:58:03.0468 2112 srv2 - ok
16:58:03.0491 2112 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:58:03.0494 2112 srvnet - ok
16:58:03.0533 2112 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
16:58:03.0535 2112 sscdbus - ok
16:58:03.0582 2112 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:58:03.0583 2112 sscdmdfl - ok
16:58:03.0631 2112 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
16:58:03.0635 2112 sscdmdm - ok
16:58:03.0683 2112 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
16:58:03.0684 2112 StillCam - ok
16:58:03.0726 2112 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:58:03.0727 2112 swenum - ok
16:58:03.0752 2112 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:58:03.0753 2112 Symc8xx - ok
16:58:03.0761 2112 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:58:03.0763 2112 Sym_hi - ok
16:58:03.0771 2112 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:58:03.0773 2112 Sym_u3 - ok
16:58:03.0779 2112 szkg5 - ok
16:58:03.0833 2112 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:58:03.0839 2112 Tcpip - ok
16:58:03.0863 2112 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:58:03.0870 2112 Tcpip6 - ok
16:58:03.0922 2112 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:58:03.0923 2112 tcpipreg - ok
16:58:03.0940 2112 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:58:03.0941 2112 TDPIPE - ok
16:58:03.0948 2112 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:58:03.0950 2112 TDTCP - ok
16:58:03.0981 2112 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:58:03.0982 2112 tdx - ok
16:58:04.0035 2112 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:58:04.0045 2112 TermDD - ok
16:58:04.0093 2112 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
16:58:04.0094 2112 TFsExDisk - ok
16:58:04.0124 2112 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:58:04.0126 2112 tssecsrv - ok
16:58:04.0170 2112 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:58:04.0171 2112 tunmp - ok
16:58:04.0220 2112 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:58:04.0221 2112 tunnel - ok
16:58:04.0252 2112 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:58:04.0253 2112 uagp35 - ok
16:58:04.0283 2112 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:58:04.0286 2112 udfs - ok
16:58:04.0316 2112 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:58:04.0318 2112 uliagpkx - ok
16:58:04.0332 2112 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:58:04.0335 2112 uliahci - ok
16:58:04.0345 2112 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:58:04.0347 2112 UlSata - ok
16:58:04.0363 2112 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:58:04.0365 2112 ulsata2 - ok
16:58:04.0385 2112 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:58:04.0386 2112 umbus - ok
16:58:04.0433 2112 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:58:04.0434 2112 USBAAPL64 - ok
16:58:04.0463 2112 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:58:04.0465 2112 usbaudio - ok
16:58:04.0504 2112 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:58:04.0506 2112 usbccgp - ok
16:58:04.0516 2112 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
16:58:04.0518 2112 usbcir - ok
16:58:04.0563 2112 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:58:04.0564 2112 usbehci - ok
16:58:04.0580 2112 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:58:04.0583 2112 usbhub - ok
16:58:04.0626 2112 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:58:04.0627 2112 usbohci - ok
16:58:04.0662 2112 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:58:04.0663 2112 usbprint - ok
16:58:04.0680 2112 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:58:04.0682 2112 USBSTOR - ok
16:58:04.0699 2112 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:58:04.0700 2112 usbuhci - ok
16:58:04.0714 2112 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:58:04.0715 2112 vga - ok
16:58:04.0757 2112 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:58:04.0757 2112 VgaSave - ok
16:58:04.0788 2112 VIAHdAudAddService (c1a48bceba3e76d933a007828013a62c) C:\Windows\system32\drivers\viahduaa.sys
16:58:04.0788 2112 VIAHdAudAddService - ok
16:58:04.0788 2112 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:58:04.0788 2112 viaide - ok
16:58:04.0804 2112 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:58:04.0804 2112 volmgr - ok
16:58:04.0819 2112 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:58:04.0819 2112 volmgrx - ok
16:58:04.0866 2112 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:58:04.0866 2112 volsnap - ok
16:58:04.0897 2112 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:58:04.0897 2112 vsmraid - ok
16:58:04.0913 2112 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:58:04.0913 2112 WacomPen - ok
16:58:04.0944 2112 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:58:04.0944 2112 Wanarp - ok
16:58:04.0960 2112 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:58:04.0960 2112 Wanarpv6 - ok
16:58:04.0975 2112 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:58:04.0975 2112 Wd - ok
16:58:04.0991 2112 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:58:05.0006 2112 Wdf01000 - ok
16:58:05.0054 2112 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
16:58:05.0054 2112 WmiAcpi - ok
16:58:05.0100 2112 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:58:05.0101 2112 WpdUsb - ok
16:58:05.0113 2112 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:58:05.0114 2112 ws2ifsl - ok
16:58:05.0156 2112 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:58:05.0157 2112 WSDPrintDevice - ok
16:58:05.0189 2112 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:58:05.0190 2112 WUDFRd - ok
16:58:05.0239 2112 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:58:05.0280 2112 \Device\Harddisk0\DR0 - ok
16:58:05.0298 2112 Boot (0x1200) (44ef457d16cde250fd3a6343762d8d46) \Device\Harddisk0\DR0\Partition0
16:58:05.0299 2112 \Device\Harddisk0\DR0\Partition0 - ok
16:58:05.0299 2112 ============================================================
16:58:05.0299 2112 Scan finished
16:58:05.0299 2112 ============================================================
16:58:05.0305 1536 Detected object count: 0
16:58:05.0305 1536 Actual detected object count: 0
16:58:19.0370 4888 Deinitialize success

ok aswMBR fund Alureon-k - nasty one I read? Is this new or maybe left over from the Nov 11 infection you helped me with?

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 17:02:39
-----------------------------
17:02:39.717 OS Version: Windows x64 6.0.6002 Service Pack 2
17:02:39.717 Number of processors: 2 586 0x170A
17:02:39.718 ComputerName: MESH UserName:
17:02:52.268 Initialize success
17:02:52.352 AVAST engine defs: 12022001
17:03:20.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:03:20.028 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
17:03:20.041 Disk 0 MBR read successfully
17:03:20.044 Disk 0 MBR scan
17:03:20.046 Disk 0 Windows VISTA default MBR code
17:03:20.072 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 39999 MB offset 2048
17:03:20.084 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 913866 MB offset 81920160
17:03:20.112 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 1953519616
17:03:20.114 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
17:03:20.117 Service scanning
17:03:38.002 Modules scanning
17:03:38.008 Disk 0 trace - called modules:
17:03:38.038 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:03:38.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a59790]
17:03:38.050 3 CLASSPNP.SYS[fffffa6000dd0c33] -> nt!IofCallDriver -> [0xfffffa800487d520]
17:03:38.054 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800485f060]
17:03:39.724 AVAST engine scan C:\Windows
17:03:43.592 AVAST engine scan C:\Windows\system32
17:05:57.631 AVAST engine scan C:\Windows\system32\drivers
17:06:09.829 AVAST engine scan C:\Users\Susie
17:07:32.781 Disk 0 MBR has been saved successfully to "C:\Users\Susie\Desktop\MBR.dat"
17:07:32.796 The log file has been saved successfully to "C:\Users\Susie\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 04:07 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 20 February 2012 - 07:51 PM

got a blue screen on boot to USB ACPI index mismatch ???
Tried again in SAFE mode - it bypassed the USB and went into normal Vista safe mode :(

Question: when setting up the boot USB there is a final question asking to reboot now. I did not - I just took out the USB from my laptop (where I downloaded the boot files) and inserted into the infected PC - is this correct?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 09:14 PM

that sounds correct - remake the usb and see if you have the same problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 21 February 2012 - 06:02 AM

Gringo, we are now having random freezes and re-boots on another PC. We never use a home network for sharing files because we never got it to work properly (maybe cos one is Vista and on e is XP Home), but they share the same internet and router network. I have run the aswMBR and TDSSkiler in the 2nd PC and they came up with SPBD.sys locked in Drivers. Event viewer showed that SPBD is a red cross error. I uninstalled SPBD and now its gone. But we stil get re-boots when I run awsMBR. I think this is a separate problem maybe? I hope so. SHould we be using the same router still for other laptops? Its our only way of communicating.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 21 February 2012 - 07:42 AM

Hello

It should be a separate problem and I would not worry about the other computers


I have been doing some studying and want you to run this instead


For x64 bit systems please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

Note: The tool currently on Italian and English language operating systems gives a full log.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 21 February 2012 - 10:34 AM

ok managed to boot puppy -here is the jpeg

Attached Files



#15 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 21 February 2012 - 10:48 AM

Listparts log:

ListParts by Farbar
Ran by Susie on 21-02-2012 at 15:45:14
Windows Vista (X64)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 4093.64 MB
Available physical RAM: 2886.34 MB
Total Pagefile: 8362.45 MB
Available Pagefile: 7142.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WinVista) (Fixed) (Total:892.45 GB) (Free:365.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.69 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 956 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 GB 1024 KB
Partition 2 Primary 892 GB 39 GB
Partition 3 Primary 2768 KB 932 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WinVista NTFS Partition 892 GB Healthy Boot

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 956 MB 256 KB

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 E USB DISK FAT Removable 956 MB Healthy



****** End Of Log ******




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users