Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, Malware, Win32 Worm found in boot-time scan.


  • This topic is locked This topic is locked
24 replies to this topic

#1 marianneg

marianneg

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 22 February 2012 - 03:25 PM

I have a Dell PC (Optiplex) with Windows XP Pro 32Bit. I was initially informed that I was sending emails to persons in my contacts from my phone but wanted to check the PC as well. Running a Boot Time Scan using Avast, it showed there were several threats, namely: Java:Agent-AOS[Trj], Win32:MalOb-HO [Cryp] and Win32:Sytro-AB[Wrm].

I need to know if there are other malwares or trojans in this system and how to get rid of them but am not sure where to even begin. What other information do you need and/or where do we begin?

Thank you in advance for your help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 22 February 2012 - 04:28 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 25 February 2012 - 12:50 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 28 February 2012 - 12:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 01 March 2012 - 08:15 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 01 March 2012 - 08:15 PM

Hello


Ok send me the reports when you are ready


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 marianneg

marianneg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 March 2012 - 02:48 PM

Attached File  attach.txt   14.78KB   1 downloadsAttached File  dds.txt   10.91KB   0 downloads

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 02 March 2012 - 03:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 marianneg

marianneg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 March 2012 - 03:48 PM

Attached File  log.txt   12.96KB   2 downloads


ComboFix 12-03-02.01 - Marianne 03/02/2012 12:17:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3269 [GMT -8:00]
Running from: c:\documents and settings\Marianne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marianne\WINDOWS
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobebaln.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 02:37 . 2012-03-02 02:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-01 19:55 . 2012-03-01 19:55 -------- d-----w- c:\program files\Common Files\Java
2012-03-01 19:55 . 2012-03-01 19:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-01 19:55 . 2012-03-01 19:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-01 19:55 . 2012-03-01 19:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 19:54 . 2012-03-01 19:54 -------- d-----w- c:\program files\Java
2012-02-29 20:37 . 2012-02-29 20:37 -------- d-sh--w- c:\documents and settings\Marianne\PrivacIE
2012-02-29 20:27 . 2012-02-29 20:27 -------- d-sh--w- c:\documents and settings\Marianne\IETldCache
2012-02-29 20:10 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-29 20:08 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-29 20:08 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-29 20:08 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-29 20:05 . 2012-02-29 20:08 -------- dc-h--w- c:\windows\ie8
2012-02-28 19:09 . 2012-02-28 19:09 1409 ----a-w- c:\windows\QTFont.for
2012-02-15 15:51 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 15:51 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:23 . 2011-03-04 23:41 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-03-04 23:41 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-03-04 23:42 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-03-04 23:42 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-03-04 23:42 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-03-04 23:42 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-03-04 23:42 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-03-04 23:42 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-03-04 23:42 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-03-04 23:42 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 14:15 . 2011-05-20 14:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2002-08-29 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 18:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-10-12 14:26 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-8-1 24576]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX620 Series]
2004-05-19 20:00 98304 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9HA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 17:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-17 21:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [3/4/2011 3:42 PM 610648]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/4/2011 3:42 PM 337112]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/10/2003 1:52 AM 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 1:31 AM 36064]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [3/4/2011 3:42 PM 20696]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [11/20/2006 12:01 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [11/20/2006 12:01 PM 3904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:59 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:59 PM 135664]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\SYSTEM32\DRIVERS\SMCWGU.sys [9/4/2007 12:12 PM 408064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:59]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.iwon.com/
uInternet Connection Wizard,ShellNext = hxxp://smbusiness.dellnet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://67.181.251.127/WebDvr3.cab
DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} - hxxp://157.238.134.97/events/bin/comptest/4.1.0.34000/MILiveCompTest.ocx
DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} - hxxp://online.invokesolutions.com/events/bin/media/4.1.0.1414-3.0.0.7206/MILive.cab
FF - ProfilePath - c:\documents and settings\Marianne\Application Data\Mozilla\Firefox\Profiles\6n7ep11g.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.iwon.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Marianne\Application Data\Move Networks
.
.
------- File Associations -------
.
.txt=txt_auto_file
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
MSConfigStartUp-PromptCast - c:\program files\PromptCast\PromptCast.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
.
**************************************************************************
.
Completion time: 2012-03-02 12:38:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 20:37
.
Pre-Run: 19,808,403,456 bytes free
Post-Run: 20,870,479,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /NOGUIBOOT
.
- - End Of File - - 44FCCD67DDA77549D6A47766190F0C7F

Edited by gringo_pr, 02 March 2012 - 03:56 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 02 March 2012 - 03:55 PM

Greetings

please copy and paste reports into the topic see edit above

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 marianneg

marianneg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 March 2012 - 04:20 PM

13:06:39.0875 3996 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
13:06:40.0421 3996 ============================================================
13:06:40.0421 3996 Current date / time: 2012/03/02 13:06:40.0421
13:06:40.0421 3996 SystemInfo:
13:06:40.0421 3996
13:06:40.0421 3996 OS Version: 5.1.2600 ServicePack: 3.0
13:06:40.0421 3996 Product type: Workstation
13:06:40.0421 3996 ComputerName: COMPUTER2
13:06:40.0421 3996 UserName: Marianne
13:06:40.0421 3996 Windows directory: C:\WINDOWS
13:06:40.0421 3996 System windows directory: C:\WINDOWS
13:06:40.0421 3996 Processor architecture: Intel x86
13:06:40.0421 3996 Number of processors: 1
13:06:40.0421 3996 Page size: 0x1000
13:06:40.0421 3996 Boot type: Normal boot
13:06:40.0421 3996 ============================================================
13:06:42.0812 3996 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:06:42.0812 3996 \Device\Harddisk0\DR0:
13:06:42.0812 3996 MBR used
13:06:42.0812 3996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A6DA7A
13:06:42.0843 3996 Initialize success
13:06:42.0843 3996 ============================================================
13:06:44.0484 1700 ============================================================
13:06:44.0484 1700 Scan started
13:06:44.0484 1700 Mode: Manual;
13:06:44.0484 1700 ============================================================
13:06:45.0515 1700 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:06:45.0515 1700 Aavmker4 - ok
13:06:45.0609 1700 Abiosdsk - ok
13:06:45.0718 1700 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
13:06:45.0734 1700 abp480n5 - ok
13:06:45.0890 1700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:06:45.0890 1700 ACPI - ok
13:06:46.0046 1700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:06:46.0046 1700 ACPIEC - ok
13:06:46.0187 1700 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
13:06:46.0187 1700 adpu160m - ok
13:06:46.0328 1700 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
13:06:46.0328 1700 aeaudio - ok
13:06:46.0500 1700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:06:46.0500 1700 aec - ok
13:06:46.0656 1700 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:06:46.0656 1700 AFD - ok
13:06:46.0796 1700 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
13:06:46.0796 1700 agp440 - ok
13:06:47.0296 1700 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
13:06:47.0296 1700 agpCPQ - ok
13:06:47.0437 1700 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
13:06:47.0437 1700 Aha154x - ok
13:06:47.0562 1700 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
13:06:47.0578 1700 aic78u2 - ok
13:06:47.0734 1700 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
13:06:47.0734 1700 aic78xx - ok
13:06:47.0890 1700 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
13:06:47.0890 1700 AliIde - ok
13:06:48.0046 1700 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
13:06:48.0046 1700 alim1541 - ok
13:06:48.0234 1700 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
13:06:48.0234 1700 amdagp - ok
13:06:48.0375 1700 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
13:06:48.0375 1700 amsint - ok
13:06:48.0531 1700 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
13:06:48.0531 1700 asc - ok
13:06:48.0656 1700 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
13:06:48.0656 1700 asc3350p - ok
13:06:48.0796 1700 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
13:06:48.0812 1700 asc3550 - ok
13:06:48.0953 1700 AsfAlrt (e301dd2b6cced65e0537ceaee8f954b6) C:\WINDOWS\System32\drivers\AsfAlrt.sys
13:06:48.0968 1700 AsfAlrt - ok
13:06:49.0140 1700 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:06:49.0140 1700 aswFsBlk - ok
13:06:49.0312 1700 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
13:06:49.0328 1700 aswMon2 - ok
13:06:49.0453 1700 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
13:06:49.0453 1700 aswRdr - ok
13:06:49.0625 1700 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
13:06:49.0640 1700 aswSnx - ok
13:06:49.0828 1700 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
13:06:49.0843 1700 aswSP - ok
13:06:50.0015 1700 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
13:06:50.0015 1700 aswTdi - ok
13:06:50.0187 1700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:06:50.0187 1700 AsyncMac - ok
13:06:50.0328 1700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:06:50.0343 1700 atapi - ok
13:06:50.0484 1700 Atdisk - ok
13:06:50.0640 1700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:06:50.0640 1700 Atmarpc - ok
13:06:50.0796 1700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:06:50.0796 1700 audstub - ok
13:06:50.0921 1700 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
13:06:50.0921 1700 BCMNTIO - ok
13:06:51.0062 1700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:06:51.0062 1700 Beep - ok
13:06:51.0171 1700 bvrp_pci - ok
13:06:51.0187 1700 catchme - ok
13:06:51.0265 1700 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
13:06:51.0265 1700 cbidf - ok
13:06:51.0343 1700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:06:51.0359 1700 cbidf2k - ok
13:06:51.0468 1700 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
13:06:51.0468 1700 cd20xrnt - ok
13:06:51.0562 1700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:06:51.0562 1700 Cdaudio - ok
13:06:51.0671 1700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:06:51.0671 1700 Cdfs - ok
13:06:51.0812 1700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:06:51.0812 1700 Cdrom - ok
13:06:51.0921 1700 Changer - ok
13:06:52.0062 1700 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
13:06:52.0062 1700 CmdIde - ok
13:06:52.0187 1700 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:06:52.0187 1700 Compbatt - ok
13:06:52.0328 1700 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
13:06:52.0343 1700 Cpqarray - ok
13:06:52.0468 1700 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
13:06:52.0484 1700 dac2w2k - ok
13:06:52.0625 1700 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
13:06:52.0625 1700 dac960nt - ok
13:06:52.0781 1700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:06:52.0796 1700 Disk - ok
13:06:52.0968 1700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:06:53.0031 1700 dmboot - ok
13:06:53.0218 1700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:06:53.0218 1700 dmio - ok
13:06:53.0328 1700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:06:53.0328 1700 dmload - ok
13:06:53.0453 1700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:06:53.0453 1700 DMusic - ok
13:06:53.0593 1700 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
13:06:53.0593 1700 dpti2o - ok
13:06:53.0703 1700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:06:53.0703 1700 drmkaud - ok
13:06:53.0843 1700 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
13:06:53.0843 1700 E1000 - ok
13:06:54.0000 1700 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
13:06:54.0000 1700 EL90XBC - ok
13:06:54.0187 1700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:06:54.0187 1700 Fastfat - ok
13:06:54.0343 1700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:06:54.0343 1700 Fdc - ok
13:06:54.0500 1700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:06:54.0500 1700 Fips - ok
13:06:54.0640 1700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:06:54.0640 1700 Flpydisk - ok
13:06:54.0765 1700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:06:54.0765 1700 FltMgr - ok
13:06:54.0875 1700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:06:54.0875 1700 Fs_Rec - ok
13:06:55.0031 1700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:06:55.0031 1700 Ftdisk - ok
13:06:55.0171 1700 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:06:55.0171 1700 GEARAspiWDM - ok
13:06:55.0296 1700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:06:55.0312 1700 Gpc - ok
13:06:55.0500 1700 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
13:06:55.0500 1700 HidBatt - ok
13:06:55.0671 1700 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:06:55.0671 1700 HidUsb - ok
13:06:55.0812 1700 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
13:06:55.0812 1700 hpn - ok
13:06:55.0937 1700 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:06:55.0937 1700 HSFHWBS2 - ok
13:06:56.0156 1700 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:06:56.0171 1700 HSF_DP - ok
13:06:56.0359 1700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:06:56.0359 1700 HTTP - ok
13:06:56.0515 1700 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:06:56.0515 1700 i2omgmt - ok
13:06:56.0640 1700 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
13:06:56.0640 1700 i2omp - ok
13:06:56.0781 1700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:06:56.0796 1700 i8042prt - ok
13:06:56.0953 1700 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:06:56.0953 1700 i81x - ok
13:06:57.0109 1700 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
13:06:57.0109 1700 iAimFP0 - ok
13:06:57.0296 1700 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
13:06:57.0296 1700 iAimFP1 - ok
13:06:57.0453 1700 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
13:06:57.0453 1700 iAimFP2 - ok
13:06:57.0609 1700 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
13:06:57.0609 1700 iAimFP3 - ok
13:06:57.0750 1700 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
13:06:57.0750 1700 iAimFP4 - ok
13:06:58.0140 1700 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
13:06:58.0140 1700 iAimTV0 - ok
13:06:58.0328 1700 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
13:06:58.0343 1700 iAimTV1 - ok
13:06:58.0406 1700 iAimTV2 - ok
13:06:58.0500 1700 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
13:06:58.0500 1700 iAimTV3 - ok
13:06:58.0718 1700 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
13:06:58.0734 1700 iAimTV4 - ok
13:06:59.0015 1700 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:06:59.0093 1700 ialm - ok
13:06:59.0281 1700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:06:59.0281 1700 Imapi - ok
13:06:59.0437 1700 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
13:06:59.0437 1700 ini910u - ok
13:06:59.0562 1700 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
13:06:59.0578 1700 IntelIde - ok
13:06:59.0703 1700 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:06:59.0703 1700 intelppm - ok
13:06:59.0843 1700 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:06:59.0859 1700 ip6fw - ok
13:07:00.0000 1700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:07:00.0015 1700 IpFilterDriver - ok
13:07:00.0187 1700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:07:00.0187 1700 IpInIp - ok
13:07:00.0343 1700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:07:00.0359 1700 IpNat - ok
13:07:00.0484 1700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:07:00.0500 1700 IPSec - ok
13:07:00.0687 1700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:07:00.0687 1700 IRENUM - ok
13:07:00.0859 1700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:07:00.0859 1700 isapnp - ok
13:07:01.0015 1700 itchfltr (f905a2e4a3a8db0f8c41d90cf830b4ca) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
13:07:01.0015 1700 itchfltr - ok
13:07:01.0171 1700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:07:01.0171 1700 Kbdclass - ok
13:07:01.0328 1700 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:07:01.0328 1700 kbdhid - ok
13:07:01.0453 1700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:07:01.0468 1700 kmixer - ok
13:07:01.0609 1700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:07:01.0609 1700 KSecDD - ok
13:07:01.0765 1700 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
13:07:01.0765 1700 L8042pr2 - ok
13:07:01.0875 1700 lbrtfdc - ok
13:07:02.0046 1700 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
13:07:02.0046 1700 LMouFlt2 - ok
13:07:02.0187 1700 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
13:07:02.0187 1700 MAPMEM - ok
13:07:02.0359 1700 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:07:02.0359 1700 mdmxsdk - ok
13:07:02.0484 1700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:07:02.0484 1700 mnmdd - ok
13:07:02.0593 1700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:07:02.0609 1700 Modem - ok
13:07:02.0718 1700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:07:02.0718 1700 Mouclass - ok
13:07:02.0843 1700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:07:02.0843 1700 mouhid - ok
13:07:02.0968 1700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:07:02.0968 1700 MountMgr - ok
13:07:03.0156 1700 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
13:07:03.0156 1700 mraid35x - ok
13:07:03.0328 1700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:07:03.0343 1700 MRxDAV - ok
13:07:03.0515 1700 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:07:03.0546 1700 MRxSmb - ok
13:07:03.0718 1700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:07:03.0718 1700 Msfs - ok
13:07:03.0843 1700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:07:03.0843 1700 MSKSSRV - ok
13:07:03.0968 1700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:07:03.0968 1700 MSPCLOCK - ok
13:07:04.0156 1700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:07:04.0156 1700 MSPQM - ok
13:07:04.0296 1700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:07:04.0296 1700 mssmbios - ok
13:07:04.0437 1700 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:07:04.0437 1700 Mup - ok
13:07:04.0609 1700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:07:04.0609 1700 NDIS - ok
13:07:04.0750 1700 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:07:04.0750 1700 NdisTapi - ok
13:07:04.0906 1700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:07:04.0906 1700 Ndisuio - ok
13:07:05.0078 1700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:07:05.0078 1700 NdisWan - ok
13:07:05.0218 1700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:07:05.0234 1700 NDProxy - ok
13:07:05.0437 1700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:07:05.0437 1700 NetBIOS - ok
13:07:05.0640 1700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:07:05.0640 1700 NetBT - ok
13:07:05.0812 1700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:07:05.0828 1700 Npfs - ok
13:07:06.0000 1700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:07:06.0015 1700 Ntfs - ok
13:07:06.0156 1700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:07:06.0156 1700 Null - ok
13:07:06.0359 1700 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:07:06.0421 1700 nv - ok
13:07:06.0593 1700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:07:06.0609 1700 NwlnkFlt - ok
13:07:06.0765 1700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:07:06.0765 1700 NwlnkFwd - ok
13:07:06.0906 1700 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
13:07:06.0906 1700 omci - ok
13:07:07.0093 1700 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
13:07:07.0093 1700 P3 - ok
13:07:07.0234 1700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:07:07.0234 1700 Parport - ok
13:07:07.0390 1700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:07:07.0390 1700 PartMgr - ok
13:07:07.0500 1700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:07:07.0500 1700 ParVdm - ok
13:07:07.0593 1700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:07:07.0593 1700 PCI - ok
13:07:07.0687 1700 PCIDump - ok
13:07:07.0812 1700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:07:07.0812 1700 PCIIde - ok
13:07:07.0937 1700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:07:07.0953 1700 Pcmcia - ok
13:07:08.0046 1700 PDCOMP - ok
13:07:08.0156 1700 PDFRAME - ok
13:07:08.0234 1700 PDRELI - ok
13:07:08.0296 1700 PDRFRAME - ok
13:07:08.0421 1700 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
13:07:08.0421 1700 perc2 - ok
13:07:08.0562 1700 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
13:07:08.0562 1700 perc2hib - ok
13:07:08.0734 1700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:07:08.0734 1700 PptpMiniport - ok
13:07:08.0890 1700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:07:08.0890 1700 Processor - ok
13:07:09.0078 1700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:07:09.0093 1700 PSched - ok
13:07:09.0203 1700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:07:09.0203 1700 Ptilink - ok
13:07:09.0312 1700 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
13:07:09.0328 1700 ql1080 - ok
13:07:09.0468 1700 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
13:07:09.0468 1700 Ql10wnt - ok
13:07:09.0609 1700 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
13:07:09.0625 1700 ql12160 - ok
13:07:09.0765 1700 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
13:07:09.0765 1700 ql1240 - ok
13:07:09.0921 1700 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
13:07:09.0921 1700 ql1280 - ok
13:07:10.0062 1700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:07:10.0062 1700 RasAcd - ok
13:07:10.0203 1700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:07:10.0203 1700 Rasl2tp - ok
13:07:10.0390 1700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:07:10.0390 1700 RasPppoe - ok
13:07:10.0562 1700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:07:10.0562 1700 Raspti - ok
13:07:10.0718 1700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:07:10.0718 1700 Rdbss - ok
13:07:10.0843 1700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:07:10.0843 1700 RDPCDD - ok
13:07:10.0984 1700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:07:10.0984 1700 rdpdr - ok
13:07:11.0187 1700 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:07:11.0203 1700 RDPWD - ok
13:07:11.0359 1700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:07:11.0359 1700 redbook - ok
13:07:11.0562 1700 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
13:07:11.0593 1700 RT73 - ok
13:07:11.0781 1700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:07:11.0796 1700 Secdrv - ok
13:07:11.0953 1700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:07:11.0953 1700 serenum - ok
13:07:12.0156 1700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:07:12.0156 1700 Serial - ok
13:07:12.0296 1700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:07:12.0312 1700 Sfloppy - ok
13:07:12.0421 1700 Simbad - ok
13:07:12.0531 1700 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
13:07:12.0531 1700 sisagp - ok
13:07:12.0703 1700 SMCWGU(SMC) (1431c397a8534388369813d04c793373) C:\WINDOWS\system32\DRIVERS\SMCWGU.sys
13:07:12.0734 1700 SMCWGU(SMC) - ok
13:07:12.0906 1700 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
13:07:12.0968 1700 smwdm - ok
13:07:13.0140 1700 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
13:07:13.0156 1700 Sparrow - ok
13:07:13.0312 1700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:07:13.0312 1700 splitter - ok
13:07:13.0468 1700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:07:13.0468 1700 sr - ok
13:07:13.0640 1700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:07:13.0671 1700 Srv - ok
13:07:13.0828 1700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:07:13.0828 1700 swenum - ok
13:07:13.0921 1700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:07:13.0921 1700 swmidi - ok
13:07:14.0078 1700 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
13:07:14.0078 1700 symc810 - ok
13:07:14.0187 1700 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
13:07:14.0187 1700 symc8xx - ok
13:07:14.0312 1700 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
13:07:14.0312 1700 sym_hi - ok
13:07:14.0406 1700 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
13:07:14.0406 1700 sym_u3 - ok
13:07:14.0531 1700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:07:14.0531 1700 sysaudio - ok
13:07:14.0671 1700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:07:14.0687 1700 Tcpip - ok
13:07:14.0796 1700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:07:14.0812 1700 TDPIPE - ok
13:07:14.0921 1700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:07:14.0921 1700 TDTCP - ok
13:07:15.0078 1700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:07:15.0078 1700 TermDD - ok
13:07:15.0203 1700 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
13:07:15.0203 1700 TosIde - ok
13:07:15.0359 1700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:07:15.0359 1700 Udfs - ok
13:07:15.0562 1700 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
13:07:15.0562 1700 ultra - ok
13:07:15.0703 1700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:07:15.0718 1700 Update - ok
13:07:15.0843 1700 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:07:15.0859 1700 usbaudio - ok
13:07:16.0015 1700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:07:16.0031 1700 usbccgp - ok
13:07:16.0140 1700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:07:16.0140 1700 usbehci - ok
13:07:16.0250 1700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:07:16.0265 1700 usbhub - ok
13:07:16.0390 1700 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:07:16.0390 1700 usbprint - ok
13:07:16.0500 1700 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:07:16.0515 1700 usbscan - ok
13:07:16.0625 1700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:07:16.0625 1700 USBSTOR - ok
13:07:16.0734 1700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:07:16.0734 1700 usbuhci - ok
13:07:16.0859 1700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:07:16.0859 1700 VgaSave - ok
13:07:17.0031 1700 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
13:07:17.0031 1700 viaagp - ok
13:07:17.0156 1700 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
13:07:17.0156 1700 ViaIde - ok
13:07:17.0265 1700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:07:17.0281 1700 VolSnap - ok
13:07:17.0406 1700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:07:17.0406 1700 Wanarp - ok
13:07:17.0468 1700 WDICA - ok
13:07:17.0562 1700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:07:17.0578 1700 wdmaud - ok
13:07:17.0718 1700 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:07:17.0734 1700 winachsf - ok
13:07:17.0875 1700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:07:17.0875 1700 WS2IFSL - ok
13:07:18.0078 1700 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
13:07:18.0078 1700 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:07:18.0203 1700 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
13:07:18.0203 1700 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:07:18.0234 1700 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:07:18.0437 1700 \Device\Harddisk0\DR0 - ok
13:07:18.0437 1700 Boot (0x1200) (a036e5df097aaff9bf0d458556b1bfec) \Device\Harddisk0\DR0\Partition0
13:07:18.0437 1700 \Device\Harddisk0\DR0\Partition0 - ok
13:07:18.0437 1700 ============================================================
13:07:18.0437 1700 Scan finished
13:07:18.0437 1700 ============================================================
13:07:18.0468 2152 Detected object count: 0
13:07:18.0468 2152 Actual detected object count: 0

#12 marianneg

marianneg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 March 2012 - 04:47 PM

I am trying to upload MBR.dat (the second report you asked for) and your forum tells me "Error You aren't permitted to upload this kind of file" when I try to upload it

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 02 March 2012 - 08:56 PM

Hello


that file is not the report - that is a backup of the MBR in case it is needed later


I want a report that was made that is only a text file simular to the tdsskiller made


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 marianneg

marianneg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 March 2012 - 11:43 PM

Attached File  aswMBR.txt   1.9KB   2 downloads

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 02 March 2012 - 11:56 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users