Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All searches redirected


  • Please log in to reply
10 replies to this topic

#1 DWilhide

DWilhide

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 23 February 2012 - 09:23 AM

I have run Malwarebytes, Superantispyware, Spybot S&D, along with AVG and Microsoft Security Essentials. I have cleaned up the infections that they have found, but I am getting redirected. I can't seem to track this one down. Any help would be appreciated.

DonW

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 23 February 2012 - 09:44 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 DWilhide

DWilhide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 24 February 2012 - 09:42 AM

Here are the logs you had requested. aswMBR wouldn't run.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-24 08:35:54
Windows 5.1.2600 Service Pack 3
Running: 00dctgvz.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\pgnyyfog.sys


---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 380

---- EOF - GMER 1.0.15 ----
2012/02/24 08:22:39.0218 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/02/24 08:22:39.0218 ================================================================================
2012/02/24 08:22:39.0218 SystemInfo:
2012/02/24 08:22:39.0218
2012/02/24 08:22:39.0218 OS Version: 5.1.2600 ServicePack: 3.0
2012/02/24 08:22:39.0218 Product type: Workstation
2012/02/24 08:22:39.0218 ComputerName: YOUR-C7096BBD5B
2012/02/24 08:22:39.0218 UserName: Jason
2012/02/24 08:22:39.0218 Windows directory: C:\WINDOWS
2012/02/24 08:22:39.0218 System windows directory: C:\WINDOWS
2012/02/24 08:22:39.0218 Processor architecture: Intel x86
2012/02/24 08:22:39.0218 Number of processors: 2
2012/02/24 08:22:39.0218 Page size: 0x1000
2012/02/24 08:22:39.0218 Boot type: Normal boot
2012/02/24 08:22:39.0218 ================================================================================
2012/02/24 08:22:39.0546 Initialize success
2012/02/24 08:22:40.0781 ================================================================================
2012/02/24 08:22:40.0781 Scan started
2012/02/24 08:22:40.0781 Mode: Manual;
2012/02/24 08:22:40.0781 ================================================================================
2012/02/24 08:22:41.0843 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/02/24 08:22:41.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2012/02/24 08:22:41.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/02/24 08:22:42.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2012/02/24 08:22:42.0234 AR5416 (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
2012/02/24 08:22:42.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/02/24 08:22:42.0375 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/02/24 08:22:42.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/02/24 08:22:42.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/02/24 08:22:42.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/02/24 08:22:42.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/02/24 08:22:42.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/02/24 08:22:42.0609 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/02/24 08:22:42.0640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/02/24 08:22:42.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/02/24 08:22:42.0765 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/02/24 08:22:42.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/02/24 08:22:42.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/02/24 08:22:43.0046 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/02/24 08:22:43.0078 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/02/24 08:22:43.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/02/24 08:22:43.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/02/24 08:22:43.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/02/24 08:22:43.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/02/24 08:22:43.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/02/24 08:22:43.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/02/24 08:22:43.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/02/24 08:22:43.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2012/02/24 08:22:43.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/02/24 08:22:43.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/02/24 08:22:43.0515 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/02/24 08:22:43.0562 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/02/24 08:22:43.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/02/24 08:22:43.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/02/24 08:22:43.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/02/24 08:22:43.0984 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2012/02/24 08:22:44.0062 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/02/24 08:22:44.0281 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/02/24 08:22:44.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/02/24 08:22:44.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2012/02/24 08:22:44.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/02/24 08:22:44.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/02/24 08:22:44.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/02/24 08:22:44.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/02/24 08:22:44.0593 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/02/24 08:22:44.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/02/24 08:22:44.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/02/24 08:22:44.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/02/24 08:22:44.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/02/24 08:22:44.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/02/24 08:22:44.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/02/24 08:22:44.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/02/24 08:22:44.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/02/24 08:22:44.0968 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2012/02/24 08:22:45.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/02/24 08:22:45.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/02/24 08:22:45.0250 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/02/24 08:22:45.0296 MSILiveVirtualCamera (2f51c135ac2b81f5242c20a47c307cbe) C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys
2012/02/24 08:22:45.0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/02/24 08:22:45.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/02/24 08:22:45.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/02/24 08:22:45.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/02/24 08:22:45.0453 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/02/24 08:22:45.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2012/02/24 08:22:45.0500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/02/24 08:22:45.0562 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/02/24 08:22:45.0609 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/02/24 08:22:45.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/02/24 08:22:45.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/02/24 08:22:45.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/02/24 08:22:45.0718 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/02/24 08:22:45.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/02/24 08:22:45.0812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/02/24 08:22:45.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/02/24 08:22:45.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/02/24 08:22:46.0000 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2012/02/24 08:22:46.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/02/24 08:22:46.0062 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2012/02/24 08:22:46.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/02/24 08:22:46.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/02/24 08:22:46.0156 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2012/02/24 08:22:46.0203 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2012/02/24 08:22:46.0250 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2012/02/24 08:22:46.0312 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2012/02/24 08:22:46.0375 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2012/02/24 08:22:46.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/02/24 08:22:46.0468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/02/24 08:22:46.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/02/24 08:22:46.0546 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/02/24 08:22:46.0578 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2012/02/24 08:22:46.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/02/24 08:22:46.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/02/24 08:22:46.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/02/24 08:22:47.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/02/24 08:22:47.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/02/24 08:22:47.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/02/24 08:22:47.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/02/24 08:22:47.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/02/24 08:22:47.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/02/24 08:22:47.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/02/24 08:22:47.0296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/02/24 08:22:47.0328 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/02/24 08:22:47.0406 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys
2012/02/24 08:22:47.0484 RT80x86 (f591f71883424f5b31e3348ea4454466) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2012/02/24 08:22:47.0531 rtl8187Se (85334aa5417ba063e9aae58eb3c7280d) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
2012/02/24 08:22:47.0578 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2012/02/24 08:22:47.0671 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2012/02/24 08:22:47.0687 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2012/02/24 08:22:47.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/02/24 08:22:47.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2012/02/24 08:22:47.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2012/02/24 08:22:47.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/02/24 08:22:47.0968 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2012/02/24 08:22:48.0171 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/02/24 08:22:48.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/02/24 08:22:48.0312 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/02/24 08:22:48.0359 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2012/02/24 08:22:48.0406 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/02/24 08:22:48.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/02/24 08:22:48.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/02/24 08:22:48.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/02/24 08:22:48.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/02/24 08:22:48.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/02/24 08:22:48.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/02/24 08:22:48.0750 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/02/24 08:22:48.0859 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2012/02/24 08:22:48.0890 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2012/02/24 08:22:48.0921 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2012/02/24 08:22:48.0968 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2012/02/24 08:22:48.0984 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2012/02/24 08:22:49.0015 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2012/02/24 08:22:49.0062 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
2012/02/24 08:22:49.0093 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2012/02/24 08:22:49.0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/02/24 08:22:49.0171 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
2012/02/24 08:22:49.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/02/24 08:22:49.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/02/24 08:22:49.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/02/24 08:22:49.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/02/24 08:22:49.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/02/24 08:22:49.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/02/24 08:22:49.0500 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/02/24 08:22:49.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/02/24 08:22:49.0578 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2012/02/24 08:22:49.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/02/24 08:22:49.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/02/24 08:22:49.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/02/24 08:22:49.0765 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2012/02/24 08:22:49.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/02/24 08:22:49.0937 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2012/02/24 08:22:50.0031 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/02/24 08:22:50.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/02/24 08:22:50.0109 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/02/24 08:22:50.0390 \HardDisk0\MBR - detected Rootkit.Win32.BackBoot.gen (1)
2012/02/24 08:22:50.0406 ================================================================================
2012/02/24 08:22:50.0406 Scan finished
2012/02/24 08:22:50.0406 ================================================================================
2012/02/24 08:22:50.0437 Detected object count: 1
2012/02/24 08:22:56.0734 \HardDisk0\MBR - quarantined
2012/02/24 08:22:56.0734 Rootkit.Win32.BackBoot.gen(\HardDisk0\MBR) - User select action: Quarantine
2012/02/24 08:23:02.0109 Deinitialize success


Thank you for your assistance in this matter.

DonW

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 24 February 2012 - 09:45 AM

Restart the PC


Run TDSSkiller and aswmbr once again and post the logs

#5 DWilhide

DWilhide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 24 February 2012 - 12:25 PM

Here is my tdsskiller log file. aswMBR still won't run.

2012/02/24 11:22:18.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2012/02/24 11:22:18.0046 ================================================================================
2012/02/24 11:22:18.0046 SystemInfo:
2012/02/24 11:22:18.0046
2012/02/24 11:22:18.0046 OS Version: 5.1.2600 ServicePack: 3.0
2012/02/24 11:22:18.0046 Product type: Workstation
2012/02/24 11:22:18.0046 ComputerName: YOUR-C7096BBD5B
2012/02/24 11:22:18.0046 UserName: Jason
2012/02/24 11:22:18.0046 Windows directory: C:\WINDOWS
2012/02/24 11:22:18.0046 System windows directory: C:\WINDOWS
2012/02/24 11:22:18.0046 Processor architecture: Intel x86
2012/02/24 11:22:18.0046 Number of processors: 2
2012/02/24 11:22:18.0046 Page size: 0x1000
2012/02/24 11:22:18.0046 Boot type: Normal boot
2012/02/24 11:22:18.0046 ================================================================================
2012/02/24 11:22:18.0359 Initialize success
2012/02/24 11:22:20.0718 ================================================================================
2012/02/24 11:22:20.0718 Scan started
2012/02/24 11:22:20.0718 Mode: Manual;
2012/02/24 11:22:20.0718 ================================================================================
2012/02/24 11:22:21.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/02/24 11:22:21.0859 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2012/02/24 11:22:21.0921 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/02/24 11:22:21.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2012/02/24 11:22:22.0187 AR5416 (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
2012/02/24 11:22:22.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/02/24 11:22:22.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/02/24 11:22:22.0390 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/02/24 11:22:22.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/02/24 11:22:22.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/02/24 11:22:22.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/02/24 11:22:22.0531 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/02/24 11:22:22.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/02/24 11:22:22.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/02/24 11:22:22.0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/02/24 11:22:22.0734 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/02/24 11:22:22.0765 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/02/24 11:22:22.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/02/24 11:22:22.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2012/02/24 11:22:23.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2012/02/24 11:22:23.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/02/24 11:22:23.0078 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/02/24 11:22:23.0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/02/24 11:22:23.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/02/24 11:22:23.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/02/24 11:22:23.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2012/02/24 11:22:23.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/02/24 11:22:23.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2012/02/24 11:22:23.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/02/24 11:22:23.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/02/24 11:22:23.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/02/24 11:22:23.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/02/24 11:22:23.0875 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/02/24 11:22:23.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/02/24 11:22:24.0046 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/02/24 11:22:24.0234 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2012/02/24 11:22:24.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/02/24 11:22:24.0531 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/02/24 11:22:24.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/02/24 11:22:24.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2012/02/24 11:22:24.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/02/24 11:22:24.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/02/24 11:22:24.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/02/24 11:22:24.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/02/24 11:22:24.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/02/24 11:22:24.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/02/24 11:22:24.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/02/24 11:22:24.0921 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/02/24 11:22:25.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/02/24 11:22:25.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2012/02/24 11:22:25.0093 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/02/24 11:22:25.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/02/24 11:22:25.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/02/24 11:22:25.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/02/24 11:22:25.0421 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/02/24 11:22:25.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/02/24 11:22:25.0531 MSILiveVirtualCamera (2f51c135ac2b81f5242c20a47c307cbe) C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys
2012/02/24 11:22:25.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/02/24 11:22:25.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/02/24 11:22:25.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/02/24 11:22:25.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/02/24 11:22:25.0703 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/02/24 11:22:25.0718 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2012/02/24 11:22:25.0750 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/02/24 11:22:25.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/02/24 11:22:25.0859 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/02/24 11:22:25.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/02/24 11:22:25.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/02/24 11:22:25.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/02/24 11:22:25.0984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/02/24 11:22:26.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/02/24 11:22:26.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/02/24 11:22:26.0125 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/02/24 11:22:26.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/02/24 11:22:26.0265 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2012/02/24 11:22:26.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/02/24 11:22:26.0343 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2012/02/24 11:22:26.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/02/24 11:22:26.0406 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/02/24 11:22:26.0437 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2012/02/24 11:22:26.0484 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2012/02/24 11:22:26.0546 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2012/02/24 11:22:26.0609 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2012/02/24 11:22:26.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2012/02/24 11:22:26.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/02/24 11:22:26.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/02/24 11:22:26.0750 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/02/24 11:22:26.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/02/24 11:22:26.0843 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2012/02/24 11:22:27.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/02/24 11:22:27.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/02/24 11:22:27.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/02/24 11:22:27.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/02/24 11:22:27.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/02/24 11:22:27.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/02/24 11:22:27.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/02/24 11:22:27.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/02/24 11:22:27.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/02/24 11:22:27.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/02/24 11:22:27.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/02/24 11:22:27.0578 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2012/02/24 11:22:27.0640 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys
2012/02/24 11:22:27.0703 RT80x86 (f591f71883424f5b31e3348ea4454466) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2012/02/24 11:22:27.0781 rtl8187Se (85334aa5417ba063e9aae58eb3c7280d) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
2012/02/24 11:22:27.0828 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2012/02/24 11:22:27.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/02/24 11:22:28.0015 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2012/02/24 11:22:28.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2012/02/24 11:22:28.0109 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/02/24 11:22:28.0187 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2012/02/24 11:22:28.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/02/24 11:22:28.0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/02/24 11:22:28.0359 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/02/24 11:22:28.0421 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2012/02/24 11:22:28.0453 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/02/24 11:22:28.0515 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/02/24 11:22:28.0531 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/02/24 11:22:28.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/02/24 11:22:28.0750 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/02/24 11:22:28.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/02/24 11:22:28.0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/02/24 11:22:28.0859 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/02/24 11:22:28.0953 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2012/02/24 11:22:29.0000 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2012/02/24 11:22:29.0015 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2012/02/24 11:22:29.0062 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2012/02/24 11:22:29.0093 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2012/02/24 11:22:29.0125 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2012/02/24 11:22:29.0171 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
2012/02/24 11:22:29.0203 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2012/02/24 11:22:29.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/02/24 11:22:29.0281 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
2012/02/24 11:22:29.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/02/24 11:22:29.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/02/24 11:22:29.0468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/02/24 11:22:29.0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/02/24 11:22:29.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/02/24 11:22:29.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/02/24 11:22:29.0609 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/02/24 11:22:29.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/02/24 11:22:29.0687 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2012/02/24 11:22:29.0718 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/02/24 11:22:29.0781 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/02/24 11:22:29.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/02/24 11:22:29.0890 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2012/02/24 11:22:29.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/02/24 11:22:30.0062 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2012/02/24 11:22:30.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/02/24 11:22:30.0203 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/02/24 11:22:30.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/02/24 11:22:30.0578 \HardDisk0\MBR - detected Rootkit.Win32.BackBoot.gen (1)
2012/02/24 11:22:30.0593 ================================================================================
2012/02/24 11:22:30.0593 Scan finished
2012/02/24 11:22:30.0593 ================================================================================
2012/02/24 11:22:30.0625 Detected object count: 1
2012/02/24 11:22:33.0781 Rootkit.Win32.BackBoot.gen(\HardDisk0\MBR) - User select action: Skip
2012/02/24 11:22:38.0562 Deinitialize success

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 24 February 2012 - 05:35 PM

You're using a OLD VERSION of TDSSkiller

Download a latest version from here

TDSSkiller

Click on SCAN and post the new log

Restart the PC and run other tools

Post all the logs together

Edited by narenxp, 24 February 2012 - 05:54 PM.


#7 DWilhide

DWilhide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 07 March 2012 - 10:14 AM

I can't seem to get aswMBR or the new version of TDSSKILLER to run on this machine. I have tried logging in as Administartor in safe mode and they still won't run. Any suggestions?

Thank You,
DonW

#8 DWilhide

DWilhide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 07 March 2012 - 10:46 AM

I got them to run by copying them to a flash drive and renaming them. My searches no longer re-direct. Thank you for all of your help!

Thank You,
DonW

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 08 March 2012 - 05:39 AM

You may still be infected ,post the logs lets check if PC is clean

#10 DWilhide

DWilhide
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 08 March 2012 - 10:52 AM

Here are my latest log files.

09:42:01.0859 3132 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
09:42:02.0562 3132 ============================================================
09:42:02.0562 3132 Current date / time: 2012/03/08 09:42:02.0562
09:42:02.0562 3132 SystemInfo:
09:42:02.0562 3132
09:42:02.0562 3132 OS Version: 5.1.2600 ServicePack: 3.0
09:42:02.0562 3132 Product type: Workstation
09:42:02.0562 3132 ComputerName: YOUR-C7096BBD5B
09:42:02.0562 3132 UserName: Jason
09:42:02.0562 3132 Windows directory: C:\WINDOWS
09:42:02.0562 3132 System windows directory: C:\WINDOWS
09:42:02.0562 3132 Processor architecture: Intel x86
09:42:02.0562 3132 Number of processors: 2
09:42:02.0562 3132 Page size: 0x1000
09:42:02.0562 3132 Boot type: Normal boot
09:42:02.0562 3132 ============================================================
09:42:05.0921 3132 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:42:05.0968 3132 Drive \Device\Harddisk1\DR6 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:42:05.0984 3132 Drive \Device\Harddisk2\DR8 - Size: 0x778000000 (29.88 Gb), SectorSize: 0x200, Cylinders: 0xF3B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:42:05.0984 3132 \Device\Harddisk0\DR0:
09:42:06.0000 3132 MBR used
09:42:06.0000 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x7D047E, BlocksNum 0x4E22CEC
09:42:06.0000 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x55F316A, BlocksNum 0xD425957
09:42:06.0000 3132 \Device\Harddisk1\DR6:
09:42:06.0000 3132 MBR used
09:42:06.0000 3132 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E9E52
09:42:06.0000 3132 \Device\Harddisk2\DR8:
09:42:06.0000 3132 MBR used
09:42:06.0000 3132 \Device\Harddisk2\DR8\Partition0: MBR, Type 0xC, StartLBA 0x88A0, BlocksNum 0x3BB7760
09:42:06.0046 3132 Initialize success
09:42:06.0046 3132 ============================================================
09:42:15.0703 1596 ============================================================
09:42:15.0703 1596 Scan started
09:42:15.0703 1596 Mode: Manual; TDLFS;
09:42:15.0703 1596 ============================================================
09:42:16.0312 1596 Abiosdsk - ok
09:42:16.0343 1596 abp480n5 - ok
09:42:16.0390 1596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:42:16.0390 1596 ACPI - ok
09:42:16.0671 1596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:42:16.0687 1596 ACPIEC - ok
09:42:16.0703 1596 adpu160m - ok
09:42:16.0765 1596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:42:16.0765 1596 aec - ok
09:42:16.0812 1596 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:42:16.0812 1596 AFD - ok
09:42:16.0828 1596 Aha154x - ok
09:42:16.0843 1596 aic78u2 - ok
09:42:16.0859 1596 aic78xx - ok
09:42:16.0890 1596 AliIde - ok
09:42:16.0906 1596 amsint - ok
09:42:17.0015 1596 AR5416 (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
09:42:17.0078 1596 AR5416 - ok
09:42:17.0093 1596 asc - ok
09:42:17.0109 1596 asc3350p - ok
09:42:17.0125 1596 asc3550 - ok
09:42:17.0156 1596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:42:17.0171 1596 AsyncMac - ok
09:42:17.0187 1596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:42:17.0187 1596 atapi - ok
09:42:17.0218 1596 Atdisk - ok
09:42:17.0234 1596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:42:17.0234 1596 Atmarpc - ok
09:42:17.0265 1596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:42:17.0265 1596 audstub - ok
09:42:17.0296 1596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:42:17.0312 1596 Beep - ok
09:42:17.0328 1596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:42:17.0328 1596 cbidf2k - ok
09:42:17.0343 1596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:42:17.0359 1596 CCDECODE - ok
09:42:17.0375 1596 cd20xrnt - ok
09:42:17.0390 1596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:42:17.0390 1596 Cdaudio - ok
09:42:17.0406 1596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:42:17.0406 1596 Cdfs - ok
09:42:17.0421 1596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:42:17.0437 1596 Cdrom - ok
09:42:17.0453 1596 Changer - ok
09:42:17.0500 1596 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:42:17.0515 1596 CmBatt - ok
09:42:17.0531 1596 CmdIde - ok
09:42:17.0546 1596 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:42:17.0546 1596 Compbatt - ok
09:42:17.0593 1596 Cpqarray - ok
09:42:17.0609 1596 dac2w2k - ok
09:42:17.0625 1596 dac960nt - ok
09:42:17.0656 1596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:42:17.0656 1596 Disk - ok
09:42:17.0718 1596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:42:17.0750 1596 dmboot - ok
09:42:17.0765 1596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:42:17.0781 1596 dmio - ok
09:42:17.0781 1596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:42:17.0796 1596 dmload - ok
09:42:17.0828 1596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:42:17.0828 1596 DMusic - ok
09:42:17.0859 1596 dpti2o - ok
09:42:17.0875 1596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:42:17.0875 1596 drmkaud - ok
09:42:17.0968 1596 esgiguard - ok
09:42:18.0000 1596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:42:18.0015 1596 Fastfat - ok
09:42:18.0046 1596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:42:18.0046 1596 Fdc - ok
09:42:18.0062 1596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:42:18.0062 1596 Fips - ok
09:42:18.0078 1596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:42:18.0078 1596 Flpydisk - ok
09:42:18.0109 1596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:42:18.0109 1596 FltMgr - ok
09:42:18.0125 1596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:42:18.0125 1596 Fs_Rec - ok
09:42:18.0156 1596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:42:18.0156 1596 Ftdisk - ok
09:42:18.0187 1596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:42:18.0187 1596 Gpc - ok
09:42:18.0234 1596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:42:18.0234 1596 HDAudBus - ok
09:42:18.0296 1596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:42:18.0296 1596 HidUsb - ok
09:42:18.0312 1596 hpn - ok
09:42:18.0375 1596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:42:18.0375 1596 HTTP - ok
09:42:18.0390 1596 i2omgmt - ok
09:42:18.0421 1596 i2omp - ok
09:42:18.0437 1596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:42:18.0437 1596 i8042prt - ok
09:42:18.0640 1596 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:42:18.0718 1596 ialm - ok
09:42:18.0750 1596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:42:18.0750 1596 Imapi - ok
09:42:18.0781 1596 ini910u - ok
09:42:18.0968 1596 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:42:19.0031 1596 IntcAzAudAddService - ok
09:42:19.0046 1596 IntelIde - ok
09:42:19.0062 1596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:42:19.0078 1596 intelppm - ok
09:42:19.0109 1596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:42:19.0109 1596 Ip6Fw - ok
09:42:19.0125 1596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:42:19.0125 1596 IpInIp - ok
09:42:19.0156 1596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:42:19.0171 1596 IpNat - ok
09:42:19.0187 1596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:42:19.0187 1596 IPSec - ok
09:42:19.0203 1596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:42:19.0218 1596 IRENUM - ok
09:42:19.0250 1596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:42:19.0250 1596 isapnp - ok
09:42:19.0281 1596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:42:19.0281 1596 Kbdclass - ok
09:42:19.0312 1596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:42:19.0312 1596 kmixer - ok
09:42:19.0343 1596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:42:19.0343 1596 KSecDD - ok
09:42:19.0375 1596 lbrtfdc - ok
09:42:19.0421 1596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:42:19.0421 1596 mnmdd - ok
09:42:19.0453 1596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:42:19.0453 1596 Modem - ok
09:42:19.0468 1596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:42:19.0468 1596 Mouclass - ok
09:42:19.0500 1596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:42:19.0515 1596 mouhid - ok
09:42:19.0531 1596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:42:19.0531 1596 MountMgr - ok
09:42:19.0578 1596 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:42:19.0578 1596 MpFilter - ok
09:42:19.0687 1596 MpKsl1946a830 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60681288-A171-45A8-8FE3-F55DEF6BFFD4}\MpKsl1946a830.sys
09:42:19.0687 1596 MpKsl1946a830 - ok
09:42:19.0703 1596 mraid35x - ok
09:42:19.0718 1596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:42:19.0718 1596 MRxDAV - ok
09:42:19.0781 1596 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:42:19.0781 1596 MRxSmb - ok
09:42:19.0812 1596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:42:19.0812 1596 Msfs - ok
09:42:19.0859 1596 MSILiveVirtualCamera (2f51c135ac2b81f5242c20a47c307cbe) C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys
09:42:19.0890 1596 MSILiveVirtualCamera - ok
09:42:19.0921 1596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:42:19.0921 1596 MSKSSRV - ok
09:42:19.0953 1596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:42:19.0953 1596 MSPCLOCK - ok
09:42:19.0968 1596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:42:19.0968 1596 MSPQM - ok
09:42:20.0000 1596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:42:20.0000 1596 mssmbios - ok
09:42:20.0031 1596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:42:20.0031 1596 MSTEE - ok
09:42:20.0046 1596 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:42:20.0046 1596 Mup - ok
09:42:20.0062 1596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:42:20.0062 1596 NABTSFEC - ok
09:42:20.0109 1596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:42:20.0109 1596 NDIS - ok
09:42:20.0125 1596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:42:20.0140 1596 NdisIP - ok
09:42:20.0156 1596 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:42:20.0156 1596 NdisTapi - ok
09:42:20.0171 1596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:42:20.0187 1596 Ndisuio - ok
09:42:20.0203 1596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:42:20.0203 1596 NdisWan - ok
09:42:20.0250 1596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:42:20.0250 1596 NDProxy - ok
09:42:20.0281 1596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:42:20.0281 1596 NetBIOS - ok
09:42:20.0312 1596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:42:20.0312 1596 NetBT - ok
09:42:20.0359 1596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:42:20.0359 1596 Npfs - ok
09:42:20.0437 1596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:42:20.0437 1596 Ntfs - ok
09:42:20.0500 1596 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:42:20.0500 1596 NuidFltr - ok
09:42:20.0531 1596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:42:20.0531 1596 Null - ok
09:42:20.0578 1596 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
09:42:20.0578 1596 NWADI - ok
09:42:20.0609 1596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:42:20.0609 1596 NwlnkFlt - ok
09:42:20.0625 1596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:42:20.0625 1596 NwlnkFwd - ok
09:42:20.0656 1596 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
09:42:20.0656 1596 NWUSBCDFIL - ok
09:42:20.0703 1596 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
09:42:20.0718 1596 NWUSBModem - ok
09:42:20.0765 1596 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
09:42:20.0765 1596 NWUSBPort - ok
09:42:20.0812 1596 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
09:42:20.0812 1596 NWUSBPort2 - ok
09:42:20.0859 1596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:42:20.0859 1596 Parport - ok
09:42:20.0906 1596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:42:20.0906 1596 PartMgr - ok
09:42:20.0937 1596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:42:20.0937 1596 ParVdm - ok
09:42:20.0953 1596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:42:20.0953 1596 PCI - ok
09:42:20.0968 1596 PCIDump - ok
09:42:20.0984 1596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:42:20.0984 1596 PCIIde - ok
09:42:21.0031 1596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:42:21.0031 1596 Pcmcia - ok
09:42:21.0046 1596 PDCOMP - ok
09:42:21.0062 1596 PDFRAME - ok
09:42:21.0078 1596 PDRELI - ok
09:42:21.0093 1596 PDRFRAME - ok
09:42:21.0109 1596 perc2 - ok
09:42:21.0125 1596 perc2hib - ok
09:42:21.0218 1596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:42:21.0218 1596 PptpMiniport - ok
09:42:21.0234 1596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:42:21.0234 1596 PSched - ok
09:42:21.0265 1596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:42:21.0281 1596 Ptilink - ok
09:42:21.0296 1596 ql1080 - ok
09:42:21.0312 1596 Ql10wnt - ok
09:42:21.0328 1596 ql12160 - ok
09:42:21.0343 1596 ql1240 - ok
09:42:21.0359 1596 ql1280 - ok
09:42:21.0390 1596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:42:21.0390 1596 RasAcd - ok
09:42:21.0421 1596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:42:21.0421 1596 Rasl2tp - ok
09:42:21.0453 1596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:42:21.0453 1596 RasPppoe - ok
09:42:21.0468 1596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:42:21.0468 1596 Raspti - ok
09:42:21.0500 1596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:42:21.0500 1596 Rdbss - ok
09:42:21.0515 1596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:42:21.0515 1596 RDPCDD - ok
09:42:21.0562 1596 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:42:21.0562 1596 RDPWD - ok
09:42:21.0609 1596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:42:21.0609 1596 redbook - ok
09:42:21.0640 1596 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:42:21.0640 1596 ROOTMODEM - ok
09:42:21.0687 1596 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys
09:42:21.0687 1596 RSUSBSTOR - ok
09:42:21.0750 1596 RT80x86 (f591f71883424f5b31e3348ea4454466) C:\WINDOWS\system32\DRIVERS\RT2860.sys
09:42:21.0781 1596 RT80x86 - ok
09:42:21.0812 1596 rtl8187Se (85334aa5417ba063e9aae58eb3c7280d) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
09:42:21.0812 1596 rtl8187Se - ok
09:42:21.0859 1596 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:42:21.0859 1596 RTLE8023xp - ok
09:42:21.0921 1596 SASKUTIL - ok
09:42:21.0968 1596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:42:21.0968 1596 Secdrv - ok
09:42:22.0062 1596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:42:22.0062 1596 Serial - ok
09:42:22.0093 1596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:42:22.0093 1596 Sfloppy - ok
09:42:22.0140 1596 Simbad - ok
09:42:22.0171 1596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:42:22.0171 1596 SLIP - ok
09:42:22.0234 1596 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
09:42:22.0234 1596 SMSIVZAM5 - ok
09:42:22.0250 1596 Sparrow - ok
09:42:22.0296 1596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:42:22.0296 1596 splitter - ok
09:42:22.0328 1596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:42:22.0328 1596 sr - ok
09:42:22.0375 1596 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
09:42:22.0390 1596 Srv - ok
09:42:22.0437 1596 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:42:22.0437 1596 StillCam - ok
09:42:22.0468 1596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:42:22.0468 1596 streamip - ok
09:42:22.0500 1596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:42:22.0500 1596 swenum - ok
09:42:22.0515 1596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:42:22.0531 1596 swmidi - ok
09:42:22.0546 1596 symc810 - ok
09:42:22.0562 1596 symc8xx - ok
09:42:22.0578 1596 sym_hi - ok
09:42:22.0609 1596 sym_u3 - ok
09:42:22.0640 1596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:42:22.0640 1596 sysaudio - ok
09:42:22.0703 1596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:42:22.0718 1596 Tcpip - ok
09:42:22.0765 1596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:42:22.0765 1596 TDPIPE - ok
09:42:22.0781 1596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:42:22.0781 1596 TDTCP - ok
09:42:22.0812 1596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:42:22.0812 1596 TermDD - ok
09:42:22.0843 1596 TosIde - ok
09:42:22.0890 1596 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
09:42:22.0890 1596 tosporte - ok
09:42:22.0921 1596 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
09:42:22.0921 1596 tosrfbd - ok
09:42:22.0937 1596 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
09:42:22.0953 1596 tosrfbnp - ok
09:42:22.0984 1596 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
09:42:23.0000 1596 Tosrfcom - ok
09:42:23.0015 1596 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
09:42:23.0015 1596 Tosrfhid - ok
09:42:23.0031 1596 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
09:42:23.0031 1596 tosrfnds - ok
09:42:23.0062 1596 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
09:42:23.0062 1596 TosRfSnd - ok
09:42:23.0093 1596 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
09:42:23.0109 1596 Tosrfusb - ok
09:42:23.0156 1596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:42:23.0156 1596 Udfs - ok
09:42:23.0203 1596 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
09:42:23.0203 1596 ULCDRHlp - ok
09:42:23.0218 1596 ultra - ok
09:42:23.0265 1596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:42:23.0265 1596 Update - ok
09:42:23.0328 1596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:42:23.0328 1596 usbccgp - ok
09:42:23.0359 1596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:42:23.0359 1596 usbehci - ok
09:42:23.0375 1596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:42:23.0375 1596 usbhub - ok
09:42:23.0421 1596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:42:23.0421 1596 usbprint - ok
09:42:23.0453 1596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:42:23.0453 1596 usbscan - ok
09:42:23.0500 1596 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:42:23.0500 1596 usbstor - ok
09:42:23.0531 1596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:42:23.0531 1596 usbuhci - ok
09:42:23.0578 1596 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:42:23.0593 1596 usbvideo - ok
09:42:23.0593 1596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:42:23.0609 1596 VgaSave - ok
09:42:23.0625 1596 ViaIde - ok
09:42:23.0656 1596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:42:23.0656 1596 VolSnap - ok
09:42:23.0718 1596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:42:23.0718 1596 Wanarp - ok
09:42:23.0765 1596 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:42:23.0796 1596 Wdf01000 - ok
09:42:23.0796 1596 WDICA - ok
09:42:23.0828 1596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:42:23.0843 1596 wdmaud - ok
09:42:23.0937 1596 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:42:23.0937 1596 WmiAcpi - ok
09:42:24.0000 1596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:42:24.0000 1596 WSTCODEC - ok
09:42:24.0046 1596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:42:24.0046 1596 WudfPf - ok
09:42:24.0078 1596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:42:24.0078 1596 WudfRd - ok
09:42:24.0187 1596 MBR (0x1B8) (8819727bf7611558384a82ff02c2b141) \Device\Harddisk0\DR0
09:42:24.0453 1596 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:42:24.0453 1596 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:42:24.0468 1596 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR6
09:42:42.0500 1596 \Device\Harddisk1\DR6 - ok
09:42:42.0515 1596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR8
09:42:50.0234 1596 \Device\Harddisk2\DR8 - ok
09:42:50.0234 1596 Boot (0x1200) (b7c0101315662a6ab245d22251ab2ad7) \Device\Harddisk0\DR0\Partition0
09:42:50.0250 1596 \Device\Harddisk0\DR0\Partition0 - ok
09:42:50.0281 1596 Boot (0x1200) (dc12236f1af0d4c0b4263cabd740f966) \Device\Harddisk0\DR0\Partition1
09:42:50.0296 1596 \Device\Harddisk0\DR0\Partition1 - ok
09:42:50.0296 1596 Boot (0x1200) (911788aa1119da942e28c5ae5ad46a8c) \Device\Harddisk1\DR6\Partition0
09:42:50.0296 1596 \Device\Harddisk1\DR6\Partition0 - ok
09:42:50.0312 1596 Boot (0x1200) (8805296d9b478557fe857a8efa76a5f7) \Device\Harddisk2\DR8\Partition0
09:42:50.0312 1596 \Device\Harddisk2\DR8\Partition0 - ok
09:42:50.0312 1596 ============================================================
09:42:50.0312 1596 Scan finished
09:42:50.0312 1596 ============================================================
09:42:50.0328 3836 Detected object count: 1
09:42:50.0328 3836 Actual detected object count: 1
09:43:12.0062 3836 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:43:12.0062 3836 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 08:21:46
-----------------------------
08:21:46.437 OS Version: Windows 5.1.2600 Service Pack 3
08:21:46.437 Number of processors: 2 586 0x1C02
08:21:46.437 ComputerName: YOUR-C7096BBD5B UserName: Jason
08:21:47.531 Initialize success
08:22:06.140 AVAST engine defs: 12030700
08:22:20.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:22:20.218 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
08:22:20.218 Disk 0 MBR read successfully
08:22:20.218 Disk 0 MBR scan
08:22:20.296 Disk 0 unknown MBR code
08:22:20.296 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 4000 MB offset 63
08:22:20.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 8193150
08:22:20.796 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108619 MB offset 90124650
08:22:20.828 Disk 0 scanning sectors +312576705
08:22:20.937 Disk 0 scanning C:\WINDOWS\system32\drivers
08:22:39.812 Service scanning
08:22:52.406 Service MpKsl1946a830 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60681288-A171-45A8-8FE3-F55DEF6BFFD4}\MpKsl1946a830.sys **LOCKED** 32
08:23:09.828 Modules scanning
08:23:14.734 Disk 0 trace - called modules:
08:23:14.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:23:14.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b21ab8]
08:23:14.781 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b8eb00]
08:23:15.109 AVAST engine scan C:\WINDOWS
08:23:34.156 AVAST engine scan C:\WINDOWS\system32
08:28:17.687 AVAST engine scan C:\WINDOWS\system32\drivers
08:28:40.671 AVAST engine scan C:\Documents and Settings\Jason
08:32:50.875 AVAST engine scan C:\Documents and Settings\All Users
08:33:19.750 Scan finished successfully
08:33:35.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jason\Desktop\MBR.dat"
08:33:35.000 The log file has been saved successfully to "C:\Documents and Settings\Jason\Desktop\aswMBR.txt"


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-08 09:37:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 5qbpig5p.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\pgnyyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Jason\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Thank you for your assistance!!

DonW

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 08 March 2012 - 07:28 PM

Run TDSSkiller once again,make sure to select DELETE for TDSSFILESYSTEM


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users