Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found Trojan 2 weeks ago, removed, but running VERY slow


  • This topic is locked This topic is locked
17 replies to this topic

#1 VaMaster54 - Mike

VaMaster54 - Mike

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 23 February 2012 - 09:46 PM

Dell Inspiron 530 S, windows Vista Home SP2, 64 bit OS.

Ran Kaspersky couple of weeks ago and discovered trojan, removed it, but understand it can splinter in many directions possibly.

I have AVG, Spyware Doctor, and Free malwarebytes.

After slow startup, everything opens fine and quickly, but then starts to slow down quickly. Shutdown very slow.

Any help would be very appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 23 February 2012 - 10:49 PM

Hello,I moved this to the Am I Infected forum for now.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 24 February 2012 - 07:43 PM

Was unable to get RKILL in any form to run.

Malwarebytes log as follows..........

alwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
MD Tavenner :: MDTAVENNER-PC [administrator]

Protection: Disabled

2/24/2012 6:38:42 PM
mbam-log-2012-02-24 (18-38-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187154
Time elapsed: 37 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDSSKILLER log as follows...............

11:21:22.0492 6960 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:21:24.0505 6960 ============================================================
11:21:24.0505 6960 Current date / time: 2012/02/24 11:21:24.0505
11:21:24.0505 6960 SystemInfo:
11:21:24.0505 6960
11:21:24.0505 6960 OS Version: 6.0.6002 ServicePack: 2.0
11:21:24.0505 6960 Product type: Workstation
11:21:24.0505 6960 ComputerName: MDTAVENNER-PC
11:21:24.0505 6960 UserName: MD Tavenner
11:21:24.0505 6960 Windows directory: C:\Windows
11:21:24.0505 6960 System windows directory: C:\Windows
11:21:24.0506 6960 Running under WOW64
11:21:24.0506 6960 Processor architecture: Intel x64
11:21:24.0506 6960 Number of processors: 2
11:21:24.0506 6960 Page size: 0x1000
11:21:24.0506 6960 Boot type: Normal boot
11:21:24.0506 6960 ============================================================
11:21:27.0404 6960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:21:27.0408 6960 \Device\Harddisk0\DR0:
11:21:27.0409 6960 MBR used
11:21:27.0409 6960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:21:27.0409 6960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
11:21:27.0497 6960 Initialize success
11:21:27.0497 6960 ============================================================
11:22:01.0203 2948 ============================================================
11:22:01.0203 2948 Scan started
11:22:01.0203 2948 Mode: Manual; TDLFS;
11:22:01.0203 2948 ============================================================
11:22:02.0509 2948 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
11:22:02.0512 2948 ACPI - ok
11:22:02.0620 2948 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:22:02.0665 2948 adp94xx - ok
11:22:02.0740 2948 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:22:02.0745 2948 adpahci - ok
11:22:02.0773 2948 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:22:02.0787 2948 adpu160m - ok
11:22:02.0834 2948 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:22:02.0838 2948 adpu320 - ok
11:22:03.0007 2948 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
11:22:03.0010 2948 AFD - ok
11:22:03.0125 2948 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:22:03.0145 2948 agp440 - ok
11:22:03.0206 2948 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:22:03.0212 2948 aic78xx - ok
11:22:03.0317 2948 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
11:22:03.0321 2948 aliide - ok
11:22:03.0529 2948 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:22:03.0531 2948 amdide - ok
11:22:03.0643 2948 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
11:22:03.0645 2948 AmdK8 - ok
11:22:03.0795 2948 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:22:03.0797 2948 arc - ok
11:22:03.0878 2948 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:22:03.0893 2948 arcsas - ok
11:22:03.0960 2948 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:22:03.0982 2948 AsyncMac - ok
11:22:04.0044 2948 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
11:22:04.0045 2948 atapi - ok
11:22:04.0235 2948 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:22:04.0252 2948 Avgfwfd - ok
11:22:04.0327 2948 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:22:04.0329 2948 AVGIDSDriver - ok
11:22:04.0359 2948 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:22:04.0365 2948 AVGIDSEH - ok
11:22:04.0409 2948 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:22:04.0411 2948 AVGIDSFilter - ok
11:22:04.0564 2948 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:22:04.0568 2948 Avgldx64 - ok
11:22:04.0625 2948 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:22:04.0628 2948 Avgmfx64 - ok
11:22:04.0730 2948 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:22:04.0733 2948 Avgrkx64 - ok
11:22:04.0798 2948 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:22:04.0802 2948 Avgtdia - ok
11:22:05.0107 2948 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:22:05.0108 2948 blbdrive - ok
11:22:05.0238 2948 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
11:22:05.0240 2948 bowser - ok
11:22:05.0453 2948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:22:05.0455 2948 BrFiltLo - ok
11:22:05.0518 2948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:22:05.0530 2948 BrFiltUp - ok
11:22:05.0646 2948 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:22:05.0649 2948 Brserid - ok
11:22:05.0712 2948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:22:05.0715 2948 BrSerWdm - ok
11:22:05.0775 2948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:22:05.0790 2948 BrUsbMdm - ok
11:22:05.0847 2948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:22:05.0849 2948 BrUsbSer - ok
11:22:05.0927 2948 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:22:05.0929 2948 BTHMODEM - ok
11:22:06.0090 2948 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
11:22:06.0095 2948 CAXHWBS2 - ok
11:22:06.0114 2948 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:22:06.0117 2948 cdfs - ok
11:22:06.0149 2948 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
11:22:06.0151 2948 cdrom - ok
11:22:06.0192 2948 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
11:22:06.0193 2948 circlass - ok
11:22:06.0253 2948 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
11:22:06.0256 2948 CLFS - ok
11:22:06.0632 2948 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:22:06.0674 2948 cmdide - ok
11:22:07.0060 2948 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
11:22:07.0065 2948 Compbatt - ok
11:22:07.0279 2948 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:22:07.0329 2948 crcdisk - ok
11:22:07.0465 2948 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
11:22:07.0468 2948 DfsC - ok
11:22:07.0568 2948 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
11:22:07.0571 2948 disk - ok
11:22:07.0635 2948 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
11:22:07.0637 2948 Dot4 - ok
11:22:07.0694 2948 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:22:07.0696 2948 Dot4Print - ok
11:22:07.0720 2948 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
11:22:07.0722 2948 dot4usb - ok
11:22:07.0834 2948 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:22:07.0835 2948 drmkaud - ok
11:22:07.0917 2948 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
11:22:07.0938 2948 DXGKrnl - ok
11:22:08.0012 2948 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
11:22:08.0029 2948 e1express - ok
11:22:08.0080 2948 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:22:08.0102 2948 E1G60 - ok
11:22:08.0151 2948 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
11:22:08.0154 2948 Ecache - ok
11:22:08.0195 2948 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:22:08.0201 2948 elxstor - ok
11:22:08.0334 2948 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:22:08.0335 2948 ErrDev - ok
11:22:08.0537 2948 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
11:22:08.0604 2948 exfat - ok
11:22:08.0816 2948 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
11:22:08.0819 2948 fastfat - ok
11:22:09.0016 2948 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:22:09.0018 2948 fdc - ok
11:22:09.0071 2948 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:22:09.0073 2948 FileInfo - ok
11:22:09.0124 2948 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:22:09.0126 2948 Filetrace - ok
11:22:09.0156 2948 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:22:09.0157 2948 flpydisk - ok
11:22:09.0194 2948 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
11:22:09.0198 2948 FltMgr - ok
11:22:09.0261 2948 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:22:09.0263 2948 fssfltr - ok
11:22:09.0304 2948 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
11:22:09.0305 2948 Fs_Rec - ok
11:22:09.0345 2948 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:22:09.0346 2948 gagp30kx - ok
11:22:09.0417 2948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:22:09.0418 2948 GEARAspiWDM - ok
11:22:09.0616 2948 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:22:09.0634 2948 HDAudBus - ok
11:22:09.0766 2948 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:22:09.0767 2948 HidBth - ok
11:22:09.0819 2948 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
11:22:09.0821 2948 HidIr - ok
11:22:09.0855 2948 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
11:22:09.0856 2948 HidUsb - ok
11:22:09.0914 2948 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:22:09.0916 2948 HpCISSs - ok
11:22:10.0146 2948 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:22:10.0164 2948 HSF_DPV - ok
11:22:10.0267 2948 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
11:22:10.0273 2948 HTTP - ok
11:22:10.0336 2948 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:22:10.0337 2948 i2omp - ok
11:22:10.0411 2948 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:22:10.0412 2948 i8042prt - ok
11:22:10.0482 2948 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:22:10.0487 2948 iaStorV - ok
11:22:11.0376 2948 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:22:11.0817 2948 igfx - ok
11:22:11.0979 2948 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:22:11.0980 2948 iirsp - ok
11:22:12.0120 2948 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
11:22:12.0149 2948 IntcAzAudAddService - ok
11:22:12.0185 2948 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:22:12.0186 2948 intelide - ok
11:22:12.0228 2948 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:22:12.0229 2948 intelppm - ok
11:22:12.0582 2948 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:22:12.0584 2948 IpFilterDriver - ok
11:22:12.0893 2948 IpInIp - ok
11:22:12.0979 2948 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:22:12.0980 2948 IPMIDRV - ok
11:22:13.0055 2948 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:22:13.0057 2948 IPNAT - ok
11:22:13.0081 2948 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:22:13.0082 2948 IRENUM - ok
11:22:13.0141 2948 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:22:13.0142 2948 isapnp - ok
11:22:13.0193 2948 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
11:22:13.0195 2948 iScsiPrt - ok
11:22:13.0230 2948 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:22:13.0231 2948 iteatapi - ok
11:22:13.0279 2948 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:22:13.0285 2948 iteraid - ok
11:22:13.0303 2948 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:22:13.0304 2948 kbdclass - ok
11:22:13.0370 2948 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
11:22:13.0371 2948 kbdhid - ok
11:22:13.0439 2948 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
11:22:13.0446 2948 KSecDD - ok
11:22:13.0563 2948 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:22:13.0564 2948 ksthunk - ok
11:22:13.0696 2948 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:22:13.0697 2948 LHidFilt - ok
11:22:13.0843 2948 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:22:13.0845 2948 lltdio - ok
11:22:14.0012 2948 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:22:14.0019 2948 LMouFilt - ok
11:22:14.0110 2948 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:22:14.0112 2948 LSI_FC - ok
11:22:14.0181 2948 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:22:14.0184 2948 LSI_SAS - ok
11:22:14.0204 2948 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:22:14.0206 2948 LSI_SCSI - ok
11:22:14.0239 2948 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:22:14.0240 2948 luafv - ok
11:22:14.0264 2948 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:22:14.0268 2948 MBAMProtector - ok
11:22:14.0331 2948 MCSTRM - ok
11:22:14.0383 2948 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:22:14.0384 2948 mdmxsdk - ok
11:22:14.0460 2948 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:22:14.0461 2948 megasas - ok
11:22:14.0583 2948 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:22:14.0588 2948 MegaSR - ok
11:22:14.0629 2948 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:22:14.0632 2948 Modem - ok
11:22:14.0680 2948 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:22:14.0681 2948 monitor - ok
11:22:14.0989 2948 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:22:14.0991 2948 mouclass - ok
11:22:15.0095 2948 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:22:15.0096 2948 mouhid - ok
11:22:15.0154 2948 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:22:15.0156 2948 MountMgr - ok
11:22:15.0218 2948 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:22:15.0220 2948 mpio - ok
11:22:15.0251 2948 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:22:15.0253 2948 mpsdrv - ok
11:22:15.0288 2948 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:22:15.0295 2948 Mraid35x - ok
11:22:15.0333 2948 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
11:22:15.0336 2948 MRxDAV - ok
11:22:15.0407 2948 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:22:15.0408 2948 mrxsmb - ok
11:22:15.0596 2948 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:22:15.0599 2948 mrxsmb10 - ok
11:22:15.0690 2948 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:22:15.0691 2948 mrxsmb20 - ok
11:22:16.0004 2948 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
11:22:16.0006 2948 msahci - ok
11:22:16.0055 2948 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:22:16.0057 2948 msdsm - ok
11:22:16.0095 2948 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:22:16.0096 2948 Msfs - ok
11:22:16.0127 2948 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:22:16.0129 2948 msisadrv - ok
11:22:16.0183 2948 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:22:16.0187 2948 MSKSSRV - ok
11:22:16.0241 2948 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:22:16.0242 2948 MSPCLOCK - ok
11:22:16.0295 2948 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:22:16.0295 2948 MSPQM - ok
11:22:16.0399 2948 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
11:22:16.0402 2948 MsRPC - ok
11:22:16.0563 2948 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:22:16.0564 2948 mssmbios - ok
11:22:16.0639 2948 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:22:16.0640 2948 MSTEE - ok
11:22:16.0667 2948 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
11:22:16.0669 2948 Mup - ok
11:22:16.0738 2948 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
11:22:16.0758 2948 NativeWifiP - ok
11:22:16.0880 2948 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
11:22:16.0886 2948 NDIS - ok
11:22:17.0028 2948 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:22:17.0029 2948 NdisTapi - ok
11:22:17.0089 2948 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:22:17.0091 2948 Ndisuio - ok
11:22:17.0138 2948 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
11:22:17.0141 2948 NdisWan - ok
11:22:17.0154 2948 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:22:17.0156 2948 NDProxy - ok
11:22:17.0188 2948 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:22:17.0189 2948 NetBIOS - ok
11:22:17.0331 2948 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
11:22:17.0338 2948 netbt - ok
11:22:17.0443 2948 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:22:17.0445 2948 nfrd960 - ok
11:22:17.0506 2948 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
11:22:17.0508 2948 Npfs - ok
11:22:17.0603 2948 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:22:17.0605 2948 nsiproxy - ok
11:22:18.0110 2948 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
11:22:18.0120 2948 Ntfs - ok
11:22:18.0163 2948 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:22:18.0164 2948 Null - ok
11:22:18.0212 2948 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:22:18.0214 2948 nvraid - ok
11:22:18.0229 2948 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:22:18.0231 2948 nvstor - ok
11:22:18.0333 2948 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:22:18.0335 2948 nv_agp - ok
11:22:18.0402 2948 NwlnkFlt - ok
11:22:18.0415 2948 NwlnkFwd - ok
11:22:18.0460 2948 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
11:22:18.0462 2948 ohci1394 - ok
11:22:18.0528 2948 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
11:22:18.0531 2948 Parport - ok
11:22:18.0566 2948 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
11:22:18.0568 2948 partmgr - ok
11:22:18.0617 2948 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
11:22:18.0619 2948 pci - ok
11:22:18.0768 2948 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
11:22:18.0770 2948 pciide - ok
11:22:18.0876 2948 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:22:18.0880 2948 pcmcia - ok
11:22:18.0928 2948 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
11:22:18.0930 2948 PCTBD - ok
11:22:18.0978 2948 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
11:22:18.0984 2948 PCTCore - ok
11:22:19.0140 2948 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\Windows\system32\drivers\pctDS64.sys
11:22:19.0212 2948 pctDS - ok
11:22:19.0276 2948 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\Windows\system32\drivers\pctEFA64.sys
11:22:19.0284 2948 pctEFA - ok
11:22:19.0324 2948 pctgntdi (c99a3ee29f23a5d61bd127b48ac9a64e) C:\Windows\System32\drivers\pctgntdi64.sys
11:22:19.0327 2948 pctgntdi - ok
11:22:19.0419 2948 pctplsg (73ed285bdce37b3ab69cc5a371bf3010) C:\Windows\System32\drivers\pctplsg64.sys
11:22:19.0420 2948 pctplsg - ok
11:22:19.0453 2948 PCTSD (13635ffcaeebddbe2ca93b1218d8331f) C:\Windows\system32\Drivers\PCTSD64.sys
11:22:19.0455 2948 PCTSD - ok
11:22:19.0570 2948 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:22:19.0577 2948 PEAUTH - ok
11:22:19.0945 2948 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
11:22:19.0948 2948 PptpMiniport - ok
11:22:20.0009 2948 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
11:22:20.0011 2948 Processor - ok
11:22:20.0059 2948 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
11:22:20.0061 2948 PSched - ok
11:22:20.0130 2948 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:22:20.0133 2948 PxHlpa64 - ok
11:22:20.0275 2948 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:22:20.0351 2948 ql2300 - ok
11:22:20.0532 2948 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:22:20.0535 2948 ql40xx - ok
11:22:20.0625 2948 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:22:20.0627 2948 QWAVEdrv - ok
11:22:21.0041 2948 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
11:22:21.0092 2948 R300 - ok
11:22:21.0125 2948 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:22:21.0126 2948 RasAcd - ok
11:22:21.0191 2948 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:22:21.0193 2948 Rasl2tp - ok
11:22:21.0246 2948 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
11:22:21.0247 2948 RasPppoe - ok
11:22:21.0434 2948 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
11:22:21.0435 2948 RasSstp - ok
11:22:21.0838 2948 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
11:22:21.0841 2948 rdbss - ok
11:22:22.0013 2948 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:22:22.0015 2948 RDPCDD - ok
11:22:22.0089 2948 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
11:22:22.0093 2948 rdpdr - ok
11:22:22.0100 2948 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:22:22.0101 2948 RDPENCDD - ok
11:22:22.0128 2948 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
11:22:22.0131 2948 RDPWD - ok
11:22:22.0187 2948 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:22:22.0188 2948 rspndr - ok
11:22:22.0257 2948 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:22:22.0257 2948 SASDIFSV - ok
11:22:22.0262 2948 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:22:22.0264 2948 SASKUTIL - ok
11:22:22.0472 2948 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:22:22.0474 2948 sbp2port - ok
11:22:22.0605 2948 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
11:22:22.0607 2948 Serenum - ok
11:22:22.0640 2948 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
11:22:22.0641 2948 Serial - ok
11:22:22.0669 2948 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:22:22.0670 2948 sermouse - ok
11:22:22.0748 2948 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:22:22.0749 2948 sffdisk - ok
11:22:22.0816 2948 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:22:22.0817 2948 sffp_mmc - ok
11:22:22.0890 2948 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:22:22.0891 2948 sffp_sd - ok
11:22:22.0946 2948 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
11:22:22.0947 2948 sfloppy - ok
11:22:23.0025 2948 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:22:23.0026 2948 SiSRaid2 - ok
11:22:23.0063 2948 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:22:23.0064 2948 SiSRaid4 - ok
11:22:23.0146 2948 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
11:22:23.0148 2948 Smb - ok
11:22:23.0268 2948 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
11:22:23.0269 2948 spldr - ok
11:22:23.0365 2948 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
11:22:23.0370 2948 srv - ok
11:22:23.0393 2948 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
11:22:23.0398 2948 srv2 - ok
11:22:23.0413 2948 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
11:22:23.0416 2948 srvnet - ok
11:22:23.0532 2948 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
11:22:23.0533 2948 StillCam - ok
11:22:23.0630 2948 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:22:23.0631 2948 swenum - ok
11:22:23.0698 2948 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:22:23.0699 2948 Symc8xx - ok
11:22:23.0759 2948 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:22:23.0761 2948 Sym_hi - ok
11:22:23.0824 2948 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:22:23.0839 2948 Sym_u3 - ok
11:22:23.0916 2948 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
11:22:23.0927 2948 Tcpip - ok
11:22:24.0038 2948 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
11:22:24.0049 2948 Tcpip6 - ok
11:22:24.0083 2948 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
11:22:24.0084 2948 tcpipreg - ok
11:22:24.0160 2948 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:22:24.0161 2948 TDPIPE - ok
11:22:24.0229 2948 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:22:24.0231 2948 TDTCP - ok
11:22:24.0284 2948 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
11:22:24.0286 2948 tdx - ok
11:22:24.0317 2948 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
11:22:24.0318 2948 TermDD - ok
11:22:24.0354 2948 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
11:22:24.0357 2948 TfFsMon - ok
11:22:24.0458 2948 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
11:22:24.0459 2948 TfNetMon - ok
11:22:24.0893 2948 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
11:22:24.0899 2948 TFSysMon - ok
11:22:25.0008 2948 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:22:25.0015 2948 tssecsrv - ok
11:22:25.0053 2948 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:22:25.0054 2948 tunmp - ok
11:22:25.0104 2948 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
11:22:25.0105 2948 tunnel - ok
11:22:25.0268 2948 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:22:25.0270 2948 uagp35 - ok
11:22:25.0341 2948 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
11:22:25.0356 2948 udfs - ok
11:22:25.0470 2948 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:22:25.0472 2948 uliagpkx - ok
11:22:25.0513 2948 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:22:25.0517 2948 uliahci - ok
11:22:25.0550 2948 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:22:25.0552 2948 UlSata - ok
11:22:25.0593 2948 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:22:25.0618 2948 ulsata2 - ok
11:22:25.0649 2948 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:22:25.0651 2948 umbus - ok
11:22:25.0693 2948 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:22:25.0694 2948 USBAAPL64 - ok
11:22:25.0881 2948 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
11:22:25.0883 2948 usbccgp - ok
11:22:25.0976 2948 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
11:22:25.0978 2948 usbcir - ok
11:22:26.0041 2948 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
11:22:26.0046 2948 usbehci - ok
11:22:26.0148 2948 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
11:22:26.0152 2948 usbhub - ok
11:22:26.0185 2948 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
11:22:26.0186 2948 usbohci - ok
11:22:26.0246 2948 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
11:22:26.0248 2948 usbprint - ok
11:22:26.0261 2948 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
11:22:26.0262 2948 usbscan - ok
11:22:26.0305 2948 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:22:26.0306 2948 USBSTOR - ok
11:22:26.0333 2948 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:22:26.0334 2948 usbuhci - ok
11:22:26.0399 2948 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:22:26.0400 2948 vga - ok
11:22:26.0469 2948 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:22:26.0470 2948 VgaSave - ok
11:22:26.0826 2948 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:22:26.0828 2948 viaide - ok
11:22:26.0957 2948 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
11:22:26.0958 2948 volmgr - ok
11:22:27.0015 2948 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
11:22:27.0019 2948 volmgrx - ok
11:22:27.0049 2948 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
11:22:27.0052 2948 volsnap - ok
11:22:27.0097 2948 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:22:27.0100 2948 vsmraid - ok
11:22:27.0149 2948 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:22:27.0150 2948 WacomPen - ok
11:22:27.0294 2948 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:27.0295 2948 Wanarp - ok
11:22:27.0328 2948 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:27.0330 2948 Wanarpv6 - ok
11:22:27.0395 2948 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:22:27.0396 2948 Wd - ok
11:22:27.0596 2948 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:22:27.0602 2948 Wdf01000 - ok
11:22:27.0732 2948 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:22:27.0739 2948 winachsf - ok
11:22:27.0850 2948 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
11:22:27.0851 2948 WmiAcpi - ok
11:22:27.0892 2948 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:22:27.0896 2948 ws2ifsl - ok
11:22:27.0946 2948 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:22:27.0947 2948 WUDFRd - ok
11:22:27.0991 2948 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
11:22:27.0992 2948 XAudio - ok
11:22:28.0062 2948 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
11:22:29.0281 2948 \Device\Harddisk0\DR0 - ok
11:22:29.0317 2948 Boot (0x1200) (9cb736b8eba99aab8217ff23d8e60310) \Device\Harddisk0\DR0\Partition0
11:22:29.0321 2948 \Device\Harddisk0\DR0\Partition0 - ok
11:22:29.0378 2948 Boot (0x1200) (99fd39222fbeed53c673f6ea1e9c9379) \Device\Harddisk0\DR0\Partition1
11:22:29.0382 2948 \Device\Harddisk0\DR0\Partition1 - ok
11:22:29.0383 2948 ============================================================
11:22:29.0383 2948 Scan finished
11:22:29.0383 2948 ============================================================
11:22:29.0414 6688 Detected object count: 0
11:22:29.0414 6688 Actual detected object count: 0
11:22:46.0987 6728 Deinitialize success


FINALLY, aswMBR has been running for 7 hours. Did one earlier and stopped it after 6 hours and will show you those results. Am letting aswMbr continue to run to completion, whenever that is :)

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 01:38:56
-----------------------------
01:38:56.608 OS Version: Windows x64 6.0.6002 Service Pack 2
01:38:56.608 Number of processors: 2 586 0x1706
01:38:56.610 ComputerName: MDTAVENNER-PC UserName: MD Tavenner
01:39:00.890 Initialize success
01:40:19.231 AVAST engine defs: 12022301
01:40:52.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:40:52.723 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
01:40:52.736 Disk 0 MBR read successfully
01:40:52.741 Disk 0 MBR scan
01:40:52.893 Disk 0 Windows VISTA default MBR code
01:40:52.897 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:40:53.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
01:40:53.101 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
01:40:53.327 Disk 0 scanning C:\Windows\system32\drivers
01:41:40.652 Service scanning
01:42:31.564 Modules scanning
01:42:31.575 Disk 0 trace - called modules:
01:42:31.621 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys ataport.SYS pciide.sys
01:42:31.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f1a790]
01:42:31.636 3 CLASSPNP.SYS[fffffa6001446c33] -> nt!IofCallDriver -> [0xfffffa8004f15760]
01:42:31.644 5 PCTCore64.sys[fffffa6000a52f38] -> nt!IofCallDriver -> [0xfffffa8004c83820]
01:42:31.651 7 acpi.sys[fffffa600093bfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004cb0060]
01:42:33.617 AVAST engine scan C:\
02:18:19.178 File: C:\ProgramData\Microsoft\Windows\DRM\5431.tmp **INFECTED** Win32:Malware-gen
02:19:40.843 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
02:19:41.443 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
02:19:41.615 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
02:19:42.005 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:42.141 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:42.489 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
02:19:42.839 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
02:19:43.005 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
02:19:43.435 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:43.595 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
06:45:29.618 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Documents\MBR.dat"
06:45:29.624 The log file has been saved successfully to "C:\Users\MD Tavenner\Documents\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 01:38:56
-----------------------------
01:38:56.608 OS Version: Windows x64 6.0.6002 Service Pack 2
01:38:56.608 Number of processors: 2 586 0x1706
01:38:56.610 ComputerName: MDTAVENNER-PC UserName: MD Tavenner
01:39:00.890 Initialize success
01:40:19.231 AVAST engine defs: 12022301
01:40:52.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:40:52.723 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
01:40:52.736 Disk 0 MBR read successfully
01:40:52.741 Disk 0 MBR scan
01:40:52.893 Disk 0 Windows VISTA default MBR code
01:40:52.897 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:40:53.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
01:40:53.101 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
01:40:53.327 Disk 0 scanning C:\Windows\system32\drivers
01:41:40.652 Service scanning
01:42:31.564 Modules scanning
01:42:31.575 Disk 0 trace - called modules:
01:42:31.621 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys ataport.SYS pciide.sys
01:42:31.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f1a790]
01:42:31.636 3 CLASSPNP.SYS[fffffa6001446c33] -> nt!IofCallDriver -> [0xfffffa8004f15760]
01:42:31.644 5 PCTCore64.sys[fffffa6000a52f38] -> nt!IofCallDriver -> [0xfffffa8004c83820]
01:42:31.651 7 acpi.sys[fffffa600093bfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004cb0060]
01:42:33.617 AVAST engine scan C:\
02:18:19.178 File: C:\ProgramData\Microsoft\Windows\DRM\5431.tmp **INFECTED** Win32:Malware-gen
02:19:40.843 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
02:19:41.443 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
02:19:41.615 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
02:19:42.005 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:42.141 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:42.489 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
02:19:42.839 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
02:19:43.005 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
02:19:43.435 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
02:19:43.595 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
06:45:29.618 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Documents\MBR.dat"
06:45:29.624 The log file has been saved successfully to "C:\Users\MD Tavenner\Documents\aswMBR.txt"
06:48:40.703 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Documents\MBR.dat"
06:48:40.713 The log file has been saved successfully to "C:\Users\MD Tavenner\Documents\aswMBR.txt"


As i said, I restarted another scan in this and it is still running.

I hope this helps, sorry i could not get the RKILL to work.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 24 February 2012 - 09:44 PM

Ok please do 2 more scans as i am not getting a clear idea.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.



EDIT: also an info scan
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 24 February 2012 - 09:46 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 24 February 2012 - 10:36 PM

Okay...THANKS...will get on it.

Should I let the aswMBR scan finish before rebooting. it has to be finished soon, it has been 10 hours.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 24 February 2012 - 10:54 PM

let it finish. I may be gone foe the night but will look back early.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 10:09 AM

Okay,

1. Here is the finally finished running aswMBR..................



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 12:20:45
-----------------------------
12:20:45.346 OS Version: Windows x64 6.0.6002 Service Pack 2
12:20:45.347 Number of processors: 2 586 0x1706
12:20:45.348 ComputerName: MDTAVENNER-PC UserName: MD Tavenner
12:20:50.931 Initialize success
12:21:27.588 AVAST engine defs: 12022301
12:22:19.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:22:19.142 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
12:22:19.263 Disk 0 MBR read successfully
12:22:19.267 Disk 0 MBR scan
12:22:20.780 Disk 0 Windows VISTA default MBR code
12:22:20.792 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:22:22.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:22:23.886 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
12:22:26.998 Disk 0 scanning C:\Windows\system32\drivers
12:24:17.909 Service scanning
12:24:46.457 Modules scanning
12:24:46.470 Disk 0 trace - called modules:
12:24:46.516 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:24:46.526 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061a7790]
12:24:46.532 3 CLASSPNP.SYS[fffffa600140dc33] -> nt!IofCallDriver -> [0xfffffa80060a2820]
12:24:46.540 5 PCTCore64.sys[fffffa6000a51f38] -> nt!IofCallDriver -> [0xfffffa8004c63930]
12:24:46.552 7 acpi.sys[fffffa6000947fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c70060]
12:24:49.996 AVAST engine scan C:\
12:59:24.751 File: C:\ProgramData\Microsoft\Windows\DRM\5431.tmp **INFECTED** Win32:Malware-gen
13:00:16.003 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
13:00:16.177 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
13:00:16.287 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
13:00:16.570 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
13:00:16.652 File: C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
13:00:16.922 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0000.dta **INFECTED** Win32:DNSChanger-VJ [Trj]
13:00:17.068 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-AQB [Rtk]
13:00:17.173 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0003.dta **INFECTED** MBR:Pihar-C [Rtk]
13:00:17.366 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0007.dta **INFECTED** Win32:Alureon-ANW [Rtk]
13:00:17.453 File: C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0008.dta **INFECTED** Win32:Alureon-ANW [Rtk]
05:54:36.729 Scan finished successfully
08:22:38.517 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Desktop\MBR.dat"
08:22:38.628 The log file has been saved successfully to "C:\Users\MD Tavenner\Desktop\aswMBR 02-25-12.txt"


2. ESET Online Scan

C:\ProgramData\Microsoft\Windows\DRM\5431.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.02.2012_17.25.31\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_01.12.34\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\MD Tavenner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3cd53165-2482151c Java/Exploit.CVE-2011-3544.AQ trojan deleted - quarantined
C:\Users\MD Tavenner\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110402075405851.rsc multiple threats deleted - quarantined

3. MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
MD Tavenner :: MDTAVENNER-PC [administrator]

Protection: Disabled

2/24/2012 10:56:37 PM
mbam-log-2012-02-24 (22-56-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187321
Time elapsed: 45 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


4. Mini ToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by MD Tavenner (administrator) on 25-02-2012 at 09:40:33
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MDTavenner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-26-C7-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1a0:8c7f:64b7:a18%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, February 25, 2012 9:14:59 AM
Lease Expires . . . . . . . . . . : Sunday, February 26, 2012 9:14:59 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2B-D2-EC-00-21-9B-26-C7-38
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.250.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.132
74.125.226.131
74.125.226.129
74.125.226.136
74.125.226.133
74.125.226.134
74.125.226.137
74.125.226.135
74.125.226.128
74.125.226.130
74.125.226.142



Pinging google.com [173.194.43.38] with 32 bytes of data:

Reply from 173.194.43.38: bytes=32 time=17ms TTL=250

Reply from 173.194.43.38: bytes=32 time=18ms TTL=250



Ping statistics for 173.194.43.38:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=52ms TTL=250

Reply from 209.191.122.70: bytes=32 time=51ms TTL=250



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 52ms, Average = 51ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 9b 26 c7 38 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.home
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::c1a0:8c7f:64b7:a18/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2012 09:15:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2012 04:57:45 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f18
Start Time: 01ccf30df5dbe7ce
Termination Time: 0

Error: (02/24/2012 04:06:56 PM) (Source: Application Hang) (User: )
Description: The program avgui.exe version 12.0.0.1912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2154
Start Time: 01ccf3376211f1ee
Termination Time: 6

Error: (02/24/2012 03:59:07 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1858
Start Time: 01ccf3144a3811de
Termination Time: 221

Error: (02/24/2012 11:49:38 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 684
Start Time: 01ccf30ef6db12de
Termination Time: 62

Error: (02/24/2012 11:49:35 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 14f8
Start Time: 01ccf30eff1a95be
Termination Time: 10

Error: (02/24/2012 11:04:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2012 01:16:08 AM) (Source: Application Hang) (User: )
Description: The program avgui.exe version 12.0.0.1912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da8
Start Time: 01ccf2b4d1aad290
Termination Time: 22

Error: (02/24/2012 00:04:57 AM) (Source: Application Error) (User: )
Description: Faulting application avgsystx.exe, version 12.0.0.1773, time stamp 0x4e37573b, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000005, fault offset 0x00030226,
process id 0x16c8, application start time 0xavgsystx.exe0.

Error: (02/24/2012 00:04:42 AM) (Source: Application Error) (User: )
Description: Faulting application avgsysta.exe, version 12.0.0.1773, time stamp 0x4e375f4b, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e855, exception code 0xc0000005, fault offset 0x000000000002574a,
process id 0x20e8, application start time 0xavgsysta.exe0.


System errors:
=============
Error: (02/25/2012 09:17:02 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/25/2012 09:15:47 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/25/2012 08:36:30 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (02/24/2012 11:33:52 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/24/2012 11:05:46 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/24/2012 11:04:49 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/23/2012 08:44:28 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/23/2012 08:43:55 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (02/23/2012 08:36:52 PM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (02/23/2012 08:34:47 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (02/25/2012 09:15:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2012 04:57:45 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005f1801ccf30df5dbe7ce0

Error: (02/24/2012 04:06:56 PM) (Source: Application Hang)(User: )
Description: avgui.exe12.0.0.1912215401ccf3376211f1ee6

Error: (02/24/2012 03:59:07 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421185801ccf3144a3811de221

Error: (02/24/2012 11:49:38 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1642168401ccf30ef6db12de62

Error: (02/24/2012 11:49:35 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1642114f801ccf30eff1a95be10

Error: (02/24/2012 11:04:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2012 01:16:08 AM) (Source: Application Hang)(User: )
Description: avgui.exe12.0.0.1912da801ccf2b4d1aad29022

Error: (02/24/2012 00:04:57 AM) (Source: Application Error)(User: )
Description: avgsystx.exe12.0.0.17734e37573bntdll.dll6.0.6002.185414ec3e39fc00000050003022616c801ccf2b10f791b30

Error: (02/24/2012 00:04:42 AM) (Source: Application Error)(User: )
Description: avgsysta.exe12.0.0.17734e375f4bntdll.dll6.0.6002.185414ec3e855c0000005000000000002574a20e801ccf2b10fc03650


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62)
Apple Mobile Device Support (Version: 4.0.0.97)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.15)
CDDRV_Installer (Version: 4.60)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Dell Dock (Version: 1.0.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J6400 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 10.0 (Version: 10.0)
iCloud (Version: 1.0.2.17)
iTunes (Version: 10.5.3.3)
KhalInstallWrapper (Version: 4.72.40)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Shop for HP Supplies (Version: 10.0)
SUPERAntiSpyware (Version: 5.0.1144)
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
WinRAR 4.10 beta 2 (64-bit) (Version: 4.10.2)
Yahoo! BrowserPlus 2.7.1

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 4084.27 MB
Available physical RAM: 1976.98 MB
Total Pagefile: 8343.79 MB
Available Pagefile: 5732.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.9 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:117.99 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.41 GB) NTFS

========================= Users: ========================================

User accounts for \\MDTAVENNER-PC

Administrator Guest MD Tavenner


**** End of log ****

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 25 February 2012 - 11:04 AM

Hello, That's a lot of malware,good to get it off.

Lets be sure we get theMBR infections.
To check for and confirm the MBR (Master Boot Record)rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 12:01 PM

big problem.

root Directory is protected in Vista. I downloaded mbr.exe to desktop.

Upon opening black window appeared. Typed in c:\mbr.exe >>"C:\mbr.log" and it said access denied.

FYI, computer is running slower than ever.

#10 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 12:22 PM

Also the black box said "error in MBR" and "handle is invalid".

That was after double clicking the mbr.exe file

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 25 February 2012 - 01:39 PM

Try once more.. at the type: cmd.exe part.
After you type cmd.exe a list pops up above that and you see a cmd.exe icon.
Right click that icon. Swlect Run as Administrator and continue
[*]At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
[*]press Enter.
[*]The process is automatic...a black DOS window will open and quickly disappear. This is normal.
[*]A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
[*]Copy and paste the results of the mbr.log in your next reply.[/list]If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 03:15 PM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

#13 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 03:20 PM

For what it is worth, TWICE today I have had about 20 emails sent back to me by postmaster@verizon.net (my mailer server) as undeliverable. I did not send them and they are to addresses I do not know.

Have I been hijacked ?????????????

Here is one of them..............

This report relates to a message you sent with the following header fields:

Message-id: <1022985738.344227.1330200312318.JavaMail.root@vms231.mailsrvcs.net>
Date: Sat, 25 Feb 2012 14:05:12 -0600 (CST)
From: mdtnyr1994@verizon.net
To: anelkaantalyali@mynet.com
Subject: 2Did you get ready? s

Your message cannot be delivered to the following recipients:

Recipient address: anelkaantalyali@mynet.com
Reason: Remote SMTP server has rejected address
Diagnostic code: smtp;550 no such user / bu isimde hesap yok (#4.3.0)
Remote system: dns;mail.mynet.com (TCP|206.46.173.5|59710|212.101.97.136|25) (olga.mynet.com.tr ESMTP)

#14 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:07:48 AM

Posted 25 February 2012 - 03:24 PM

Here is another one...different, but also bounced back as undeliverable. Don't know what it means but too much info is alwaysbetter than too little.

I appreciate your patience.

Message from yahoo.com.
Unable to deliver message to the following address(es).

<angel2u70@yahoo.com>:
This user doesn't have a yahoo.com account (angel2u70@yahoo.com) [0]

<angel2x2006@yahoo.com>:
This user doesn't have a yahoo.com account (angel2x2006@yahoo.com) [-5]

--- Original message follows.

Return-Path: <vzevl257@verizon.net>
X-YahooFilteredBulk: 206.46.173.1
Received-SPF: pass (domain of verizon.net designates 206.46.173.1 as permitted sender)
X-YMailISG: v9IikcYWLDvOoux6W8HtA31d8_Z6c7MljvD0_3VDGP0iqYvZ
9njuXvJMHfBD1U_PdzptsmXgnznYUtwSpgDv9La18cWacNg.ojF8cfFofUG_
HlzH85h73VtDmVoqXx1_wKJj1yWDcQeK4R8F7d6jdDtOeYf5p0wikkxDynGO
utw2NyI9vVIcfRZXOMvS4wASfpExoi1yfMC65bucQ2HYqdf6G3NCF1FPQCng
1Qu7jdM31h8pkXqjTchhEHaObIUBKd1DIDUEMKc2u.1WB.FyL566j.QwAbz5
3WjAHjME.azt3_nTGjVi.TyFl7Jl8NkT8dDetzadxht1I3_zp0sQwJeBZ5OL
Sb9WGNCImCddGnfg9k4Wcy4zIDEnFWAOKBn5_TRRVsTNbbyu0mqJmcc.saPl
zYHY1UjH5bUEEg6iIxMwxXRGjNaTCCoqjk0kqtp0zn1UIjsyrVnLgq.whq_9
cqth9YaOAU1b1X0GbqGoJQs3cDM8nvyoSO8ij563Etow7sGpg6epUh9tF1LT
XOCIX97L8v6xenVbfoiqTwBNY9hK6joUjmfQf16GncMdsMcO1VtKdcs6Game
vogctv3gMGdAie1PfNJ5nMYuUnf3BipOssfhJtXx8nq2xe_92BZfpVd438gs
LJmySs.Yus4ditSleCsODUCzPEr15ZJa8pcrGsmf0yd7mmi3fYUY.nhqivSu
2KMSD.LtxR9Zbdn4AO.wpR8Gx.8YFbxlT_rkwfuXMnq90GfBz1pQmNzsclkU
lr7DqOpS.ZRrHyFhZpjnjo6qJthu1GI_TaMHWnIFx_uukhi6ucOtaus8gQ89
VX5HKisnM4k242x3.SHxeYNhQYPh6R7kIYW1gd9vsYJeAOjqjPMcy7fYPEw8
IWIm0uvBsBWqa22m3adSDSwuJTUMxailyn4UWqlD1Dsc_cvHWb230324eF21
fGNN6Rudm1NlobRFRgImZbS7PapOBzFhW47kR390UG.V4gdzQccCMvWbWWm5
odanhDWJCmln6S7WccSZEF_0NSH6AFxigA2sgTIY_jr52EfQubPSnQDDAvyH
eP.nS5LNkeiDt2QwsdE4PkLTJorG6a.HLhB1IiXA7vC1PpA1kIow4di1r3tx
r3VMT8CX627fhChQjX_4lBq04yGb93irfDZx_WQoAYwyo_xNskYrJQ--
X-Originating-IP: [206.46.173.1]
Authentication-Results: mta1013.mail.bf1.yahoo.com from=verizon.net; domainkeys=neutral (no sig); from=verizon.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO vms173001.mailsrvcs.net) (206.46.173.1)
by mta1013.mail.bf1.yahoo.com with SMTP; Sat, 25 Feb 2012 12:05:38 -0800
Received: from vms231.mailsrvcs.net ([unknown] [192.168.1.2])
by vms173001.mailsrvcs.net
(Sun Java™ System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTPA id <0LZY00I93T58A6HS@vms173001.mailsrvcs.net>; Sat,
25 Feb 2012 14:05:35 -0600 (CST)
Received: from 92.118.24.84 ([92.118.24.84])
by vms231.mailsrvcs.net (Verizon Webmail) with HTTP; Sat,
25 Feb 2012 14:05:32 -0600 (CST)
Date: Sat, 25 Feb 2012 14:05:32 -0600 (CST)
From: vzevl257@verizon.net
To: angel2u6@juno.com
Message-id: <1712621968.344257.1330200332852.JavaMail.root@vms231.mailsrvcs.net>
Subject: Re: Are you ready? 95
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: 7bit
X-Originating-IP: [92.118.24.84]

hiya, i've tot,ally hav:e 'been aching to forward yo_u this http://wtim.es/xPDrD2?txXyJDVSpLjbX







Childe Harold.,
But thelast w,as unnec:es'sary, not a minute elapsi_ng before Hetty retu.rnedt!o communicate that a ll was: safe.


*** MESSAGE TRUNCATED ***


.





=======
Email scanned by PC Tools - No viruses or spyware found.
(Email Guard: 9.0.0.909, Virus/Spyware Database: 6.19330)
http://www.pctools.com/
=======

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 AM

Posted 25 February 2012 - 07:13 PM

Hello, we have something we can not get to here. We nrrd stronger tools.
On the mail issue ,you appear to be compromised. You need to change your email password.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users