Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat found in memory/explorer.exe/variant of win32/gataka Trojan


  • This topic is locked This topic is locked
39 replies to this topic

#1 Showbiz

Showbiz

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 February 2012 - 07:54 AM

Hi,

I'm in need of some help please!

I have somehow managed to pickup a Trojan virus.

NOD32 discovers it during its start-up scan and cannot get rid of it.

Error reads something along the lines of:

"Threat found in memory - operating memory > explorer.exe - variant of win32/gataka.A trojan - unable to clean"

My system is now noticeably slower, especially when browsing webpages and the opening of windows explorer etc.

I have tried booting to safe mode and running a scan there, but it doesn't get rid of it.

MBAM doesn't help either.

I have attached the requested GMER log however cannot get DDS to run for some reason (just sits there and does nothing).

Hopefully someone can still help me!

Cheers

Attached Files

  • Attached File  ark.txt   20.46KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 25 February 2012 - 02:50 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 February 2012 - 06:42 PM

Hi Gringo! Thanks for taking the case.

I ran 'unhide' but on drive d got the following error and it terminated: "Windows Script Host access disabled".

Here's a copy of the OTL.Txt:

OTL logfile created on: 2/26/2012 9:48:52 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.99% Memory free
3.35 Gb Paging File | 2.79 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 12.20 Gb Free Space | 62.46% Space Free | Partition Type: NTFS
Drive D: | 129.51 Gb Total Space | 53.91 Gb Free Space | 41.63% Space Free | Partition Type: NTFS

Computer Name: SCOTT-9C24693E5 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- File not found
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (OlyCamComm) -- C:\WINDOWS\system32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (wcafix) -- C:\WINDOWS\system32\drivers\wcafix.sys ()
DRV - (ViBus) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (ViPrt) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (hidusbf) -- C:\WINDOWS\system32\drivers\hidusbf.sys (SweetLow)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS (3Com Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-1637723038-515967899-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1644491937-1637723038-515967899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 09:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/02/07 20:58:00 | 000,000,000 | ---D | M]

[2011/08/08 22:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/24 11:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u7fadc4f.default\extensions
[2011/12/24 11:36:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u7fadc4f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/08 22:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/19 09:48:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 08:14:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 08:14:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/03/01 17:12:48 | 000,297,075 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10266 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1644491937-1637723038-515967899-500..\Run: [Upgrade] C:\Documents and Settings\Administrator\Application Data\Dropbox\{D0435657-8B23-43B7-A85B-4A475108E52F}\Upgrade.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1644491937-1637723038-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O8 - Extra context menu item: &BOM hinzufügen - C:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.226.33 61.9.242.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0340951B-4267-4D36-B574-27F1FE0F72DD}: DhcpNameServer = 61.9.226.33 61.9.242.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA6B499E-313C-4881-B0D4-00B3B8DBE482}: DhcpNameServer = 192.168.0.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 22:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{83ff701d-0ee6-11e0-be11-0018f3cd1e11}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 09:40:16 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/26 09:25:45 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/26 09:17:59 | 000,492,146 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.exe
[2012/02/25 08:14:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/24 18:16:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/24 11:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2012/02/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/02/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/02/20 18:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Turbo Lister Backup
[2012/02/20 13:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Turbo Lister
[2012/02/20 13:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eBay
[2012/02/20 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2012/02/20 13:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\eBay
[2012/02/03 15:36:22 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2012/02/03 15:36:22 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 09:41:50 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/02/26 09:41:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/26 09:33:28 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2012/02/26 09:32:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/26 09:26:25 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/26 09:18:18 | 000,492,146 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.exe
[2012/02/26 09:11:33 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2012/02/26 09:11:27 | 000,271,918 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/26 09:11:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/26 09:11:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 15:24:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/20 13:19:42 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
[2012/02/20 13:19:34 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2012/02/20 13:13:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/15 18:09:48 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 17:29:24 | 000,431,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/15 17:29:24 | 000,067,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/03 15:36:22 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2012/02/03 15:36:22 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 09:40:40 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/02/26 09:33:28 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2012/02/26 09:32:26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/20 13:19:42 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
[2012/02/20 13:19:34 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2012/02/15 17:23:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 17:23:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/08/13 10:17:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/08 21:46:58 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< End of report >


Will await further instruction!

Cheers

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 25 February 2012 - 08:16 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 February 2012 - 09:01 PM

Gringo,

I received this error early on while trying to create a system restore point when running Combo Fix:

"CScript Error: Windows Script Host access is disabled. Contact administrator."

Any instruction on how to enable this properly so that I can continue on?

Cheers

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 25 February 2012 - 09:44 PM

Click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings

Look in the right pane for the value called Enabled. If its set to zero, double click it and set it to one. Or, alternatively, just delete the Enabled value, as it doesn't exist, by default.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 February 2012 - 10:19 PM

Thanks Gringo.

I enabled script host and this time it got past the error but then does nothing.

I left Combo Fix for over an hour and nothing changed in the dos box past "Attempting to create system restore point".

It wasn't frozen or anything (cursor just keeps flashing), but nothing from then onwards. Similar to DDS.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 25 February 2012 - 10:25 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 February 2012 - 10:47 PM

I did what you said but same result (nothing changed in the dos box past "Attempting to create system restore point").

There's some audible HDD noise prior but then nothing..

I've tried a few times now and made sure that Firewall and all AV was properly disabled.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 25 February 2012 - 11:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 February 2012 - 12:02 AM

TDSSKiller Log:

15:30:56.0203 1316 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
15:30:57.0218 1316 ============================================================
15:30:57.0218 1316 Current date / time: 2012/02/26 15:30:57.0218
15:30:57.0218 1316 SystemInfo:
15:30:57.0218 1316
15:30:57.0218 1316 OS Version: 5.1.2600 ServicePack: 3.0
15:30:57.0218 1316 Product type: Workstation
15:30:57.0218 1316 ComputerName: SCOTT-9C24693E5
15:30:57.0218 1316 UserName: Administrator
15:30:57.0218 1316 Windows directory: C:\WINDOWS
15:30:57.0218 1316 System windows directory: C:\WINDOWS
15:30:57.0218 1316 Processor architecture: Intel x86
15:30:57.0218 1316 Number of processors: 2
15:30:57.0218 1316 Page size: 0x1000
15:30:57.0218 1316 Boot type: Normal boot
15:30:57.0218 1316 ============================================================
15:31:00.0062 1316 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:31:00.0078 1316 \Device\Harddisk0\DR0:
15:31:00.0078 1316 MBR used
15:31:00.0078 1316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
15:31:00.0078 1316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1030354B
15:31:00.0125 1316 Initialize success
15:31:00.0125 1316 ============================================================
15:31:03.0796 2500 ============================================================
15:31:03.0796 2500 Scan started
15:31:03.0796 2500 Mode: Manual;
15:31:03.0796 2500 ============================================================
15:31:04.0781 2500 Abiosdsk - ok
15:31:04.0968 2500 abp480n5 - ok
15:31:05.0171 2500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:31:05.0171 2500 ACPI - ok
15:31:05.0359 2500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:31:05.0375 2500 ACPIEC - ok
15:31:05.0562 2500 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:31:05.0593 2500 ADIHdAudAddService - ok
15:31:05.0765 2500 adpu160m - ok
15:31:05.0968 2500 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
15:31:05.0968 2500 AEAudioService - ok
15:31:06.0171 2500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:31:06.0187 2500 aec - ok
15:31:06.0375 2500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:31:06.0390 2500 AFD - ok
15:31:06.0562 2500 Aha154x - ok
15:31:06.0750 2500 aic78u2 - ok
15:31:06.0921 2500 aic78xx - ok
15:31:07.0125 2500 AliIde - ok
15:31:07.0296 2500 amsint - ok
15:31:07.0500 2500 asc - ok
15:31:07.0687 2500 asc3350p - ok
15:31:07.0875 2500 asc3550 - ok
15:31:08.0109 2500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:31:08.0125 2500 AsyncMac - ok
15:31:08.0312 2500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:08.0328 2500 atapi - ok
15:31:08.0484 2500 Atdisk - ok
15:31:08.0703 2500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:31:08.0734 2500 audstub - ok
15:31:08.0921 2500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:31:08.0921 2500 Beep - ok
15:31:09.0140 2500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:31:09.0171 2500 cbidf2k - ok
15:31:09.0328 2500 cd20xrnt - ok
15:31:09.0515 2500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:31:09.0562 2500 Cdaudio - ok
15:31:09.0781 2500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:31:09.0812 2500 Cdfs - ok
15:31:10.0000 2500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:31:10.0031 2500 Cdrom - ok
15:31:10.0203 2500 Changer - ok
15:31:10.0437 2500 CmdIde - ok
15:31:10.0640 2500 Cpqarray - ok
15:31:10.0828 2500 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
15:31:10.0875 2500 cpuz135 - ok
15:31:11.0046 2500 dac2w2k - ok
15:31:11.0234 2500 dac960nt - ok
15:31:11.0453 2500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:11.0484 2500 Disk - ok
15:31:11.0718 2500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:31:11.0765 2500 dmboot - ok
15:31:11.0937 2500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:31:11.0984 2500 dmio - ok
15:31:12.0156 2500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:31:12.0156 2500 dmload - ok
15:31:12.0359 2500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:31:12.0359 2500 DMusic - ok
15:31:12.0562 2500 dpti2o - ok
15:31:12.0765 2500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:31:12.0796 2500 drmkaud - ok
15:31:13.0000 2500 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\WINDOWS\system32\DRIVERS\eamon.sys
15:31:13.0000 2500 eamon - ok
15:31:13.0203 2500 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
15:31:13.0203 2500 ehdrv - ok
15:31:13.0421 2500 EL90XBC (b61eaf446adf55cc0d0d5c5bbd3d1cae) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:31:13.0421 2500 EL90XBC - ok
15:31:13.0625 2500 epfwtdir (367a97a632ec5e8521f68ffa2c700610) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
15:31:13.0625 2500 epfwtdir - ok
15:31:13.0890 2500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:31:13.0921 2500 Fastfat - ok
15:31:14.0140 2500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:31:14.0171 2500 Fdc - ok
15:31:14.0359 2500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:31:14.0390 2500 Fips - ok
15:31:14.0578 2500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:31:14.0609 2500 Flpydisk - ok
15:31:14.0812 2500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:31:14.0843 2500 FltMgr - ok
15:31:15.0046 2500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:31:15.0078 2500 Fs_Rec - ok
15:31:15.0265 2500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:31:15.0281 2500 Ftdisk - ok
15:31:15.0437 2500 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
15:31:15.0453 2500 giveio - ok
15:31:15.0671 2500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:31:15.0687 2500 Gpc - ok
15:31:15.0875 2500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:31:15.0906 2500 HDAudBus - ok
15:31:16.0109 2500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:31:16.0140 2500 hidusb - ok
15:31:16.0343 2500 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
15:31:16.0375 2500 hidusbf - ok
15:31:16.0562 2500 hpn - ok
15:31:16.0796 2500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:31:16.0875 2500 HTTP - ok
15:31:17.0062 2500 i2omgmt - ok
15:31:17.0250 2500 i2omp - ok
15:31:17.0453 2500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:31:17.0515 2500 i8042prt - ok
15:31:17.0765 2500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:31:17.0812 2500 Imapi - ok
15:31:18.0000 2500 ini910u - ok
15:31:18.0187 2500 IntelIde - ok
15:31:18.0406 2500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:31:18.0484 2500 intelppm - ok
15:31:18.0718 2500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:31:18.0906 2500 Ip6Fw - ok
15:31:19.0093 2500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:31:19.0203 2500 IpFilterDriver - ok
15:31:19.0453 2500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:31:19.0546 2500 IpInIp - ok
15:31:19.0765 2500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:31:19.0781 2500 IpNat - ok
15:31:20.0000 2500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:31:20.0078 2500 IPSec - ok
15:31:20.0296 2500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:31:20.0421 2500 IRENUM - ok
15:31:20.0671 2500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:31:20.0671 2500 isapnp - ok
15:31:20.0906 2500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:31:20.0984 2500 Kbdclass - ok
15:31:21.0187 2500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:31:21.0203 2500 kmixer - ok
15:31:21.0453 2500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:31:21.0531 2500 KSecDD - ok
15:31:21.0781 2500 L8042Kbd (f3a17f3fd54ca73c0bcbcc3fe0c47e13) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:31:21.0781 2500 L8042Kbd - ok
15:31:22.0046 2500 lbrtfdc - ok
15:31:22.0328 2500 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:31:22.0343 2500 LHidFilt - ok
15:31:22.0703 2500 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:31:22.0718 2500 LMouFilt - ok
15:31:22.0953 2500 LUsbFilt (d42aa9f3baf17b2e7b0135c741f0be36) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:31:22.0968 2500 LUsbFilt - ok
15:31:23.0140 2500 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:31:23.0171 2500 MBAMProtector - ok
15:31:23.0437 2500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:31:23.0453 2500 Modem - ok
15:31:23.0687 2500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:31:23.0781 2500 Mouclass - ok
15:31:23.0968 2500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:31:24.0062 2500 mouhid - ok
15:31:24.0265 2500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:31:24.0390 2500 MountMgr - ok
15:31:24.0625 2500 mraid35x - ok
15:31:24.0906 2500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:31:25.0062 2500 MRxDAV - ok
15:31:25.0296 2500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:31:25.0437 2500 MRxSmb - ok
15:31:25.0703 2500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:31:25.0796 2500 Msfs - ok
15:31:26.0046 2500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:31:26.0125 2500 MSKSSRV - ok
15:31:26.0312 2500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:31:26.0437 2500 MSPCLOCK - ok
15:31:26.0656 2500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:31:26.0750 2500 MSPQM - ok
15:31:26.0953 2500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:31:27.0015 2500 mssmbios - ok
15:31:27.0203 2500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:31:27.0281 2500 Mup - ok
15:31:27.0546 2500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:31:27.0562 2500 NDIS - ok
15:31:27.0781 2500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:31:27.0843 2500 NdisTapi - ok
15:31:28.0046 2500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:31:28.0046 2500 Ndisuio - ok
15:31:28.0234 2500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:31:28.0296 2500 NdisWan - ok
15:31:28.0515 2500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:31:28.0578 2500 NDProxy - ok
15:31:28.0796 2500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:31:28.0859 2500 NetBIOS - ok
15:31:29.0046 2500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:31:29.0062 2500 NetBT - ok
15:31:29.0437 2500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:31:29.0515 2500 Npfs - ok
15:31:29.0796 2500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:31:29.0859 2500 Ntfs - ok
15:31:30.0093 2500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:31:30.0156 2500 Null - ok
15:31:30.0921 2500 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:31:31.0531 2500 nv - ok
15:31:31.0875 2500 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys
15:31:31.0890 2500 OlyCamComm - ok
15:31:32.0062 2500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:31:32.0125 2500 Parport - ok
15:31:32.0328 2500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:31:32.0375 2500 PartMgr - ok
15:31:32.0578 2500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:31:32.0625 2500 ParVdm - ok
15:31:32.0828 2500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:31:32.0875 2500 PCI - ok
15:31:33.0046 2500 PCIDump - ok
15:31:33.0250 2500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:31:33.0296 2500 PCIIde - ok
15:31:33.0500 2500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:31:33.0500 2500 Pcmcia - ok
15:31:33.0703 2500 PDCOMP - ok
15:31:33.0890 2500 PDFRAME - ok
15:31:34.0078 2500 PDRELI - ok
15:31:34.0265 2500 PDRFRAME - ok
15:31:34.0437 2500 perc2 - ok
15:31:34.0656 2500 perc2hib - ok
15:31:34.0984 2500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:31:35.0046 2500 PptpMiniport - ok
15:31:35.0250 2500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:31:35.0359 2500 PSched - ok
15:31:35.0531 2500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:31:35.0593 2500 Ptilink - ok
15:31:35.0765 2500 ql1080 - ok
15:31:35.0937 2500 Ql10wnt - ok
15:31:36.0109 2500 ql12160 - ok
15:31:36.0296 2500 ql1240 - ok
15:31:36.0484 2500 ql1280 - ok
15:31:36.0687 2500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:31:36.0734 2500 RasAcd - ok
15:31:36.0937 2500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:31:37.0000 2500 Rasl2tp - ok
15:31:37.0234 2500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:31:37.0296 2500 RasPppoe - ok
15:31:37.0468 2500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:31:37.0531 2500 Raspti - ok
15:31:37.0734 2500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:31:37.0921 2500 Rdbss - ok
15:31:38.0109 2500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:31:38.0156 2500 RDPCDD - ok
15:31:38.0359 2500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:31:38.0421 2500 rdpdr - ok
15:31:38.0656 2500 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:31:38.0718 2500 RDPWD - ok
15:31:38.0937 2500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:31:39.0000 2500 redbook - ok
15:31:39.0281 2500 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
15:31:39.0281 2500 RTL8023xp - ok
15:31:39.0359 2500 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:31:39.0421 2500 SASDIFSV - ok
15:31:39.0468 2500 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:31:39.0468 2500 SASKUTIL - ok
15:31:39.0671 2500 SBRE - ok
15:31:39.0906 2500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:31:39.0921 2500 Secdrv - ok
15:31:40.0140 2500 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
15:31:40.0140 2500 SenFiltService - ok
15:31:40.0343 2500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:31:40.0406 2500 serenum - ok
15:31:40.0593 2500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:31:40.0609 2500 Serial - ok
15:31:40.0859 2500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:31:40.0921 2500 Sfloppy - ok
15:31:41.0140 2500 Simbad - ok
15:31:41.0328 2500 Sparrow - ok
15:31:41.0531 2500 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
15:31:41.0531 2500 speedfan - ok
15:31:41.0750 2500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:31:41.0796 2500 splitter - ok
15:31:42.0031 2500 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:31:42.0078 2500 Sr - ok
15:31:42.0312 2500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:31:42.0328 2500 Srv - ok
15:31:42.0562 2500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:31:42.0609 2500 swenum - ok
15:31:42.0781 2500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:31:42.0890 2500 swmidi - ok
15:31:43.0093 2500 symc810 - ok
15:31:43.0265 2500 symc8xx - ok
15:31:43.0453 2500 sym_hi - ok
15:31:43.0656 2500 sym_u3 - ok
15:31:43.0859 2500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:31:43.0859 2500 sysaudio - ok
15:31:44.0125 2500 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:31:44.0171 2500 Tcpip - ok
15:31:44.0359 2500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:31:44.0359 2500 TDPIPE - ok
15:31:44.0546 2500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:31:44.0593 2500 TDTCP - ok
15:31:44.0765 2500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:31:44.0906 2500 TermDD - ok
15:31:45.0156 2500 TosIde - ok
15:31:45.0390 2500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:31:45.0437 2500 Udfs - ok
15:31:45.0609 2500 ultra - ok
15:31:45.0859 2500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:31:45.0953 2500 Update - ok
15:31:46.0187 2500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:31:46.0234 2500 usbehci - ok
15:31:46.0421 2500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:31:46.0468 2500 usbhub - ok
15:31:46.0687 2500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:31:46.0734 2500 usbprint - ok
15:31:46.0906 2500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:31:46.0921 2500 usbscan - ok
15:31:47.0093 2500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:47.0140 2500 USBSTOR - ok
15:31:47.0312 2500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:31:47.0375 2500 usbuhci - ok
15:31:47.0562 2500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:31:47.0609 2500 VgaSave - ok
15:31:47.0812 2500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:31:47.0859 2500 ViaIde - ok
15:31:48.0046 2500 ViBus (df54990c65d45358755e2f7fd3f50b02) C:\WINDOWS\system32\DRIVERS\ViBus.sys
15:31:48.0093 2500 ViBus - ok
15:31:48.0296 2500 videX32 (eefa971bf5ebbfc7d93692ec60afcb78) C:\WINDOWS\system32\DRIVERS\videX32.sys
15:31:48.0343 2500 videX32 - ok
15:31:48.0531 2500 ViPrt (884d400f106c5206602185d9b8e34fe4) C:\WINDOWS\system32\DRIVERS\ViPrt.sys
15:31:48.0578 2500 ViPrt - ok
15:31:48.0796 2500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:31:48.0843 2500 VolSnap - ok
15:31:49.0109 2500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:31:49.0156 2500 Wanarp - ok
15:31:49.0343 2500 wcafix (a8da91e562f2c09060724d9747dfd2e8) C:\WINDOWS\system32\DRIVERS\wcafix.sys
15:31:49.0390 2500 wcafix - ok
15:31:49.0609 2500 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:31:49.0656 2500 Wdf01000 - ok
15:31:49.0828 2500 WDICA - ok
15:31:50.0031 2500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:31:50.0031 2500 wdmaud - ok
15:31:50.0500 2500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:31:50.0562 2500 WS2IFSL - ok
15:31:50.0765 2500 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:31:50.0937 2500 \Device\Harddisk0\DR0 - ok
15:31:50.0968 2500 Boot (0x1200) (4b418badf56728b1684249886d7c294b) \Device\Harddisk0\DR0\Partition0
15:31:50.0968 2500 \Device\Harddisk0\DR0\Partition0 - ok
15:31:51.0031 2500 Boot (0x1200) (53185862b4a3edba84477765808d0377) \Device\Harddisk0\DR0\Partition1
15:31:51.0046 2500 \Device\Harddisk0\DR0\Partition1 - ok
15:31:51.0062 2500 ============================================================
15:31:51.0062 2500 Scan finished
15:31:51.0062 2500 ============================================================
15:31:51.0156 1984 Detected object count: 0
15:31:51.0156 1984 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 26 February 2012 - 12:19 AM

how is it going with aswMBR report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 February 2012 - 12:33 AM

I'm running it now but it seems to have stalled after finding an error (something highlighted in red).

The HDD is still making activity noise though, so I'll give it a few more minutes.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 PM

Posted 26 February 2012 - 12:42 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Showbiz

Showbiz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 February 2012 - 01:06 AM

aswMBR:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 15:35:19
-----------------------------
15:35:19.312 OS Version: Windows 5.1.2600 Service Pack 3
15:35:19.312 Number of processors: 2 586 0x304
15:35:19.312 ComputerName: SCOTT-9C24693E5 UserName: Administrator
15:35:19.593 Initialize success
15:38:12.062 AVAST engine defs: 12022502
15:38:32.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
15:38:32.546 Disk 0 Vendor: SAMSUNG_SP1604N TM100-24 Size: 152627MB BusType: 3
15:38:32.546 Disk 0 MBR read successfully
15:38:32.562 Disk 0 MBR scan
15:38:32.593 Disk 0 Windows XP default MBR code
15:38:32.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
15:38:32.609 Disk 0 Partition - 00 0F Extended LBA 132614 MB offset 40965750
15:38:32.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132614 MB offset 40965813
15:38:32.640 Disk 0 scanning sectors +312560640
15:38:32.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:38:47.546 Service scanning
15:39:11.484 Modules scanning
15:39:18.343 Disk 0 trace - called modules:
15:39:18.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
15:39:18.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89badab8]
15:39:18.406 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000071[0x89b619e8]
15:39:18.437 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x89b9ed98]
15:39:18.796 AVAST engine scan C:\WINDOWS
15:39:36.078 AVAST engine scan C:\WINDOWS\system32
15:43:45.109 AVAST engine scan C:\WINDOWS\system32\drivers
15:44:06.421 AVAST engine scan C:\Documents and Settings\Administrator
15:44:27.671 File: C:\Documents and Settings\Administrator\Application Data\Dropbox\{D0435657-8B23-43B7-A85B-4A475108E52F}\Upgrade.exe **INFECTED** Win32:Kryptik-HMI [Trj]
16:22:49.734 AVAST engine scan C:\Documents and Settings\All Users
16:33:40.953 Scan finished successfully
16:35:06.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:35:06.421 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users