Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP runs decent, then slow (DDS scan included)


  • This topic is locked This topic is locked
12 replies to this topic

#1 derikwayne

derikwayne

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 March 2012 - 01:45 AM

First, let me say your site and forums are great! Through Google and a friend who pointed me in your direction, I've been able to fix a lot of things for multiple computers. Thanks! :)

My XP Home Edition pc has been acting up for about a month. It all started when it acted like something had hijacked firefox and other web browsers. I.e., when searching in Google, the search result would send me somewhere totally different than the link provided. I first ran Malwarebytes and it didn't find anything. Then I ran CC Cleaner and it found things in the registry but afterwords, nothing worked right at all. I had to do a system restore then ran combofix TWICE and it helped some, in fact, a lot.

However, it still acts like something is wrong. It'll run pretty decent for a while, then it'll act bogged down, then back to running decent, then slow again. You get the idea. I browsed your forum and read where you wanted a DDS scan, so I provided you that info.

I bought this pc in late 2006 and I've NEVER had issues with it until recently. It has actually been the best home pc I've ever owned. Even with it having issues, she still fights and will eventually get the job done. But she's sick. Any help would be greatly appreciated.


Here's the DDS info:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Derik Hancock at 1:03:36 on 2012-03-12
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO}
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7BB3043E-E9F0-4502-84E7-955678787A94} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\derik hancock\application data\mozilla\firefox\profiles\hp7shqml.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://owensbororadio.brinkster.net/
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-11 20:57:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-11 20:57:36 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-11 20:47:45 -------- d-----w- c:\windows\pss
2012-03-11 18:33:18 2568 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-08 06:15:50 -------- d-----w- c:\program files\CCleaner
2012-03-03 02:37:45 -------- dc----w- C:\ComboFix
2012-02-27 06:23:52 49152 ----a-w- c:\windows\system32\ChCfg.exe
2012-02-27 06:22:46 -------- d-----w- c:\program files\Realtek
2012-02-27 06:22:42 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-02-27 06:22:42 315392 ----a-w- c:\windows\HideWin.exe
2012-02-27 06:22:40 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-02-27 06:22:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-02-27 06:22:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-02-27 06:22:40 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-02-27 06:22:40 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-02-27 06:22:38 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-02-27 06:22:37 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2012-02-25 06:31:01 -------- dcsha-r- C:\cmdcons
2012-02-25 06:25:25 256000 ----a-w- c:\windows\PEV.exe
2012-02-25 06:25:25 208896 ----a-w- c:\windows\MBR.exe
2012-02-25 06:25:24 98816 ----a-w- c:\windows\sed.exe
2012-02-25 06:25:24 518144 ----a-w- c:\windows\SWREG.exe
2012-02-24 06:13:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-24 06:13:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-24 06:03:44 -------- d-----w- c:\documents and settings\derik hancock\application data\Blitware
2012-02-24 06:03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 06:03:05 -------- d-----w- c:\program files\ToshiSoftware
2012-02-23 06:57:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-02-23 06:08:32 -------- d-----w- c:\documents and settings\derik hancock\application data\HpUpdate
2012-02-22 05:31:01 -------- dc----w- C:\50c6e15563fc35d36e
.
==================== Find3M ====================
.
2012-02-25 07:13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380815AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C2049F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86c27738]; MOV EAX, [0x86c278ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F64AB8]
3 CLASSPNP[0xF7633FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x86F8D1B0]
5 ACPI[0xF74CA620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F1FD98]
\Driver\atapi[0x86E63790] -> IRP_MJ_CREATE -> 0x86C2049F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86C202C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:05:11.95 ===============

Edited by hamluis, 12 March 2012 - 07:31 AM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 13 March 2012 - 06:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 derikwayne

derikwayne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 13 March 2012 - 07:41 PM

Thanks! I'm here! :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 13 March 2012 - 07:54 PM

TDL3 is being flagged so let's see an aswMBR log

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 derikwayne

derikwayne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 15 March 2012 - 12:40 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 23:28:30
-----------------------------
23:28:30.518 OS Version: Windows 5.1.2600 Service Pack 3
23:28:30.518 Number of processors: 2 586 0xF02
23:28:30.518 ComputerName: DWP UserName:
23:29:03.377 Initialize success
23:29:19.565 AVAST engine defs: 12031401
23:29:28.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:29:28.455 Disk 0 Vendor: ST380815AS 3.ADA Size: 76293MB BusType: 3
23:29:28.455 Device \Driver\atapi -> DriverStartIo 867e92c6
23:29:28.518 Disk 0 MBR read successfully
23:29:28.518 Disk 0 MBR scan
23:29:28.862 Disk 0 MBR:Pihar-C [Rtk]
23:29:28.877 Disk 0 TDL4@MBR code has been found
23:29:28.877 Disk 0 Windows XP default MBR code found via API
23:29:28.877 Disk 0 MBR hidden
23:29:28.924 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
23:29:28.940 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
23:29:28.955 Disk 0 MBR [TDL4] **ROOTKIT**
23:29:28.955 Disk 0 trace - called modules:
23:29:28.987 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867e949f]<<
23:29:28.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f64ab8]
23:29:28.987 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\00000069[0x86f8d1b0]
23:29:28.987 5 ACPI.sys[f74ca620] -> nt!IofCallDriver -> [0x86f1fd98]
23:29:28.987 \Driver\atapi[0x86e9a8d8] -> IRP_MJ_CREATE -> 0x867e949f
23:29:31.049 AVAST engine scan C:\WINDOWS
23:29:51.112 AVAST engine scan C:\WINDOWS\system32
23:34:39.127 AVAST engine scan C:\WINDOWS\system32\drivers
23:35:34.393 AVAST engine scan C:\Documents and Settings\Derik Hancock
23:36:41.737 File: C:\Documents and Settings\Derik Hancock\Application Data\Sun\Java\Deployment\cache\6.0\20\13a90e94-4ca4543a **INFECTED** Win32:Kryptik-GXM [Trj]
23:49:19.549 AVAST engine scan C:\Documents and Settings\All Users
23:50:22.424 Scan finished successfully
00:01:48.705 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derik Hancock\Desktop\MBR.dat"
00:01:48.815 The log file has been saved successfully to "C:\Documents and Settings\Derik Hancock\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 15 March 2012 - 07:15 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 derikwayne

derikwayne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 15 March 2012 - 09:33 PM

21:29:52.0783 4860 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:29:53.0127 4860 ============================================================
21:29:53.0127 4860 Current date / time: 2012/03/15 21:29:53.0127
21:29:53.0127 4860 SystemInfo:
21:29:53.0127 4860
21:29:53.0127 4860 OS Version: 5.1.2600 ServicePack: 3.0
21:29:53.0127 4860 Product type: Workstation
21:29:53.0127 4860 ComputerName: DWP
21:29:53.0127 4860 UserName: Derik Hancock
21:29:53.0127 4860 Windows directory: C:\WINDOWS
21:29:53.0127 4860 System windows directory: C:\WINDOWS
21:29:53.0127 4860 Processor architecture: Intel x86
21:29:53.0127 4860 Number of processors: 2
21:29:53.0127 4860 Page size: 0x1000
21:29:53.0127 4860 Boot type: Normal boot
21:29:53.0127 4860 ============================================================
21:29:53.0986 4860 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:29:54.0017 4860 Drive \Device\Harddisk2\DR5 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:54.0017 4860 \Device\Harddisk0\DR0:
21:29:54.0017 4860 MBR used
21:29:54.0017 4860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x94E7137
21:29:54.0017 4860 \Device\Harddisk2\DR5:
21:29:54.0017 4860 MBR used
21:29:54.0017 4860 \Device\Harddisk2\DR5\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
21:29:54.0080 4860 Initialize success
21:29:54.0080 4860 ============================================================
21:30:06.0314 6128 ============================================================
21:30:06.0314 6128 Scan started
21:30:06.0314 6128 Mode: Manual;
21:30:06.0314 6128 ============================================================
21:30:06.0736 6128 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:30:06.0736 6128 Aavmker4 - ok
21:30:06.0752 6128 Abiosdsk - ok
21:30:06.0799 6128 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:30:06.0799 6128 abp480n5 - ok
21:30:06.0845 6128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:30:06.0845 6128 ACPI - ok
21:30:06.0908 6128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:30:06.0908 6128 ACPIEC - ok
21:30:06.0955 6128 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:30:06.0955 6128 adpu160m - ok
21:30:06.0986 6128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:30:07.0002 6128 aec - ok
21:30:07.0049 6128 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:30:07.0049 6128 AFD - ok
21:30:07.0095 6128 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:30:07.0095 6128 agp440 - ok
21:30:07.0142 6128 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:30:07.0142 6128 agpCPQ - ok
21:30:07.0189 6128 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:30:07.0189 6128 Aha154x - ok
21:30:07.0220 6128 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:30:07.0236 6128 aic78u2 - ok
21:30:07.0267 6128 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:30:07.0267 6128 aic78xx - ok
21:30:07.0345 6128 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:30:07.0345 6128 AliIde - ok
21:30:07.0408 6128 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:30:07.0408 6128 alim1541 - ok
21:30:07.0439 6128 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:30:07.0455 6128 amdagp - ok
21:30:07.0486 6128 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:30:07.0486 6128 amsint - ok
21:30:07.0549 6128 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:30:07.0549 6128 asc - ok
21:30:07.0580 6128 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:30:07.0580 6128 asc3350p - ok
21:30:07.0642 6128 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:30:07.0642 6128 asc3550 - ok
21:30:07.0689 6128 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:30:07.0689 6128 aswFsBlk - ok
21:30:07.0720 6128 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
21:30:07.0720 6128 aswMon2 - ok
21:30:07.0752 6128 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
21:30:07.0752 6128 aswRdr - ok
21:30:07.0814 6128 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
21:30:07.0814 6128 aswSP - ok
21:30:07.0877 6128 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
21:30:07.0877 6128 aswTdi - ok
21:30:07.0924 6128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:30:07.0924 6128 AsyncMac - ok
21:30:07.0955 6128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:30:07.0955 6128 atapi - ok
21:30:07.0970 6128 Atdisk - ok
21:30:08.0002 6128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:30:08.0002 6128 Atmarpc - ok
21:30:08.0049 6128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:30:08.0049 6128 audstub - ok
21:30:08.0111 6128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:30:08.0111 6128 Beep - ok
21:30:08.0111 6128 BlueletAudio - ok
21:30:08.0142 6128 BlueletSCOAudio - ok
21:30:08.0158 6128 BT - ok
21:30:08.0205 6128 Btcsrusb - ok
21:30:08.0252 6128 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:30:08.0252 6128 BthEnum - ok
21:30:08.0267 6128 BTHidEnum - ok
21:30:08.0283 6128 BTHidMgr - ok
21:30:08.0330 6128 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:30:08.0330 6128 BthPan - ok
21:30:08.0408 6128 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:30:08.0439 6128 BTHPORT - ok
21:30:08.0486 6128 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:30:08.0486 6128 BTHUSB - ok
21:30:08.0533 6128 catchme - ok
21:30:08.0580 6128 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:30:08.0580 6128 cbidf - ok
21:30:08.0580 6128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:30:08.0580 6128 cbidf2k - ok
21:30:08.0642 6128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:30:08.0642 6128 CCDECODE - ok
21:30:08.0705 6128 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:30:08.0705 6128 cd20xrnt - ok
21:30:08.0752 6128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:30:08.0752 6128 Cdaudio - ok
21:30:08.0799 6128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:30:08.0799 6128 Cdfs - ok
21:30:08.0830 6128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:30:08.0830 6128 Cdrom - ok
21:30:08.0845 6128 Changer - ok
21:30:08.0892 6128 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:30:08.0892 6128 CmdIde - ok
21:30:08.0924 6128 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:30:08.0924 6128 Cpqarray - ok
21:30:08.0986 6128 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
21:30:09.0033 6128 ctac32k - ok
21:30:09.0080 6128 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
21:30:09.0080 6128 ctdvda2k - ok
21:30:09.0127 6128 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:30:09.0127 6128 ctprxy2k - ok
21:30:09.0158 6128 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:30:09.0158 6128 ctsfm2k - ok
21:30:09.0220 6128 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:30:09.0220 6128 dac2w2k - ok
21:30:09.0267 6128 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:30:09.0267 6128 dac960nt - ok
21:30:09.0330 6128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:30:09.0330 6128 Disk - ok
21:30:09.0392 6128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:30:09.0424 6128 dmboot - ok
21:30:09.0486 6128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:30:09.0486 6128 dmio - ok
21:30:09.0533 6128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:30:09.0533 6128 dmload - ok
21:30:09.0595 6128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:30:09.0595 6128 DMusic - ok
21:30:09.0658 6128 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:30:09.0658 6128 dpti2o - ok
21:30:09.0674 6128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:30:09.0674 6128 drmkaud - ok
21:30:09.0783 6128 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:30:09.0783 6128 DSproct - ok
21:30:09.0845 6128 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:30:09.0845 6128 dsunidrv - ok
21:30:09.0877 6128 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:30:09.0877 6128 E100B - ok
21:30:09.0924 6128 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:30:09.0924 6128 e1express - ok
21:30:10.0064 6128 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:30:10.0064 6128 eeCtrl - ok
21:30:10.0142 6128 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
21:30:10.0142 6128 emupia - ok
21:30:10.0189 6128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:30:10.0189 6128 Fastfat - ok
21:30:10.0267 6128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:30:10.0267 6128 Fdc - ok
21:30:10.0299 6128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:30:10.0314 6128 Fips - ok
21:30:10.0361 6128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:30:10.0361 6128 Flpydisk - ok
21:30:10.0439 6128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:30:10.0439 6128 FltMgr - ok
21:30:10.0502 6128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:30:10.0502 6128 Fs_Rec - ok
21:30:10.0533 6128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:30:10.0549 6128 Ftdisk - ok
21:30:10.0564 6128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:30:10.0580 6128 Gpc - ok
21:30:10.0642 6128 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
21:30:10.0689 6128 ha10kx2k - ok
21:30:10.0752 6128 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
21:30:10.0752 6128 hap16v2k - ok
21:30:10.0799 6128 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:30:10.0799 6128 HDAudBus - ok
21:30:10.0861 6128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:30:10.0861 6128 HidUsb - ok
21:30:10.0908 6128 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:30:10.0908 6128 hpn - ok
21:30:10.0970 6128 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:30:10.0970 6128 HPZid412 - ok
21:30:10.0970 6128 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:30:10.0986 6128 HPZipr12 - ok
21:30:11.0017 6128 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:30:11.0017 6128 HPZius12 - ok
21:30:11.0080 6128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:30:11.0080 6128 HTTP - ok
21:30:11.0142 6128 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:30:11.0142 6128 i2omgmt - ok
21:30:11.0189 6128 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:30:11.0189 6128 i2omp - ok
21:30:11.0205 6128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:30:11.0205 6128 i8042prt - ok
21:30:11.0361 6128 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:30:11.0486 6128 ialm - ok
21:30:11.0517 6128 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
21:30:11.0517 6128 iaStor - ok
21:30:11.0564 6128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:30:11.0564 6128 Imapi - ok
21:30:11.0611 6128 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:30:11.0611 6128 ini910u - ok
21:30:11.0892 6128 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:30:12.0142 6128 IntcAzAudAddService - ok
21:30:12.0267 6128 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:30:12.0267 6128 IntelIde - ok
21:30:12.0345 6128 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:30:12.0345 6128 intelppm - ok
21:30:12.0377 6128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:30:12.0377 6128 Ip6Fw - ok
21:30:12.0533 6128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:30:12.0533 6128 IpFilterDriver - ok
21:30:12.0580 6128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:30:12.0580 6128 IpInIp - ok
21:30:12.0642 6128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:30:12.0658 6128 IpNat - ok
21:30:12.0689 6128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:30:12.0689 6128 IPSec - ok
21:30:12.0736 6128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:30:12.0736 6128 IRENUM - ok
21:30:12.0783 6128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:30:12.0783 6128 isapnp - ok
21:30:12.0830 6128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:30:12.0830 6128 Kbdclass - ok
21:30:12.0877 6128 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:30:12.0877 6128 kbdhid - ok
21:30:12.0892 6128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:30:12.0908 6128 kmixer - ok
21:30:12.0970 6128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:30:12.0970 6128 KSecDD - ok
21:30:12.0986 6128 lbrtfdc - ok
21:30:13.0033 6128 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
21:30:13.0033 6128 MASPINT - ok
21:30:13.0080 6128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:30:13.0080 6128 mnmdd - ok
21:30:13.0127 6128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:30:13.0127 6128 Modem - ok
21:30:13.0158 6128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:30:13.0174 6128 Mouclass - ok
21:30:13.0205 6128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:30:13.0205 6128 mouhid - ok
21:30:13.0267 6128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:30:13.0267 6128 MountMgr - ok
21:30:13.0299 6128 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:30:13.0299 6128 mraid35x - ok
21:30:13.0314 6128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:30:13.0314 6128 MRxDAV - ok
21:30:13.0392 6128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:30:13.0392 6128 MRxSmb - ok
21:30:13.0408 6128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:30:13.0408 6128 Msfs - ok
21:30:13.0439 6128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:30:13.0439 6128 MSKSSRV - ok
21:30:13.0470 6128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:30:13.0470 6128 MSPCLOCK - ok
21:30:13.0517 6128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:30:13.0517 6128 MSPQM - ok
21:30:13.0580 6128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:30:13.0580 6128 mssmbios - ok
21:30:13.0658 6128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:30:13.0658 6128 MSTEE - ok
21:30:13.0720 6128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:30:13.0720 6128 Mup - ok
21:30:13.0767 6128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:30:13.0767 6128 NABTSFEC - ok
21:30:13.0830 6128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:30:13.0830 6128 NDIS - ok
21:30:13.0861 6128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:30:13.0861 6128 NdisIP - ok
21:30:13.0908 6128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:30:13.0924 6128 NdisTapi - ok
21:30:13.0970 6128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:30:13.0986 6128 Ndisuio - ok
21:30:13.0986 6128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:30:13.0986 6128 NdisWan - ok
21:30:14.0033 6128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:30:14.0033 6128 NDProxy - ok
21:30:14.0064 6128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:30:14.0064 6128 NetBIOS - ok
21:30:14.0111 6128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:30:14.0127 6128 NetBT - ok
21:30:14.0142 6128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:30:14.0142 6128 Npfs - ok
21:30:14.0189 6128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:30:14.0189 6128 Ntfs - ok
21:30:14.0220 6128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:30:14.0220 6128 Null - ok
21:30:14.0314 6128 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:30:14.0361 6128 nv - ok
21:30:14.0392 6128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:30:14.0392 6128 NwlnkFlt - ok
21:30:14.0408 6128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:30:14.0408 6128 NwlnkFwd - ok
21:30:14.0470 6128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:30:14.0470 6128 Parport - ok
21:30:14.0502 6128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:30:14.0502 6128 PartMgr - ok
21:30:14.0549 6128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:30:14.0549 6128 ParVdm - ok
21:30:14.0627 6128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:30:14.0627 6128 PCI - ok
21:30:14.0642 6128 PCIDump - ok
21:30:14.0720 6128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:30:14.0720 6128 PCIIde - ok
21:30:14.0767 6128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:30:14.0767 6128 Pcmcia - ok
21:30:14.0799 6128 PDCOMP - ok
21:30:14.0830 6128 PDFRAME - ok
21:30:14.0830 6128 PDRELI - ok
21:30:14.0845 6128 PDRFRAME - ok
21:30:14.0877 6128 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:30:14.0892 6128 perc2 - ok
21:30:14.0924 6128 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:30:14.0924 6128 perc2hib - ok
21:30:14.0986 6128 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
21:30:14.0986 6128 Point32 - ok
21:30:15.0049 6128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:30:15.0049 6128 PptpMiniport - ok
21:30:15.0064 6128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:30:15.0064 6128 PSched - ok
21:30:15.0080 6128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:30:15.0095 6128 Ptilink - ok
21:30:15.0142 6128 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:30:15.0142 6128 PxHelp20 - ok
21:30:15.0220 6128 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:30:15.0220 6128 ql1080 - ok
21:30:15.0220 6128 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:30:15.0220 6128 Ql10wnt - ok
21:30:15.0267 6128 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:30:15.0267 6128 ql12160 - ok
21:30:15.0283 6128 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:30:15.0283 6128 ql1240 - ok
21:30:15.0299 6128 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:30:15.0299 6128 ql1280 - ok
21:30:15.0330 6128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:30:15.0345 6128 RasAcd - ok
21:30:15.0392 6128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:30:15.0392 6128 Rasl2tp - ok
21:30:15.0424 6128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:30:15.0424 6128 RasPppoe - ok
21:30:15.0439 6128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:30:15.0439 6128 Raspti - ok
21:30:15.0502 6128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:30:15.0502 6128 Rdbss - ok
21:30:15.0564 6128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:30:15.0564 6128 RDPCDD - ok
21:30:15.0627 6128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:30:15.0627 6128 rdpdr - ok
21:30:15.0689 6128 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:30:15.0689 6128 RDPWD - ok
21:30:15.0720 6128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:30:15.0720 6128 redbook - ok
21:30:15.0767 6128 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:30:15.0767 6128 RFCOMM - ok
21:30:15.0799 6128 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:30:15.0814 6128 ROOTMODEM - ok
21:30:15.0861 6128 SDDMI2 - ok
21:30:15.0908 6128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:30:15.0908 6128 Secdrv - ok
21:30:15.0986 6128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:30:15.0986 6128 serenum - ok
21:30:16.0017 6128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:30:16.0017 6128 Serial - ok
21:30:16.0049 6128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:30:16.0049 6128 Sfloppy - ok
21:30:16.0064 6128 Simbad - ok
21:30:16.0127 6128 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:30:16.0127 6128 sisagp - ok
21:30:16.0189 6128 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:30:16.0189 6128 SLIP - ok
21:30:16.0252 6128 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:30:16.0252 6128 Sparrow - ok
21:30:16.0299 6128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:30:16.0299 6128 splitter - ok
21:30:16.0377 6128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:30:16.0377 6128 sr - ok
21:30:16.0408 6128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:30:16.0424 6128 Srv - ok
21:30:16.0470 6128 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:30:16.0470 6128 streamip - ok
21:30:16.0533 6128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:30:16.0533 6128 swenum - ok
21:30:16.0564 6128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:30:16.0564 6128 swmidi - ok
21:30:16.0611 6128 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:30:16.0611 6128 symc810 - ok
21:30:16.0705 6128 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:30:16.0705 6128 symc8xx - ok
21:30:16.0783 6128 SYMIDSCO - ok
21:30:16.0830 6128 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:30:16.0830 6128 sym_hi - ok
21:30:16.0845 6128 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:30:16.0845 6128 sym_u3 - ok
21:30:16.0908 6128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:30:16.0908 6128 sysaudio - ok
21:30:16.0939 6128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:30:16.0955 6128 Tcpip - ok
21:30:16.0970 6128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:30:16.0970 6128 TDPIPE - ok
21:30:17.0002 6128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:30:17.0002 6128 TDTCP - ok
21:30:17.0033 6128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:30:17.0033 6128 TermDD - ok
21:30:17.0080 6128 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:30:17.0080 6128 TosIde - ok
21:30:17.0127 6128 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
21:30:17.0142 6128 TPkd - ok
21:30:17.0220 6128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:30:17.0220 6128 Udfs - ok
21:30:17.0283 6128 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:30:17.0283 6128 ultra - ok
21:30:17.0345 6128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:30:17.0345 6128 Update - ok
21:30:17.0424 6128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:30:17.0424 6128 usbccgp - ok
21:30:17.0455 6128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:30:17.0455 6128 usbehci - ok
21:30:17.0517 6128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:30:17.0517 6128 usbhub - ok
21:30:17.0549 6128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:30:17.0549 6128 usbprint - ok
21:30:17.0595 6128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:30:17.0595 6128 usbscan - ok
21:30:17.0611 6128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:30:17.0611 6128 USBSTOR - ok
21:30:17.0658 6128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:30:17.0674 6128 usbuhci - ok
21:30:17.0736 6128 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:30:17.0736 6128 usbvideo - ok
21:30:17.0736 6128 VComm - ok
21:30:17.0783 6128 VcommMgr - ok
21:30:17.0799 6128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:30:17.0799 6128 VgaSave - ok
21:30:17.0845 6128 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:30:17.0845 6128 viaagp - ok
21:30:17.0908 6128 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:30:17.0908 6128 ViaIde - ok
21:30:17.0924 6128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:30:17.0924 6128 VolSnap - ok
21:30:17.0970 6128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:30:17.0970 6128 Wanarp - ok
21:30:17.0970 6128 WDICA - ok
21:30:18.0017 6128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:30:18.0017 6128 wdmaud - ok
21:30:18.0095 6128 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:30:18.0111 6128 WpdUsb - ok
21:30:18.0174 6128 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:30:18.0189 6128 WS2IFSL - ok
21:30:18.0236 6128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:30:18.0236 6128 WSTCODEC - ok
21:30:18.0299 6128 wsvad_driver (9d76b1d030d2af9ffbcfbb445c155663) C:\WINDOWS\system32\drivers\VirtualAudio.sys
21:30:18.0299 6128 wsvad_driver - ok
21:30:18.0361 6128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:30:18.0361 6128 WudfPf - ok
21:30:18.0408 6128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:30:18.0408 6128 WudfRd - ok
21:30:18.0470 6128 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
21:30:18.0486 6128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:30:18.0486 6128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:30:18.0502 6128 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
21:30:18.0502 6128 \Device\Harddisk2\DR5 - ok
21:30:18.0533 6128 Boot (0x1200) (b1807352a67803b2e4fc7e9b2a043d27) \Device\Harddisk0\DR0\Partition0
21:30:18.0533 6128 \Device\Harddisk0\DR0\Partition0 - ok
21:30:18.0533 6128 Boot (0x1200) (695d393a0013510f471d3f021b7dd4f2) \Device\Harddisk2\DR5\Partition0
21:30:18.0533 6128 \Device\Harddisk2\DR5\Partition0 - ok
21:30:18.0533 6128 ============================================================
21:30:18.0533 6128 Scan finished
21:30:18.0533 6128 ============================================================
21:30:18.0549 5092 Detected object count: 1
21:30:18.0549 5092 Actual detected object count: 1
21:30:59.0002 5092 \Device\Harddisk0\DR0\# - copied to quarantine
21:30:59.0002 5092 \Device\Harddisk0\DR0 - copied to quarantine
21:30:59.0049 5092 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:30:59.0080 5092 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:30:59.0080 5092 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:30:59.0095 5092 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:30:59.0095 5092 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:30:59.0095 5092 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:30:59.0111 5092 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:30:59.0111 5092 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:30:59.0111 5092 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:30:59.0142 5092 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:30:59.0174 5092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:30:59.0189 5092 \Device\Harddisk0\DR0 - ok
21:31:09.0502 5092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:32:12.0314 5492 Deinitialize success

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 16 March 2012 - 08:04 PM

The rootkit has been cured. We need to check for other malware now

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then an online scan with ESET


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 21 March 2012 - 06:43 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 derikwayne

derikwayne
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 22 March 2012 - 12:57 PM

I apologize for the delay. I work two jobs and have been sick. Not making excuses, just been really busy. The pc seems to have been fixed. I didn't realize you couldn't help others while this forum was open. Close it and if something comes up, I'll PM you!

BTW, your site asks for donations. How do I go about doing that?? :)

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 22 March 2012 - 05:58 PM

I have PMd you.

Please run the two scans above so we can make sure you're clean now.
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 27 March 2012 - 08:20 PM

Are you still there?
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 AM

Posted 28 March 2012 - 06:28 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users