Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Rootkit.Boot.STT.a


  • This topic is locked This topic is locked
3 replies to this topic

#1 dittohead

dittohead

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 06 August 2012 - 11:41 AM

Hi!

A couple of weeks ago I apparently got this virus. First there appeared a fake malware detection soft and then some icons disappeared from the desktop and start menu (I use Windows XP sp3). I got rid of the malware soft but my computer started to act slow and strangely. It wouldn't let me take out usb-drives claiming that there's some program using it, Firefox redirected me to some advertisement sites and blue screen appeared from time to time.

Then one day I started my computer and it stopped before going to Windows and claimed that it wouldn't find c:\windows\system32\hal.dll. I took the drive out and put it on this USB docking station and explored it on another computer. Everything looked fine except I couldn't access \system32 folder. Then I did chkdsk to the drive and it found these orphan files and they are now back on the folder. I checked the drive with Avira and found some virus detections that it cured. But when connecting the drive to this other computer Avira still shows that there's Boot sector virus on drive C.

Yesterday I checked the drive with TDSSkiller and it found Rootkit.Boot.STT.a from the drive. But next it asks this "Can't cure MBR. Write standard boot mode?" I don't know if I should allow it because my XP was installed with custom made CD. My question is could it do some damage to the drive and partitions if I answer yes? I have C, D, E, & F drives and there's a lot of stuff that I need to save. Can I copy them safely to another hard disk even there's the virus?



DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by JaniK at 19:22:43 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.1023.446 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\JaniK\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\janik\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [3cJkLFZH6M3bEp] c:\documents and settings\all users\application data\3cJkLFZH6M3bEp.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO}
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sdlLpYONPlylP.exe] c:\documents and settings\all users\application data\sdlLpYONPlylP.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\janik\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\janik\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
IE: Lähetä &Bluetooth-laitteeseen... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Lähetä Bluetooth-laitteeseen - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{63596645-345A-4FD7-B0A4-765C83DAC70A} : DhcpNameServer = 192.168.100.1
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\janik\application data\mozilla\firefox\profiles\y27cdlro.default\
FF - prefs.js: browser.startup.homepage - hxxp://muusikoiden.net
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\janik\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-1-25 75904]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-5 11608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-5-5 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-5 66616]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-26 21992]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-5-5 65576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2012-1-5 152576]
S4 Cdisamacr;Cdisamacr;c:\windows\system32\drivers\raspptp.sys [2008-4-14 48384]
.
=============== Created Last 30 ================
.
2012-08-04 18:49:39 2136664 ----a-w- C:\joojoo.exe
2012-07-27 05:17:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-27 05:17:14 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-24 16:28:26 -------- d-----w- c:\program files\GridinSoft Trojan Killer
.
==================== Find3M ====================
.
2012-06-13 13:29:09 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 14:24:16 8463872 ----a-w- c:\windows\system32\SET4D.tmp
2012-06-05 15:48:30 1447936 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:48:30 1172480 ----a-w- c:\windows\system32\SET42.tmp
2012-06-05 15:48:30 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:31:23 153088 ----a-w- c:\windows\system32\SET47.tmp
2012-06-04 04:31:23 153088 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 12:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 12:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 12:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 12:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 12:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 12:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 12:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 12:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27:44 1872128 ------w- c:\windows\system32\_000005_.tmp.dll
.
============= FINISH: 19:29:41,10 ===============



TDDSKiller log


22:02:40.0921 3172 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:02:42.0375 3172 ============================================================
22:02:42.0375 3172 Current date / time: 2012/08/04 22:02:42.0375
22:02:42.0375 3172 SystemInfo:
22:02:42.0375 3172
22:02:42.0375 3172 OS Version: 5.1.2600 ServicePack: 3.0
22:02:42.0375 3172 Product type: Workstation
22:02:42.0375 3172 ComputerName: ELIISA
22:02:42.0375 3172 UserName: Eliisa Keskitalo
22:02:42.0375 3172 Windows directory: C:\WINDOWS
22:02:42.0375 3172 System windows directory: C:\WINDOWS
22:02:42.0375 3172 Processor architecture: Intel x86
22:02:42.0375 3172 Number of processors: 1
22:02:42.0375 3172 Page size: 0x1000
22:02:42.0375 3172 Boot type: Normal boot
22:02:42.0375 3172 ============================================================
22:02:43.0468 3172 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:02:43.0468 3172 Drive \Device\Harddisk2\DR15 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:02:43.0468 3172 ============================================================
22:02:43.0468 3172 \Device\Harddisk0\DR0:
22:02:43.0468 3172 MBR partitions:
22:02:43.0468 3172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
22:02:43.0500 3172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0xA15BBE5
22:02:43.0500 3172 \Device\Harddisk2\DR15:
22:02:43.0500 3172 MBR partitions:
22:02:43.0500 3172 \Device\Harddisk2\DR15\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:02:43.0500 3172 \Device\Harddisk2\DR15\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x30D409F1
22:02:43.0500 3172 \Device\Harddisk2\DR15\Partition2: MBR, Type 0x7, StartLBA 0x3D08FCBD, BlocksNum 0x30D409F1
22:02:43.0500 3172 \Device\Harddisk2\DR15\Partition3: MBR, Type 0x7, StartLBA 0x6DDD06AE, BlocksNum 0x40CB6093
22:02:43.0500 3172 ============================================================
22:02:43.0625 3172 C: <-> \Device\Harddisk0\DR0\Partition0
22:02:43.0671 3172 E: <-> \Device\Harddisk0\DR0\Partition1
22:02:43.0703 3172 I: <-> \Device\Harddisk2\DR15\Partition1
22:02:43.0750 3172 J: <-> \Device\Harddisk2\DR15\Partition2
22:02:43.0796 3172 K: <-> \Device\Harddisk2\DR15\Partition3
22:02:43.0843 3172 F: <-> \Device\Harddisk2\DR15\Partition0
22:02:43.0843 3172 ============================================================
22:02:43.0843 3172 Initialize success
22:02:43.0843 3172 ============================================================
22:03:15.0140 3308 ============================================================
22:03:15.0140 3308 Scan started
22:03:15.0140 3308 Mode: Manual;
22:03:15.0140 3308 ============================================================
22:03:15.0390 3308 Abiosdsk - ok
22:03:15.0406 3308 abp480n5 - ok
22:03:15.0421 3308 Abpwcb8 - ok
22:03:15.0484 3308 ACPI (86eba3468d103fc807adcf6ae577f203) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:15.0484 3308 ACPI - ok
22:03:15.0531 3308 ACPIEC (9322a12c6362fd4ce1f6adca40edeced) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:03:15.0531 3308 ACPIEC - ok
22:03:15.0609 3308 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
22:03:15.0609 3308 Adobe LM Service - ok
22:03:15.0625 3308 adpu160m - ok
22:03:15.0671 3308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:03:15.0687 3308 aec - ok
22:03:15.0734 3308 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:03:15.0734 3308 AegisP - ok
22:03:15.0812 3308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:03:15.0812 3308 AFD - ok
22:03:15.0828 3308 Aha154x - ok
22:03:15.0859 3308 aic78u2 - ok
22:03:15.0875 3308 aic78xx - ok
22:03:15.0906 3308 Alerter (482b55310be9722d99e88fff91248523) C:\WINDOWS\system32\alrsvc.dll
22:03:15.0906 3308 Alerter - ok
22:03:15.0937 3308 ALG (00fcc4ad2249070ca8f918823c69b060) C:\WINDOWS\System32\alg.exe
22:03:15.0937 3308 ALG - ok
22:03:15.0953 3308 AliIde - ok
22:03:15.0984 3308 AmdK8 (eb7523a375aafa7d11cc575c0e09c892) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:03:16.0000 3308 AmdK8 - ok
22:03:16.0000 3308 amsint - ok
22:03:16.0078 3308 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:03:16.0078 3308 AntiVirSchedulerService - ok
22:03:16.0109 3308 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:03:16.0125 3308 AntiVirService - ok
22:03:16.0140 3308 AppMgmt - ok
22:03:16.0187 3308 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:03:16.0187 3308 Arp1394 - ok
22:03:16.0187 3308 asc - ok
22:03:16.0203 3308 asc3350p - ok
22:03:16.0218 3308 asc3550 - ok
22:03:16.0375 3308 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:03:16.0375 3308 aspnet_state - ok
22:03:16.0406 3308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:16.0406 3308 AsyncMac - ok
22:03:16.0453 3308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:16.0453 3308 atapi - ok
22:03:16.0453 3308 Atdisk - ok
22:03:16.0515 3308 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe
22:03:16.0515 3308 Ati HotKey Poller - ok
22:03:16.0593 3308 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:03:16.0609 3308 ati2mtag - ok
22:03:16.0640 3308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:16.0640 3308 Atmarpc - ok
22:03:16.0687 3308 AudioSrv (773f6cc8bc64aa5c021d7aeef77714d4) C:\WINDOWS\System32\audiosrv.dll
22:03:16.0687 3308 AudioSrv - ok
22:03:16.0718 3308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:16.0718 3308 audstub - ok
22:03:16.0812 3308 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:03:16.0812 3308 avgio - ok
22:03:16.0859 3308 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:03:16.0859 3308 avgntflt - ok
22:03:16.0906 3308 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:03:16.0906 3308 avipbb - ok
22:03:16.0968 3308 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:03:16.0968 3308 BCM43XX - ok
22:03:17.0109 3308 BecHelperService (bedfbd46b6d892411a5e5e71bde255f0) C:\Program Files\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe
22:03:17.0125 3308 BecHelperService - ok
22:03:17.0234 3308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:03:17.0234 3308 Beep - ok
22:03:17.0265 3308 BITS (5a802b9737c80cc3a544eeed851969f4) C:\WINDOWS\system32\qmgr.dll
22:03:17.0281 3308 BITS - ok
22:03:17.0312 3308 Browser (b06dccbe100fa4256f5a9b487794cc98) C:\WINDOWS\System32\browser.dll
22:03:17.0312 3308 Browser - ok
22:03:17.0343 3308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:17.0343 3308 cbidf2k - ok
22:03:17.0421 3308 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
22:03:17.0437 3308 CCALib8 - ok
22:03:17.0437 3308 cd20xrnt - ok
22:03:17.0484 3308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:17.0484 3308 Cdaudio - ok
22:03:17.0515 3308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:17.0515 3308 Cdfs - ok
22:03:17.0546 3308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:17.0546 3308 Cdrom - ok
22:03:17.0562 3308 Changer - ok
22:03:17.0593 3308 CiSvc (6b884a843a93b682791c8f6e4af76dbb) C:\WINDOWS\system32\cisvc.exe
22:03:17.0593 3308 CiSvc - ok
22:03:17.0640 3308 ClipSrv (910b00ed18d03bb9a22ebca0894f718f) C:\WINDOWS\system32\clipsrv.exe
22:03:17.0640 3308 ClipSrv - ok
22:03:17.0781 3308 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:17.0781 3308 clr_optimization_v2.0.50727_32 - ok
22:03:17.0843 3308 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:03:17.0843 3308 CmBatt - ok
22:03:17.0859 3308 CmdIde - ok
22:03:17.0875 3308 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:03:17.0875 3308 Compbatt - ok
22:03:17.0890 3308 COMSysApp - ok
22:03:17.0906 3308 Cpqarray - ok
22:03:17.0953 3308 CryptSvc (02899ae0c5fe9d939db291b671af8c66) C:\WINDOWS\System32\cryptsvc.dll
22:03:17.0953 3308 CryptSvc - ok
22:03:17.0953 3308 dac2w2k - ok
22:03:17.0968 3308 dac960nt - ok
22:03:18.0031 3308 DcomLaunch (860042ed536d48f0640794b0eef568d5) C:\WINDOWS\system32\rpcss.dll
22:03:18.0031 3308 DcomLaunch - ok
22:03:18.0078 3308 Dhcp (59ab9871d2f6f67636e56fa0bc37fa4f) C:\WINDOWS\System32\dhcpcsvc.dll
22:03:18.0078 3308 Dhcp - ok
22:03:18.0109 3308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:18.0109 3308 Disk - ok
22:03:18.0109 3308 dmadmin - ok
22:03:18.0187 3308 dmboot (a94bf38d74a8b8cdc4609c5b5546c9a1) C:\WINDOWS\system32\drivers\dmboot.sys
22:03:18.0187 3308 dmboot - ok
22:03:18.0218 3308 dmio (dc6e20600717b7be7709f6bbeb5f1e35) C:\WINDOWS\system32\drivers\dmio.sys
22:03:18.0218 3308 dmio - ok
22:03:18.0265 3308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:03:18.0265 3308 dmload - ok
22:03:18.0296 3308 dmserver (2c468c0766d34355328d9fcb36df68fa) C:\WINDOWS\System32\dmserver.dll
22:03:18.0312 3308 dmserver - ok
22:03:18.0328 3308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:03:18.0328 3308 DMusic - ok
22:03:18.0375 3308 Dnscache (459aff2265ed0adb7e38e1eb1f77d2f3) C:\WINDOWS\System32\dnsrslvr.dll
22:03:18.0375 3308 Dnscache - ok
22:03:18.0421 3308 Dot3svc (b7180823b9b57da7ccd10570057c9685) C:\WINDOWS\System32\dot3svc.dll
22:03:18.0421 3308 Dot3svc - ok
22:03:18.0437 3308 dpti2o - ok
22:03:18.0484 3308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:18.0484 3308 drmkaud - ok
22:03:18.0531 3308 EapHost (7c7a417d9f864af961708fd9da8445f7) C:\WINDOWS\System32\eapsvc.dll
22:03:18.0531 3308 EapHost - ok
22:03:18.0578 3308 ERSvc (5df0504405ba77d012dc5c2ab1878479) C:\WINDOWS\System32\ersvc.dll
22:03:18.0578 3308 ERSvc - ok
22:03:18.0625 3308 Eventlog (be4ca1a36621248590e80713cfdf20d2) C:\WINDOWS\system32\services.exe
22:03:18.0625 3308 Eventlog - ok
22:03:18.0671 3308 EventSystem (635d2c98aab9098c9d5c397ada205f3a) C:\WINDOWS\system32\es.dll
22:03:18.0671 3308 EventSystem - ok
22:03:18.0718 3308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:18.0718 3308 Fastfat - ok
22:03:18.0781 3308 FastUserSwitchingCompatibility (fd3f6ba52ecd1a7d80843480ed71e9de) C:\WINDOWS\System32\shsvcs.dll
22:03:18.0781 3308 FastUserSwitchingCompatibility - ok
22:03:18.0828 3308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:03:18.0828 3308 Fdc - ok
22:03:18.0843 3308 Fips (fbafbfbacc14405393edbaa5ac3a41eb) C:\WINDOWS\system32\drivers\Fips.sys
22:03:18.0843 3308 Fips - ok
22:03:18.0875 3308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:03:18.0875 3308 Flpydisk - ok
22:03:18.0906 3308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:18.0906 3308 FltMgr - ok
22:03:19.0000 3308 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:03:19.0000 3308 FontCache3.0.0.0 - ok
22:03:19.0031 3308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:19.0031 3308 Fs_Rec - ok
22:03:19.0062 3308 Ftdisk (30e0982506281508703c99115cee520c) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:19.0062 3308 Ftdisk - ok
22:03:19.0109 3308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:19.0109 3308 Gpc - ok
22:03:19.0156 3308 helpsvc (7c0a3cb86419c28292b4b4933e4819d4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:03:19.0156 3308 helpsvc - ok
22:03:19.0203 3308 HidServ (e9082b31074543e8909a92848ffbb7d4) C:\WINDOWS\System32\hidserv.dll
22:03:19.0203 3308 HidServ - ok
22:03:19.0218 3308 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:19.0218 3308 hidusb - ok
22:03:19.0265 3308 hkmsvc (0380917e42aa0811b134132f4791d6de) C:\WINDOWS\System32\kmsvc.dll
22:03:19.0265 3308 hkmsvc - ok
22:03:19.0281 3308 hpn - ok
22:03:19.0328 3308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:19.0328 3308 HTTP - ok
22:03:19.0359 3308 HTTPFilter (e44f329137cf7f4355851ee11045bb27) C:\WINDOWS\System32\w3ssl.dll
22:03:19.0375 3308 HTTPFilter - ok
22:03:19.0375 3308 i2omgmt - ok
22:03:19.0390 3308 i2omp - ok
22:03:19.0406 3308 i8042prt (328779b03d621cd6d0c13a2dde5477f5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:19.0406 3308 i8042prt - ok
22:03:19.0500 3308 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:03:19.0500 3308 idsvc - ok
22:03:19.0531 3308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:19.0531 3308 Imapi - ok
22:03:19.0578 3308 ImapiService (29b22797c568e739718ca8ac06b0b8ff) C:\WINDOWS\system32\imapi.exe
22:03:19.0578 3308 ImapiService - ok
22:03:19.0609 3308 ini910u - ok
22:03:19.0625 3308 IntelIde - ok
22:03:19.0656 3308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:19.0656 3308 Ip6Fw - ok
22:03:19.0687 3308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:19.0687 3308 IpFilterDriver - ok
22:03:19.0718 3308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:19.0718 3308 IpInIp - ok
22:03:19.0734 3308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:19.0750 3308 IpNat - ok
22:03:19.0781 3308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:19.0781 3308 IPSec - ok
22:03:19.0812 3308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:19.0812 3308 IRENUM - ok
22:03:19.0843 3308 isapnp (48c2901a6a32e30fadf1d883b2969cf1) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:19.0843 3308 isapnp - ok
22:03:20.0000 3308 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
22:03:20.0000 3308 JavaQuickStarterService - ok
22:03:20.0015 3308 Kbdclass (2aa4d6f99f0b25c0c25def5ae25b4d31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:20.0015 3308 Kbdclass - ok
22:03:20.0031 3308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:03:20.0046 3308 kmixer - ok
22:03:20.0078 3308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:03:20.0093 3308 KSecDD - ok
22:03:20.0140 3308 lanmanserver (a1a4bd03865ed82e9036367e5a605334) C:\WINDOWS\System32\srvsvc.dll
22:03:20.0140 3308 lanmanserver - ok
22:03:20.0187 3308 lanmanworkstation (0ea848865ccf1b00f220a3e305de4dfb) C:\WINDOWS\System32\wkssvc.dll
22:03:20.0187 3308 lanmanworkstation - ok
22:03:20.0203 3308 lbrtfdc - ok
22:03:20.0250 3308 LmHosts (30f8e9571c5602528716c141cdfdce10) C:\WINDOWS\System32\lmhsvc.dll
22:03:20.0250 3308 LmHosts - ok
22:03:20.0296 3308 massfilter (8d9c68fa8b7fbe0e225bde0bbcd8ce9b) C:\WINDOWS\system32\drivers\massfilter.sys
22:03:20.0296 3308 massfilter - ok
22:03:20.0328 3308 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
22:03:20.0328 3308 MBAMProtector - ok
22:03:20.0421 3308 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:03:20.0437 3308 MBAMService - ok
22:03:20.0484 3308 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
22:03:20.0484 3308 mdvrmng - ok
22:03:20.0531 3308 Messenger (e6b9be2694ee2fe774ea9d69dfffeb87) C:\WINDOWS\System32\msgsvc.dll
22:03:20.0531 3308 Messenger - ok
22:03:20.0562 3308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:03:20.0562 3308 mnmdd - ok
22:03:20.0593 3308 mnmsrvc (6d319ea748e13e11cc20cb7b88adefc0) C:\WINDOWS\system32\mnmsrvc.exe
22:03:20.0593 3308 mnmsrvc - ok
22:03:20.0625 3308 Modem (35837340d4c14a27988195dd67398c85) C:\WINDOWS\system32\drivers\Modem.sys
22:03:20.0625 3308 Modem - ok
22:03:20.0656 3308 Mouclass (e9fc0706d6973c9777bdee2147ef87e8) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:03:20.0656 3308 Mouclass - ok
22:03:20.0687 3308 mouhid (cecbfa0343e2a9c7cfef3b999e7ba52c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:03:20.0687 3308 mouhid - ok
22:03:20.0734 3308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:03:20.0734 3308 MountMgr - ok
22:03:20.0812 3308 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:03:20.0812 3308 MozillaMaintenance - ok
22:03:20.0828 3308 mraid35x - ok
22:03:20.0843 3308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:03:20.0843 3308 MRxDAV - ok
22:03:20.0906 3308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:20.0906 3308 MRxSmb - ok
22:03:20.0953 3308 MSDTC (87fba35709bf9c33b5aeb6224d67ad75) C:\WINDOWS\system32\msdtc.exe
22:03:20.0953 3308 MSDTC - ok
22:03:20.0968 3308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:03:20.0968 3308 Msfs - ok
22:03:20.0984 3308 MSIServer - ok
22:03:21.0015 3308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:03:21.0015 3308 MSKSSRV - ok
22:03:21.0046 3308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:03:21.0046 3308 MSPCLOCK - ok
22:03:21.0078 3308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:03:21.0078 3308 MSPQM - ok
22:03:21.0109 3308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:03:21.0109 3308 mssmbios - ok
22:03:21.0140 3308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:03:21.0140 3308 Mup - ok
22:03:21.0203 3308 napagent (340f6b532d3a568425b220eed7a7b2c2) C:\WINDOWS\System32\qagentrt.dll
22:03:21.0203 3308 napagent - ok
22:03:21.0265 3308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:03:21.0265 3308 NDIS - ok
22:03:21.0296 3308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:21.0296 3308 NdisTapi - ok
22:03:21.0312 3308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:03:21.0312 3308 Ndisuio - ok
22:03:21.0359 3308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:21.0359 3308 NdisWan - ok
22:03:21.0390 3308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:03:21.0390 3308 NDProxy - ok
22:03:21.0406 3308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:03:21.0406 3308 NetBIOS - ok
22:03:21.0437 3308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:21.0437 3308 NetBT - ok
22:03:21.0484 3308 NetDDE (83b1952cfc6ff9e1de240cec98bda202) C:\WINDOWS\system32\netdde.exe
22:03:21.0500 3308 NetDDE - ok
22:03:21.0500 3308 NetDDEdsdm (83b1952cfc6ff9e1de240cec98bda202) C:\WINDOWS\system32\netdde.exe
22:03:21.0500 3308 NetDDEdsdm - ok
22:03:21.0515 3308 Netlogon (abe0d5760dafd55390057378cda68bd8) C:\WINDOWS\system32\lsass.exe
22:03:21.0515 3308 Netlogon - ok
22:03:21.0562 3308 Netman (cd568584301c26eec77b53e470aaa31f) C:\WINDOWS\System32\netman.dll
22:03:21.0562 3308 Netman - ok
22:03:21.0687 3308 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:03:21.0703 3308 NetTcpPortSharing - ok
22:03:21.0734 3308 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:03:21.0734 3308 NIC1394 - ok
22:03:21.0796 3308 Nla (fd2b109712bec34e7563f76d089dc83e) C:\WINDOWS\System32\mswsock.dll
22:03:21.0812 3308 Nla - ok
22:03:21.0828 3308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:03:21.0828 3308 Npfs - ok
22:03:21.0875 3308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:03:21.0875 3308 Ntfs - ok
22:03:21.0890 3308 NtLmSsp (abe0d5760dafd55390057378cda68bd8) C:\WINDOWS\system32\lsass.exe
22:03:21.0890 3308 NtLmSsp - ok
22:03:21.0953 3308 NtmsSvc (819c0afadb72ed9e1faa5f2cb51587c8) C:\WINDOWS\system32\ntmssvc.dll
22:03:21.0953 3308 NtmsSvc - ok
22:03:22.0000 3308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:03:22.0000 3308 Null - ok
22:03:22.0046 3308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:03:22.0046 3308 NwlnkFlt - ok
22:03:22.0078 3308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:03:22.0078 3308 NwlnkFwd - ok
22:03:22.0109 3308 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:03:22.0109 3308 ohci1394 - ok
22:03:22.0187 3308 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:03:22.0187 3308 ose - ok
22:03:22.0218 3308 Parport (a28a0c29a02a5fa2f75fa229e70e64b7) C:\WINDOWS\system32\drivers\Parport.sys
22:03:22.0218 3308 Parport - ok
22:03:22.0234 3308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:03:22.0234 3308 PartMgr - ok
22:03:22.0281 3308 ParVdm (4eadd72430fffe9046353e9b5c733871) C:\WINDOWS\system32\drivers\ParVdm.sys
22:03:22.0281 3308 ParVdm - ok
22:03:22.0296 3308 PCI (feb531dc1d3c5d1fe9ca7d144fc8cc22) C:\WINDOWS\system32\DRIVERS\pci.sys
22:03:22.0296 3308 PCI - ok
22:03:22.0312 3308 PCIDump - ok
22:03:22.0328 3308 PCIIde - ok
22:03:22.0359 3308 Pcmcia (6c0558ae897715dd67a2cbca290306c3) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:03:22.0359 3308 Pcmcia - ok
22:03:22.0375 3308 PDCOMP - ok
22:03:22.0375 3308 PDFRAME - ok
22:03:22.0390 3308 PDRELI - ok
22:03:22.0406 3308 PDRFRAME - ok
22:03:22.0421 3308 perc2 - ok
22:03:22.0437 3308 perc2hib - ok
22:03:22.0500 3308 PlugPlay (be4ca1a36621248590e80713cfdf20d2) C:\WINDOWS\system32\services.exe
22:03:22.0500 3308 PlugPlay - ok
22:03:22.0515 3308 PolicyAgent (abe0d5760dafd55390057378cda68bd8) C:\WINDOWS\system32\lsass.exe
22:03:22.0515 3308 PolicyAgent - ok
22:03:22.0562 3308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:03:22.0562 3308 PptpMiniport - ok
22:03:22.0578 3308 Processor (4a1b365371ba3c24de657fb72ea08fb2) C:\WINDOWS\system32\DRIVERS\processr.sys
22:03:22.0578 3308 Processor - ok
22:03:22.0593 3308 ProtectedStorage (abe0d5760dafd55390057378cda68bd8) C:\WINDOWS\system32\lsass.exe
22:03:22.0593 3308 ProtectedStorage - ok
22:03:22.0609 3308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:03:22.0609 3308 PSched - ok
22:03:22.0656 3308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:03:22.0656 3308 Ptilink - ok
22:03:22.0687 3308 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:03:22.0687 3308 PxHelp20 - ok
22:03:22.0703 3308 ql1080 - ok
22:03:22.0718 3308 Ql10wnt - ok
22:03:22.0734 3308 ql12160 - ok
22:03:22.0734 3308 ql1240 - ok
22:03:22.0750 3308 ql1280 - ok
22:03:22.0796 3308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:22.0796 3308 RasAcd - ok
22:03:22.0828 3308 RasAuto (9eb4b456c1edf0b1ea84998999cecde6) C:\WINDOWS\System32\rasauto.dll
22:03:22.0843 3308 RasAuto - ok
22:03:22.0859 3308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:03:22.0859 3308 Rasl2tp - ok
22:03:22.0906 3308 RasMan (50655e109a8ae4bac8aebb0e4c9ca66f) C:\WINDOWS\System32\rasmans.dll
22:03:22.0906 3308 RasMan - ok
22:03:22.0921 3308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:22.0921 3308 RasPppoe - ok
22:03:22.0937 3308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:03:22.0937 3308 Raspti - ok
22:03:22.0968 3308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:22.0968 3308 Rdbss - ok
22:03:23.0000 3308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:23.0015 3308 RDPCDD - ok
22:03:23.0046 3308 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:23.0062 3308 RDPWD - ok
22:03:23.0093 3308 RDSessMgr (37e0ef5c71628f1464f18e37860ce50b) C:\WINDOWS\system32\sessmgr.exe
22:03:23.0109 3308 RDSessMgr - ok
22:03:23.0125 3308 redbook (91b5ec87d728940ff72fcd21e582cee9) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:23.0125 3308 redbook - ok
22:03:23.0171 3308 RemoteAccess (a9b762d59ea292a2f253c00703071d2c) C:\WINDOWS\System32\mprdim.dll
22:03:23.0171 3308 RemoteAccess - ok
22:03:23.0203 3308 RpcLocator (8388d1eb0fae7117496c5ffa4b02eaa0) C:\WINDOWS\system32\locator.exe
22:03:23.0203 3308 RpcLocator - ok
22:03:23.0265 3308 RpcSs (860042ed536d48f0640794b0eef568d5) C:\WINDOWS\system32\rpcss.dll
22:03:23.0265 3308 RpcSs - ok
22:03:23.0312 3308 RSVP (dc3c8532614b66cda851c70a6af49a5d) C:\WINDOWS\system32\rsvp.exe
22:03:23.0312 3308 RSVP - ok
22:03:23.0343 3308 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:03:23.0359 3308 RTL8023xp - ok
22:03:23.0406 3308 SamSs (abe0d5760dafd55390057378cda68bd8) C:\WINDOWS\system32\lsass.exe
22:03:23.0406 3308 SamSs - ok
22:03:23.0453 3308 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
22:03:23.0453 3308 SbFw - ok
22:03:23.0500 3308 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
22:03:23.0500 3308 SBFWIMCL - ok
22:03:23.0531 3308 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
22:03:23.0531 3308 sbhips - ok
22:03:23.0578 3308 SbPF.Launcher (56c92289535834aa26144b4368932dcb) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
22:03:23.0578 3308 SbPF.Launcher - ok
22:03:23.0625 3308 SCardSvr (1267feb62402dc6fa632f8a763577231) C:\WINDOWS\System32\SCardSvr.exe
22:03:23.0625 3308 SCardSvr - ok
22:03:23.0671 3308 Schedule (bec4f0afae2dc730a546d80f99c10a1e) C:\WINDOWS\system32\schedsvc.dll
22:03:23.0687 3308 Schedule - ok
22:03:23.0718 3308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:23.0718 3308 Secdrv - ok
22:03:23.0734 3308 seclogon (bcae3f72dfc15fdcf3cdceb4f086bcbe) C:\WINDOWS\System32\seclogon.dll
22:03:23.0750 3308 seclogon - ok
22:03:23.0781 3308 SENS (a08a405c848cf50e55ff81207d490fe1) C:\WINDOWS\system32\sens.dll
22:03:23.0781 3308 SENS - ok
22:03:23.0812 3308 Serial (e6c01d131904fe42580c4f9d19c7d292) C:\WINDOWS\system32\drivers\Serial.sys
22:03:23.0812 3308 Serial - ok
22:03:23.0859 3308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:23.0859 3308 Sfloppy - ok
22:03:23.0906 3308 SharedAccess (226f14b9f0d18169cae21625cb327dcf) C:\WINDOWS\System32\ipnathlp.dll
22:03:23.0906 3308 SharedAccess - ok
22:03:23.0968 3308 ShellHWDetection (fd3f6ba52ecd1a7d80843480ed71e9de) C:\WINDOWS\System32\shsvcs.dll
22:03:23.0968 3308 ShellHWDetection - ok
22:03:23.0984 3308 Simbad - ok
22:03:24.0046 3308 smserial (9168d5b5d7f149523a38de4a19e7e0e0) C:\WINDOWS\system32\DRIVERS\smserial.sys
22:03:24.0062 3308 smserial - ok
22:03:24.0078 3308 Sparrow - ok
22:03:24.0218 3308 SPF4 (b3c9d712962db83c280d0c4aac8963a8) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
22:03:24.0234 3308 SPF4 - ok
22:03:24.0265 3308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:03:24.0265 3308 splitter - ok
22:03:24.0312 3308 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:03:24.0312 3308 Spooler - ok
22:03:24.0343 3308 sr (fed2cba52dea63891c1e22ec3c72ed47) C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:24.0343 3308 sr - ok
22:03:24.0390 3308 srservice (e2d71738c3606da3261e5b84b1f9db5b) C:\WINDOWS\system32\srsvc.dll
22:03:24.0390 3308 srservice - ok
22:03:24.0437 3308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:24.0453 3308 Srv - ok
22:03:24.0484 3308 SSDPSRV (88a28145007e2f9b1007e6b53bd96257) C:\WINDOWS\System32\ssdpsrv.dll
22:03:24.0484 3308 SSDPSRV - ok
22:03:24.0515 3308 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:03:24.0515 3308 ssmdrv - ok
22:03:24.0562 3308 stisvc (cc40321da6c58c0b6f954e18667898c4) C:\WINDOWS\system32\wiaservc.dll
22:03:24.0578 3308 stisvc - ok
22:03:24.0609 3308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:24.0625 3308 swenum - ok
22:03:24.0656 3308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:03:24.0656 3308 swmidi - ok
22:03:24.0671 3308 SwPrv - ok
22:03:24.0703 3308 symc810 - ok
22:03:24.0703 3308 symc8xx - ok
22:03:24.0718 3308 sym_hi - ok
22:03:24.0734 3308 sym_u3 - ok
22:03:24.0812 3308 SynTP (59e9d90d6373f8ad4e3ebd0ecdedd35e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:03:24.0812 3308 SynTP - ok
22:03:24.0828 3308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:24.0828 3308 sysaudio - ok
22:03:24.0875 3308 SysmonLog (81e05f101e639b7b7772b054e8d5246c) C:\WINDOWS\system32\smlogsvc.exe
22:03:24.0875 3308 SysmonLog - ok
22:03:24.0906 3308 TapiSrv (f057021b63b285a4f355f7ab7cf3b320) C:\WINDOWS\System32\tapisrv.dll
22:03:24.0906 3308 TapiSrv - ok
22:03:24.0968 3308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:24.0968 3308 Tcpip - ok
22:03:25.0000 3308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:25.0015 3308 TDPIPE - ok
22:03:25.0046 3308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:25.0046 3308 TDTCP - ok
22:03:25.0078 3308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:25.0078 3308 TermDD - ok
22:03:25.0125 3308 TermService (d51d0f4e08f5adb6fad186df01508787) C:\WINDOWS\System32\termsrv.dll
22:03:25.0125 3308 TermService - ok
22:03:25.0187 3308 Themes (fd3f6ba52ecd1a7d80843480ed71e9de) C:\WINDOWS\System32\shsvcs.dll
22:03:25.0187 3308 Themes - ok
22:03:25.0203 3308 TosIde - ok
22:03:25.0218 3308 TrkWks (fcf15897dd9f34e96587fa7edfb73c21) C:\WINDOWS\system32\trkwks.dll
22:03:25.0234 3308 TrkWks - ok
22:03:25.0265 3308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:03:25.0265 3308 Udfs - ok
22:03:25.0265 3308 ultra - ok
22:03:25.0312 3308 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
22:03:25.0312 3308 UMWdf - ok
22:03:25.0375 3308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:03:25.0375 3308 Update - ok
22:03:25.0406 3308 upnphost (5762364d2eb3af51127f8d5d45a531ba) C:\WINDOWS\System32\upnphost.dll
22:03:25.0406 3308 upnphost - ok
22:03:25.0437 3308 UPS (b207d7ea32df646566d7a1b31c1f9a2e) C:\WINDOWS\System32\ups.exe
22:03:25.0437 3308 UPS - ok
22:03:25.0468 3308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:25.0468 3308 usbccgp - ok
22:03:25.0500 3308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:25.0500 3308 usbehci - ok
22:03:25.0546 3308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:25.0546 3308 usbhub - ok
22:03:25.0578 3308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:03:25.0578 3308 usbscan - ok
22:03:25.0609 3308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:25.0609 3308 USBSTOR - ok
22:03:25.0625 3308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:25.0625 3308 usbuhci - ok
22:03:25.0671 3308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:03:25.0671 3308 VgaSave - ok
22:03:25.0718 3308 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:03:25.0718 3308 ViaIde - ok
22:03:25.0750 3308 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys
22:03:25.0750 3308 viamraid - ok
22:03:25.0812 3308 VIAudio (4e136fde8c17c1829c654899c7b916bd) C:\WINDOWS\system32\drivers\vinyl97.sys
22:03:25.0828 3308 VIAudio - ok
22:03:25.0843 3308 VolSnap (ae449a0f2fde17a61390049d30849c8d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:25.0843 3308 VolSnap - ok
22:03:25.0890 3308 VSS (1508cad64908b592bf7c9d3d1979ada6) C:\WINDOWS\System32\vssvc.exe
22:03:25.0906 3308 VSS - ok
22:03:25.0937 3308 W32Time (2326b61bb05e774e47f1b519f424b36e) C:\WINDOWS\system32\w32time.dll
22:03:25.0937 3308 W32Time - ok
22:03:25.0968 3308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:25.0968 3308 Wanarp - ok
22:03:25.0984 3308 WDICA - ok
22:03:26.0000 3308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:26.0015 3308 wdmaud - ok
22:03:26.0031 3308 WebClient (d654ad0f4e7c35aa765c7e833fe30425) C:\WINDOWS\System32\webclnt.dll
22:03:26.0031 3308 WebClient - ok
22:03:26.0093 3308 winmgmt (ef1345485991293baf7e3901386c1ba0) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:03:26.0093 3308 winmgmt - ok
22:03:26.0125 3308 wltrysvc - ok
22:03:26.0156 3308 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
22:03:26.0171 3308 WmdmPmSN - ok
22:03:26.0218 3308 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:03:26.0218 3308 WmiAcpi - ok
22:03:26.0250 3308 WmiApSrv (ec4df0e3b3fc1baae6712b9616b8c54e) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:03:26.0250 3308 WmiApSrv - ok
22:03:26.0312 3308 wscsvc (3ee94d0ebc2f3b32938d9fb9eea93c5f) C:\WINDOWS\system32\wscsvc.dll
22:03:26.0312 3308 wscsvc - ok
22:03:26.0343 3308 wuauserv (7d0c11fa486b5646ad0eebfd61d03fe0) C:\WINDOWS\system32\wuauserv.dll
22:03:26.0343 3308 wuauserv - ok
22:03:26.0390 3308 WZCSVC (4ebd8d6395b4a7345930db6a3918409c) C:\WINDOWS\System32\wzcsvc.dll
22:03:26.0406 3308 WZCSVC - ok
22:03:26.0453 3308 xmlprov (e89a0310e8be2578eee1ae63a6307ffb) C:\WINDOWS\System32\xmlprov.dll
22:03:26.0453 3308 xmlprov - ok
22:03:26.0484 3308 ZTEusbmdm6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
22:03:26.0484 3308 ZTEusbmdm6k - ok
22:03:26.0515 3308 ZTEusbnmea (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
22:03:26.0515 3308 ZTEusbnmea - ok
22:03:26.0562 3308 ZTEusbser6k (9bdd8c51c56be88b081e885085bd7286) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
22:03:26.0562 3308 ZTEusbser6k - ok
22:03:26.0593 3308 MBR (0x1B8) (6573d157a3dffd65292c07911ac353a2) \Device\Harddisk0\DR0
22:03:27.0031 3308 \Device\Harddisk0\DR0 - ok
22:03:27.0046 3308 MBR (0x1B8) (e876ba5cfd4b9138540a7b55e69e86c6) \Device\Harddisk2\DR15
22:03:27.0078 3308 \Device\Harddisk2\DR15 ( Rootkit.Boot.SST.a ) - infected
22:03:27.0078 3308 \Device\Harddisk2\DR15 - detected Rootkit.Boot.SST.a (0)
22:03:27.0078 3308 Boot (0x1200) (c12a61cd77a2294603bd2c8a43576465) \Device\Harddisk0\DR0\Partition0
22:03:27.0078 3308 \Device\Harddisk0\DR0\Partition0 - ok
22:03:27.0109 3308 Boot (0x1200) (39189975f8985aa1f979d0e38e6639a8) \Device\Harddisk0\DR0\Partition1
22:03:27.0125 3308 \Device\Harddisk0\DR0\Partition1 - ok
22:03:27.0125 3308 Boot (0x1200) (f50436b9d5c46fcfee307da4bffd7332) \Device\Harddisk2\DR15\Partition0
22:03:27.0125 3308 \Device\Harddisk2\DR15\Partition0 - ok
22:03:27.0140 3308 Boot (0x1200) (65a19fb010e621781d51d25568d999b0) \Device\Harddisk2\DR15\Partition1
22:03:27.0140 3308 \Device\Harddisk2\DR15\Partition1 - ok
22:03:27.0156 3308 Boot (0x1200) (74cb6b892d48096327eb0ec1af0ca321) \Device\Harddisk2\DR15\Partition2
22:03:27.0156 3308 \Device\Harddisk2\DR15\Partition2 - ok
22:03:27.0171 3308 Boot (0x1200) (6e8f83c0e780d7b5ca1a11b709fd893d) \Device\Harddisk2\DR15\Partition3
22:03:27.0171 3308 \Device\Harddisk2\DR15\Partition3 - ok
22:03:27.0187 3308 ============================================================
22:03:27.0187 3308 Scan finished
22:03:27.0187 3308 ============================================================
22:03:27.0203 2400 Detected object count: 1
22:03:27.0203 2400 Actual detected object count: 1
22:06:27.0718 2400 \Device\Harddisk2\DR15\# - copied to quarantine
22:06:27.0718 2400 \Device\Harddisk2\DR15 - copied to quarantine
22:06:27.0875 2400 \Device\Harddisk2\DR15 - processing error
22:09:20.0046 2400 \Device\Harddisk2\DR15 ( Rootkit.Boot.SST.a ) - User select action: Cure
22:10:22.0046 4060 Deinitialize success

Attached Files



BC AdBot (Login to Remove)

 


#2 dittohead

dittohead
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 06 August 2012 - 11:44 AM

TDSSKiller log was made with another computer (with the drive attached via USB) because when opening XP and TDSSKiller with the infected drive it wouldn't do anything.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 PM

Posted 11 August 2012 - 11:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464105 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 PM

Posted 16 August 2012 - 11:50 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users