TechSpot

Infected XP PC, very slow, BSOD

By quattttro
Oct 6, 2011
  1. Appreciate any help or suggestions. BSOD of the 0x0000008E and 0x000000C2 (bad_pool_caller) variety. Can't install service pack or anti-virus without BSOD. I managed to get SP3 installed, somehow, however. I left a full-scan of Malwarebytes going overnight, after 14 hours I cancelled it, however 40 further infections removed. Here are the logs:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7882

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    10/5/2011 8:30:57 PM
    mbam-log-2011-10-05 (20-30-48).txt

    Scan type: Quick scan
    Objects scanned: 199476
    Time elapsed: 13 minute(s), 6 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> 1056 -> No action taken.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Trojan.Downloader) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate1ca655ebe40a31e (Trojan.PatchLoad) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.PatchLoad) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE (Backdoor.IRCBot) -> Value: HPWUSCHD2.EXE -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\TCTRLIOHOOK.EXE (Backdoor.IRCBot) -> Value: TCTRLIOHOOK.EXE -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\ZOOMINGHOOK.EXE (Backdoor.IRCBot) -> Value: ZOOMINGHOOK.EXE -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Downloader) -> Bad: (Explorer.exe) Good: () -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> No action taken.
    c:\WINDOWS\system32\explorer.exe (Trojan.Downloader) -> No action taken.
    c:\program files\Google\Update\googleupdate.exe (Trojan.PatchLoad) -> No action taken.
    c:\WINDOWS\system32\B5RY8.com (Backdoor.IRCBot) -> No action taken.
    c:\WINDOWS\system32\tctrliohook.exe (Backdoor.IRCBot) -> No action taken.
    c:\WINDOWS\system32\zoominghook.exe (Backdoor.IRCBot) -> No action taken.
    c:\WINDOWS\system32\TPSMain.exe (Backdoor.IRCBot) -> No action taken.
    c:\documents and settings\ERegan\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
    c:\documents and settings\ERegan\application data\Adobe\plugs\mmc206.exe (Trojan.Agent.Gen) -> No action taken.
    c:\documents and settings\ERegan\application data\Adobe\plugs\mmc234.exe (Trojan.Agent.Gen) -> No action taken.
    c:\documents and settings\ERegan\application data\Adobe\plugs\mmc605418953.txt (Trojan.Agent.Gen) -> No action taken.




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-06 11:48:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8026GAX rev.PA000U
    Running: e8fz6uh6.exe; Driver: C:\DOCUME~1\ERegan\LOCALS~1\Temp\pgldypog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- System - GMER 1.0.15 ----

    SSDT hdsector.sys ZwQueryDirectoryFile [0xF78AC776] <-- ROOTKIT !!!

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A9E231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A9E231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A9E231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A9E231B

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\hdsector.sys (*** hidden *** ) [BOOT] hdsector <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by ERegan at 11:52:13 on 2011-10-06
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1382 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uWinlogon: Shell=c:\documents and settings\eregan\local settings\application data\af48e02d\X
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Zinio DLM] c:\program files\zinio\ZinioDeliveryManager.exe /autostart
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ZoomingHook] ZoomingHook.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [TCtryIOHook] TCtrlIOHook.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://www.caworkroom.com/qp2.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9DF47B4E-B7ED-46E1-BFB9-B336DCB87375} : DhcpNameServer = 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-6-11 3712]
    R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
    R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
    R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-18 86064]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-18 1371184]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-06 00:42:44 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2011-10-06 00:34:18 -------- d-----w- C:\0b9aea05172f7ac64bd71ba5
    2011-10-05 23:56:30 -------- d-----w- C:\ee8a00c41ba25e0314d56809315046
    2011-10-05 23:44:23 -------- d-----w- C:\eec52521b27bd034ede6058fa8f7c1
    2011-10-05 23:16:59 -------- d-sha-r- C:\cmdcons
    2011-10-05 23:15:44 113152 ----a-w- c:\documents and settings\all users\application data\psfhjvPh.exe
    2011-10-05 23:14:42 -------- d-s---w- C:\ComboFix
    2011-10-05 22:25:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-05 22:22:14 98816 ----a-w- c:\windows\sed.exe
    2011-10-05 22:22:14 518144 ----a-w- c:\windows\SWREG.exe
    2011-10-05 22:22:14 256000 ----a-w- c:\windows\PEV.exe
    2011-10-05 22:22:14 208896 ----a-w- c:\windows\MBR.exe
    2011-10-05 21:41:28 -------- d-----w- c:\windows\EHome
    2011-10-05 21:06:24 -------- d-----w- C:\51523192b69ef106e2d8
    2011-10-05 20:16:35 -------- d-----w- c:\program files\WhoCrashed
    2011-10-05 18:58:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-05 18:58:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-10-05 18:39:35 -------- d-----w- c:\documents and settings\eregan\application data\Malwarebytes
    2011-10-05 18:39:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-05 18:39:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-05 18:39:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-04 05:00:43 -------- d-sh--w- c:\documents and settings\eregan\IECompatCache
    2011-10-04 01:01:49 147456 ----a-w- c:\windows\system32\B5RY8.com
    2011-10-04 00:50:35 -------- d-sh--w- c:\documents and settings\eregan\local settings\application data\af48e02d
    .
    ==================== Find3M ====================
    .
    2011-10-04 01:01:47 147460 ------w- c:\windows\system32\TCtrlIOHook.exe
    2011-10-04 01:01:46 147460 ------w- c:\windows\system32\ZoomingHook.exe
    2011-10-04 01:01:46 147460 ------w- c:\windows\system32\TPSMain.exe
    2011-07-18 23:10:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: TOSHIBA_MK8026GAX rev.PA000U -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9E24D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9e87d0]; MOV EAX, [0x8a9e884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A9CFAB8]
    3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000007a[0x8A9B1F18]
    5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E37C5] -> [0x8AA0A940]
    \Driver\atapi[0x8A9DF850] -> IRP_MJ_CREATE -> 0x8A9E24D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A9E231B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 11:55:45.89 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/18/2006 10:28:43 PM
    System Uptime: 10/6/2011 11:41:30 AM (0 hours ago)
    .
    Motherboard: TOSHIBA | | EBQ10
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1728/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 44.736 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 10/5/2011 9:20:24 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.1.0
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    BlackBerry Desktop Software 4.2.2
    Bonjour
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities ZoomBrowser EX
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Corel GuideMenu
    Critical Update for Windows Media Player 11 (KB959772)
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DVD-RAM Driver
    eSupportQFolder
    FrostWire 4.21.5
    Google Earth
    Google Update Helper
    GuideMenu
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 5400 series
    HP Imaging Device Functions 5.0
    HP Photosmart Essential
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.0
    HP Update
    HPDeskjet5400Series
    HPProductAssistant
    IMapViewer 1.1.0(05051801)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    InterVideo WinDVD SE
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0
    Java Auto Updater
    Java(TM) 6 Update 21
    KhalSetup
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech SetPoint
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft AntiSpyware
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    MobileMe Control Panel
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDFCreator
    PDFCreator Toolbar
    Picasa 3
    QuickTime
    QuickTime for Windows (32-bit)
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Roxio Media Manager
    Safari
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    SolutionCenter
    Sonic DLA
    Sonic RecordNow!
    Spybot - Search & Destroy
    Status
    Symantec AntiVirus Client
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    Toshiba Tbiosdrv Driver
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    TrayApp
    TWV UAM
    Ulead DVD MovieFactory SE
    Unload
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Utility Common Driver
    WebFldrs XP
    WebReg
    WhoCrashed 3.02
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows NT Messaging
    Windows XP Service Pack 3
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/6/2011 9:16:41 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
    10/6/2011 8:16:53 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
    10/6/2011 7:16:45 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
    10/6/2011 6:16:47 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
    10/6/2011 5:16:50 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
    10/6/2011 4:16:42 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
    10/6/2011 3:30:50 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
    10/6/2011 2:16:47 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
    10/6/2011 12:16:47 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
    10/6/2011 11:43:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    10/6/2011 11:16:51 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
    10/6/2011 10:16:59 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
    10/6/2011 1:16:45 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
    10/5/2011 9:24:52 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2011 9:24:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    10/5/2011 9:24:11 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.
    10/5/2011 9:22:21 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
    10/5/2011 8:08:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office 2003 (KB949074).
    10/5/2011 8:06:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/5/2011 7:50:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    10/5/2011 7:12:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    10/5/2011 7:10:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/5/2011 7:02:55 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2011 7:02:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    10/5/2011 6:17:05 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 b9dcdc68, parameter4 00000000.
    10/5/2011 5:57:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/5/2011 4:05:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 a08b5c68, parameter4 00000000.
    10/5/2011 3:09:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/5/2011 2:51:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    10/5/2011 2:38:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/5/2011 2:37:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SerTVOutCtlr SrvcEKIOMngr SrvcSSIOMngr TPwSav
    10/5/2011 2:36:23 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/5/2011 2:28:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
    10/5/2011 2:28:47 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2011 11:37:15 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
    10/5/2011 11:16:54 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
    10/5/2011 10:16:55 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
    10/5/2011 1:15:01 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 9bcc1bf8, parameter4 00000000.
    10/4/2011 2:42:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
    10/4/2011 2:42:45 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 2:42:45 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 2:42:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveShare P2P Server 9 service to connect.
    10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
    10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
    10/4/2011 2:42:43 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 2:42:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    10/4/2011 2:42:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IviRegMgr service to connect.
    10/4/2011 2:42:41 AM, error: Service Control Manager [7000] - The IviRegMgr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DVD-RAM_Service service to connect.
    10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DefWatch service to connect.
    10/4/2011 2:42:39 AM, error: Service Control Manager [7000] - The DVD-RAM_Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 12:48:25 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
    10/4/2011 12:45:46 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000017, parameter2 805e3684, parameter3 9c8297dc, parameter4 00000000.
    10/4/2011 12:40:51 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    10/4/2011 12:39:19 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2011 12:39:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    10/4/2011 12:39:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
    10/4/2011 12:39:15 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/3/2011 9:32:26 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    10/3/2011 9:19:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    10/3/2011 9:19:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1ca655ebe40a31e) service to connect.
    10/3/2011 9:19:32 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca655ebe40a31e) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/3/2011 9:19:03 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    10/3/2011 9:18:29 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus Client service to connect.
    10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
    10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ConfigFree Service service to connect.
    10/3/2011 9:17:30 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/3/2011 9:17:28 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/3/2011 9:17:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
    10/3/2011 9:11:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. quattttro

    quattttro TS Rookie Topic Starter

    Thanks for the help, Broni. Here is the log:


    14:49:18.0187 3820 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
    14:49:20.0046 3820 ============================================================
    14:49:20.0046 3820 Current date / time: 2011/10/06 14:49:20.0046
    14:49:20.0046 3820 SystemInfo:
    14:49:20.0046 3820
    14:49:20.0046 3820 OS Version: 5.1.2600 ServicePack: 3.0
    14:49:20.0046 3820 Product type: Workstation
    14:49:20.0046 3820 ComputerName: VP-11
    14:49:20.0046 3820 UserName: ERegan
    14:49:20.0046 3820 Windows directory: C:\WINDOWS
    14:49:20.0046 3820 System windows directory: C:\WINDOWS
    14:49:20.0046 3820 Processor architecture: Intel x86
    14:49:20.0046 3820 Number of processors: 1
    14:49:20.0046 3820 Page size: 0x1000
    14:49:20.0046 3820 Boot type: Normal boot
    14:49:20.0046 3820 ============================================================
    14:49:21.0859 3820 Initialize success
    14:49:40.0531 3888 ============================================================
    14:49:40.0531 3888 Scan started
    14:49:40.0531 3888 Mode: Manual;
    14:49:40.0531 3888 ============================================================
    14:49:40.0953 3888 Abiosdsk - ok
    14:49:40.0968 3888 abp480n5 - ok
    14:49:41.0093 3888 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:49:41.0109 3888 ACPI - ok
    14:49:41.0156 3888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    14:49:41.0156 3888 ACPIEC - ok
    14:49:41.0171 3888 adpu160m - ok
    14:49:41.0296 3888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:49:41.0296 3888 aec - ok
    14:49:41.0312 3888 af48e02d - ok
    14:49:41.0375 3888 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    14:49:41.0375 3888 AFD - ok
    14:49:41.0500 3888 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    14:49:41.0515 3888 AgereSoftModem - ok
    14:49:41.0703 3888 Aha154x - ok
    14:49:41.0765 3888 aic78u2 - ok
    14:49:41.0812 3888 aic78xx - ok
    14:49:42.0078 3888 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    14:49:42.0125 3888 ALCXWDM - ok
    14:49:42.0140 3888 AliIde - ok
    14:49:42.0156 3888 amsint - ok
    14:49:42.0203 3888 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    14:49:42.0218 3888 ApfiltrService - ok
    14:49:42.0281 3888 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    14:49:42.0296 3888 Arp1394 - ok
    14:49:42.0312 3888 asc - ok
    14:49:42.0328 3888 asc3350p - ok
    14:49:42.0343 3888 asc3550 - ok
    14:49:42.0421 3888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:49:42.0421 3888 AsyncMac - ok
    14:49:42.0468 3888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:49:42.0468 3888 atapi - ok
    14:49:42.0671 3888 Atdisk - ok
    14:49:42.0812 3888 ati2mtag (2fbdfec8cd60cec3d55e615865333033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:49:42.0828 3888 ati2mtag - ok
    14:49:42.0921 3888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:49:42.0921 3888 Atmarpc - ok
    14:49:42.0968 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:49:42.0968 3888 audstub - ok
    14:49:43.0015 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:49:43.0015 3888 Beep - ok
    14:49:43.0187 3888 catchme - ok
    14:49:43.0234 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:49:43.0234 3888 cbidf2k - ok
    14:49:43.0265 3888 cd20xrnt - ok
    14:49:43.0312 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:49:43.0312 3888 Cdaudio - ok
    14:49:43.0593 3888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:49:43.0593 3888 Cdfs - ok
    14:49:43.0671 3888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:49:43.0671 3888 Cdrom - ok
    14:49:43.0703 3888 Changer - ok
    14:49:43.0734 3888 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    14:49:43.0734 3888 CmBatt - ok
    14:49:43.0796 3888 CmdIde - ok
    14:49:43.0843 3888 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    14:49:43.0859 3888 Compbatt - ok
    14:49:43.0875 3888 Cpqarray - ok
    14:49:43.0921 3888 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    14:49:43.0921 3888 CVirtA - ok
    14:49:43.0937 3888 dac2w2k - ok
    14:49:43.0968 3888 dac960nt - ok
    14:49:44.0031 3888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:49:44.0031 3888 Disk - ok
    14:49:44.0156 3888 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:49:44.0203 3888 dmboot - ok
    14:49:44.0296 3888 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:49:44.0296 3888 dmio - ok
    14:49:44.0546 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:49:44.0546 3888 dmload - ok
    14:49:44.0609 3888 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:49:44.0609 3888 DMusic - ok
    14:49:44.0703 3888 dpti2o - ok
    14:49:44.0750 3888 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:49:44.0750 3888 drmkaud - ok
    14:49:44.0828 3888 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
    14:49:44.0828 3888 drvmcdb - ok
    14:49:44.0859 3888 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
    14:49:44.0859 3888 drvnddm - ok
    14:49:44.0937 3888 EMSCR (d3d0ef132eb8f7351e0f6e8072e26331) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    14:49:44.0937 3888 EMSCR - ok
    14:49:44.0953 3888 ESDCR (fcf25b9eb1876dbb3efe13baf37b7bf8) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    14:49:44.0968 3888 ESDCR - ok
    14:49:44.0984 3888 ESMCR (7cec9e3a81142ea0294f2abba0b0a846) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    14:49:44.0984 3888 ESMCR - ok
    14:49:45.0078 3888 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS
    14:49:45.0078 3888 EUSBMSD - ok
    14:49:45.0171 3888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:49:45.0171 3888 Fastfat - ok
    14:49:45.0234 3888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    14:49:45.0234 3888 Fdc - ok
    14:49:45.0468 3888 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:49:45.0468 3888 Fips - ok
    14:49:45.0500 3888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:49:45.0500 3888 Flpydisk - ok
    14:49:45.0640 3888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    14:49:45.0640 3888 FltMgr - ok
    14:49:45.0656 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:49:45.0656 3888 Fs_Rec - ok
    14:49:45.0718 3888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:49:45.0718 3888 Ftdisk - ok
    14:49:45.0765 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:49:45.0765 3888 GEARAspiWDM - ok
    14:49:45.0859 3888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:49:45.0859 3888 Gpc - ok
    14:49:45.0921 3888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:49:45.0921 3888 HidUsb - ok
    14:49:45.0953 3888 hpn - ok
    14:49:46.0000 3888 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    14:49:46.0015 3888 HPZid412 - ok
    14:49:46.0046 3888 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    14:49:46.0046 3888 HPZipr12 - ok
    14:49:46.0078 3888 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    14:49:46.0078 3888 HPZius12 - ok
    14:49:46.0171 3888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:49:46.0171 3888 HTTP - ok
    14:49:46.0359 3888 i2omgmt - ok
    14:49:46.0390 3888 i2omp - ok
    14:49:46.0468 3888 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:49:46.0468 3888 i8042prt - ok
    14:49:46.0562 3888 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    14:49:46.0578 3888 ialm - ok
    14:49:46.0687 3888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:49:46.0687 3888 Imapi - ok
    14:49:46.0703 3888 ini910u - ok
    14:49:46.0765 3888 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:49:46.0765 3888 IntelIde - ok
    14:49:46.0796 3888 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:49:46.0796 3888 intelppm - ok
    14:49:46.0843 3888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    14:49:46.0843 3888 Ip6Fw - ok
    14:49:46.0875 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:49:46.0875 3888 IpFilterDriver - ok
    14:49:46.0968 3888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:49:46.0968 3888 IpInIp - ok
    14:49:47.0078 3888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:49:47.0078 3888 IpNat - ok
    14:49:47.0343 3888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:49:47.0343 3888 IPSec - ok
    14:49:47.0390 3888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:49:47.0406 3888 IRENUM - ok
    14:49:47.0484 3888 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:49:47.0500 3888 isapnp - ok
    14:49:47.0531 3888 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
    14:49:47.0531 3888 Iviaspi - ok
    14:49:47.0562 3888 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:49:47.0562 3888 Kbdclass - ok
    14:49:47.0640 3888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:49:47.0656 3888 kmixer - ok
    14:49:47.0750 3888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:49:47.0750 3888 KSecDD - ok
    14:49:47.0781 3888 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    14:49:47.0781 3888 L8042Kbd - ok
    14:49:47.0843 3888 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    14:49:47.0843 3888 LBeepKE - ok
    14:49:47.0859 3888 lbrtfdc - ok
    14:49:47.0890 3888 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
    14:49:47.0890 3888 LHidKe - ok
    14:49:47.0937 3888 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    14:49:47.0937 3888 LMouKE - ok
    14:49:48.0171 3888 MBAMSwissArmy - ok
    14:49:48.0203 3888 meiudf (63351a2b051dfc4e7bb41319c8c1ace4) C:\WINDOWS\system32\Drivers\meiudf.sys
    14:49:48.0203 3888 meiudf - ok
    14:49:48.0218 3888 MEMSWEEP2 - ok
    14:49:48.0296 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:49:48.0296 3888 mnmdd - ok
    14:49:48.0359 3888 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:49:48.0359 3888 Modem - ok
    14:49:48.0406 3888 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:49:48.0406 3888 Mouclass - ok
    14:49:48.0421 3888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:49:48.0421 3888 mouhid - ok
    14:49:48.0531 3888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:49:48.0531 3888 MountMgr - ok
    14:49:48.0593 3888 mraid35x - ok
    14:49:48.0687 3888 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:49:48.0687 3888 MRxDAV - ok
    14:49:48.0765 3888 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:49:48.0781 3888 MRxSmb - ok
    14:49:48.0859 3888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:49:48.0859 3888 Msfs - ok
    14:49:49.0171 3888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:49:49.0171 3888 MSKSSRV - ok
    14:49:49.0234 3888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:49:49.0234 3888 MSPCLOCK - ok
    14:49:49.0296 3888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:49:49.0296 3888 MSPQM - ok
    14:49:49.0343 3888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:49:49.0343 3888 mssmbios - ok
    14:49:49.0437 3888 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    14:49:49.0437 3888 Mup - ok
    14:49:49.0531 3888 NAVAP - ok
    14:49:49.0546 3888 NAVAPEL - ok
    14:49:49.0609 3888 NAVENG - ok
    14:49:49.0625 3888 NAVEX15 - ok
    14:49:49.0906 3888 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:49:49.0906 3888 NDIS - ok
    14:49:50.0046 3888 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:49:50.0046 3888 NdisTapi - ok
    14:49:50.0125 3888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:49:50.0125 3888 Ndisuio - ok
    14:49:50.0171 3888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:49:50.0171 3888 NdisWan - ok
    14:49:50.0218 3888 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:49:50.0218 3888 NDProxy - ok
    14:49:50.0281 3888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:49:50.0281 3888 NetBIOS - ok
    14:49:50.0359 3888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:49:50.0359 3888 NetBT - ok
    14:49:50.0421 3888 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    14:49:50.0421 3888 Netdevio - ok
    14:49:50.0484 3888 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    14:49:50.0484 3888 NIC1394 - ok
    14:49:50.0718 3888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:49:50.0718 3888 Npfs - ok
    14:49:50.0781 3888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:49:50.0796 3888 Ntfs - ok
    14:49:50.0906 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:49:50.0906 3888 Null - ok
    14:49:51.0156 3888 nv (6779625536ffc46f18cce797c327eb3e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    14:49:51.0218 3888 nv - ok
    14:49:51.0453 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:49:51.0453 3888 NwlnkFlt - ok
    14:49:51.0468 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:49:51.0484 3888 NwlnkFwd - ok
    14:49:51.0546 3888 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    14:49:51.0546 3888 ohci1394 - ok
    14:49:51.0703 3888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    14:49:51.0703 3888 Parport - ok
    14:49:51.0781 3888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:49:51.0796 3888 PartMgr - ok
    14:49:51.0828 3888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:49:51.0828 3888 ParVdm - ok
    14:49:51.0890 3888 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:49:51.0890 3888 PCI - ok
    14:49:51.0906 3888 PCIDump - ok
    14:49:51.0953 3888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:49:51.0953 3888 PCIIde - ok
    14:49:52.0046 3888 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    14:49:52.0062 3888 Pcmcia - ok
    14:49:52.0078 3888 PDCOMP - ok
    14:49:52.0093 3888 PDFRAME - ok
    14:49:52.0109 3888 PDRELI - ok
    14:49:52.0125 3888 PDRFRAME - ok
    14:49:52.0140 3888 perc2 - ok
    14:49:52.0156 3888 perc2hib - ok
    14:49:52.0203 3888 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    14:49:52.0203 3888 Pfc - ok
    14:49:52.0437 3888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:49:52.0437 3888 PptpMiniport - ok
    14:49:52.0484 3888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:49:52.0484 3888 PSched - ok
    14:49:52.0625 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:49:52.0625 3888 Ptilink - ok
    14:49:52.0671 3888 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:49:52.0671 3888 PxHelp20 - ok
    14:49:52.0718 3888 ql1080 - ok
    14:49:52.0750 3888 Ql10wnt - ok
    14:49:52.0765 3888 ql12160 - ok
    14:49:52.0781 3888 ql1240 - ok
    14:49:52.0796 3888 ql1280 - ok
    14:49:52.0828 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:49:52.0828 3888 RasAcd - ok
    14:49:52.0875 3888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:49:52.0875 3888 Rasl2tp - ok
    14:49:52.0921 3888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:49:52.0921 3888 RasPppoe - ok
    14:49:52.0937 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:49:52.0937 3888 Raspti - ok
    14:49:53.0046 3888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:49:53.0062 3888 Rdbss - ok
    14:49:53.0109 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:49:53.0109 3888 RDPCDD - ok
    14:49:53.0187 3888 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:49:53.0187 3888 RDPWD - ok
    14:49:53.0281 3888 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:49:53.0281 3888 redbook - ok
    14:49:53.0500 3888 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    14:49:53.0500 3888 RimVSerPort - ok
    14:49:53.0562 3888 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    14:49:53.0562 3888 ROOTMODEM - ok
    14:49:53.0671 3888 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    14:49:53.0671 3888 RTL8023xp - ok
    14:49:53.0718 3888 SAVRKBootTasks (e5c587c0668f83e799d1c43bc53e5e37) C:\WINDOWS\system32\SAVRKBootTasks.sys
    14:49:53.0750 3888 SAVRKBootTasks - ok
    14:49:53.0812 3888 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    14:49:53.0812 3888 sdbus - ok
    14:49:53.0875 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:49:53.0875 3888 Secdrv - ok
    14:49:53.0937 3888 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    14:49:53.0937 3888 Serial - ok
    14:49:53.0968 3888 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
    14:49:53.0968 3888 SerTVOutCtlr - ok
    14:49:54.0015 3888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:49:54.0031 3888 Sfloppy - ok
    14:49:54.0078 3888 Simbad - ok
    14:49:54.0109 3888 Sparrow - ok
    14:49:54.0156 3888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:49:54.0156 3888 splitter - ok
    14:49:54.0218 3888 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:49:54.0218 3888 sr - ok
    14:49:54.0468 3888 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:49:54.0468 3888 Srv - ok
    14:49:54.0578 3888 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
    14:49:54.0578 3888 SrvcEKIOMngr - ok
    14:49:54.0625 3888 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
    14:49:54.0625 3888 SrvcSSIOMngr - ok
    14:49:54.0671 3888 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    14:49:54.0687 3888 sscdbhk5 - ok
    14:49:54.0765 3888 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
    14:49:54.0765 3888 ssrtln - ok
    14:49:54.0875 3888 StickyMesger - ok
    14:49:54.0937 3888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:49:54.0937 3888 swenum - ok
    14:49:55.0000 3888 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:49:55.0015 3888 swmidi - ok
    14:49:55.0062 3888 symc810 - ok
    14:49:55.0093 3888 symc8xx - ok
    14:49:55.0109 3888 sym_hi - ok
    14:49:55.0125 3888 sym_u3 - ok
    14:49:55.0203 3888 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:49:55.0203 3888 sysaudio - ok
    14:49:55.0250 3888 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
    14:49:55.0250 3888 TBiosDrv - ok
    14:49:55.0500 3888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:49:55.0500 3888 Tcpip - ok
    14:49:55.0609 3888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:49:55.0609 3888 TDPIPE - ok
    14:49:55.0687 3888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:49:55.0687 3888 TDTCP - ok
    14:49:55.0734 3888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:49:55.0734 3888 TermDD - ok
    14:49:55.0796 3888 tfsnboio (2da3ca4022abb0802de7eeda574e78d6) C:\WINDOWS\system32\dla\tfsnboio.sys
    14:49:55.0796 3888 tfsnboio - ok
    14:49:55.0828 3888 tfsncofs (c8d6928759b77701c21dc90ad61197f2) C:\WINDOWS\system32\dla\tfsncofs.sys
    14:49:55.0843 3888 tfsncofs - ok
    14:49:55.0859 3888 tfsndrct (bacdef5510fa643683cddca418e49446) C:\WINDOWS\system32\dla\tfsndrct.sys
    14:49:55.0859 3888 tfsndrct - ok
    14:49:55.0875 3888 tfsndres (3fc9f390fac563c3d3910d540adbd408) C:\WINDOWS\system32\dla\tfsndres.sys
    14:49:55.0875 3888 tfsndres - ok
    14:49:55.0906 3888 tfsnifs (6aef3ec0b64689536891a9b96e9d7b82) C:\WINDOWS\system32\dla\tfsnifs.sys
    14:49:55.0906 3888 tfsnifs - ok
    14:49:55.0953 3888 tfsnopio (7239873a72dd456f6e74e6987cdb9687) C:\WINDOWS\system32\dla\tfsnopio.sys
    14:49:55.0953 3888 tfsnopio - ok
    14:49:55.0968 3888 tfsnpool (b78631e3593ddd76a4a8ba7cb8e32302) C:\WINDOWS\system32\dla\tfsnpool.sys
    14:49:55.0968 3888 tfsnpool - ok
    14:49:56.0000 3888 tfsnudf (9e8b4abb93e5784fc4e5d3202566cc7a) C:\WINDOWS\system32\dla\tfsnudf.sys
    14:49:56.0031 3888 tfsnudf - ok
    14:49:56.0078 3888 tfsnudfa (056fa0a11ba4cd688e1e40e48ffee921) C:\WINDOWS\system32\dla\tfsnudfa.sys
    14:49:56.0093 3888 tfsnudfa - ok
    14:49:56.0109 3888 TosIde - ok
    14:49:56.0171 3888 TPwSav (542dd0c0d8a1aa428a8c8d1517edb679) C:\WINDOWS\system32\Drivers\TPwSav.sys
    14:49:56.0171 3888 TPwSav - ok
    14:49:56.0375 3888 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
    14:49:56.0375 3888 Tvs - ok
    14:49:56.0437 3888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:49:56.0437 3888 Udfs - ok
    14:49:56.0515 3888 ultra - ok
    14:49:56.0625 3888 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:49:56.0640 3888 Update - ok
    14:49:56.0687 3888 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:49:56.0687 3888 USBAAPL - ok
    14:49:56.0750 3888 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:49:56.0750 3888 usbccgp - ok
    14:49:56.0765 3888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:49:56.0781 3888 usbehci - ok
    14:49:56.0859 3888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:49:56.0859 3888 usbhub - ok
    14:49:56.0953 3888 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:49:56.0953 3888 usbprint - ok
    14:49:56.0984 3888 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:49:56.0984 3888 usbscan - ok
    14:49:57.0234 3888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:49:57.0234 3888 USBSTOR - ok
    14:49:57.0328 3888 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:49:57.0328 3888 usbuhci - ok
    14:49:57.0437 3888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:49:57.0437 3888 VgaSave - ok
    14:49:57.0453 3888 ViaIde - ok
    14:49:57.0515 3888 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:49:57.0515 3888 VolSnap - ok
    14:49:57.0765 3888 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    14:49:57.0828 3888 w29n51 - ok
    14:49:58.0140 3888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:49:58.0140 3888 Wanarp - ok
    14:49:58.0218 3888 WDICA - ok
    14:49:58.0265 3888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:49:58.0265 3888 wdmaud - ok
    14:49:58.0375 3888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:49:58.0375 3888 WudfPf - ok
    14:49:58.0437 3888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:49:58.0437 3888 WudfRd - ok
    14:49:58.0484 3888 MBR (0x1B8) (2a38a2f9deea228d8e1783700ed15448) \Device\Harddisk0\DR0
    14:49:58.0484 3888 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
    14:49:58.0484 3888 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    14:49:58.0484 3888 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
    14:49:58.0500 3888 \Device\Harddisk1\DR4 - ok
    14:49:58.0500 3888 Boot (0x1200) (e5eced1a9b55285b81e708762ed70007) \Device\Harddisk0\DR0\Partition0
    14:49:58.0500 3888 \Device\Harddisk0\DR0\Partition0 - ok
    14:49:58.0500 3888 Boot (0x1200) (a5dbc6b2bb2c052ab57592b83b4af2cd) \Device\Harddisk1\DR4\Partition0
    14:49:58.0500 3888 \Device\Harddisk1\DR4\Partition0 - ok
    14:49:58.0515 3888 ============================================================
    14:49:58.0515 3888 Scan finished
    14:49:58.0515 3888 ============================================================
    14:49:58.0515 3880 Detected object count: 1
    14:49:58.0515 3880 Actual detected object count: 1
    14:50:13.0734 3880 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
    14:50:13.0734 3880 \Device\Harddisk0\DR0 - ok
    14:50:13.0734 3880 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
    14:50:16.0421 3812 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Post fresh GMER log.
     
  5. quattttro

    quattttro TS Rookie Topic Starter

    thanks again!

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-06 16:54:07
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8026GAX rev.PA000U
    Running: e8fz6uh6.exe; Driver: C:\DOCUME~1\ERegan\LOCALS~1\Temp\pgldypog.sys


    ---- System - GMER 1.0.15 ----

    Code ACF235C1 KeFindConfigurationEntry

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Is the computer doing better?

    See if you can update and run Malwarebytes now.
    "Quick scan" will be fine.
    Post fresh log.
     
  7. quattttro

    quattttro TS Rookie Topic Starter

    Yes, much better. I installed Avira Free and uninstalled an old version of Norton that the owner had installed, before that fresh GMER log. It ran a scan and found 50 odd infections and quarantined them. Sorry for adding an 'unauthorized' step.

    Windows Updates are working as is Malwarebytes. I will post a log when the scan is completed.
     
  8. quattttro

    quattttro TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7888

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/6/2011 5:13:50 PM
    mbam-log-2011-10-06 (17-13-50).txt

    Scan type: Quick scan
    Objects scanned: 200170
    Time elapsed: 5 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. quattttro

    quattttro TS Rookie Topic Starter

    I've tried all your methods for running ComboFix, however, it always stalls (no disk activity) about two minutes after the scan begins. I tried safemode, renaming, and RKILL. Is this a necessary step?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. quattttro

    quattttro TS Rookie Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-07 10:23:05
    -----------------------------
    10:23:05.093 OS Version: Windows 5.1.2600 Service Pack 3
    10:23:05.093 Number of processors: 1 586 0xD08
    10:23:05.093 ComputerName: VP-11 UserName:
    10:23:06.000 Initialize success
    10:33:59.218 AVAST engine defs: 11100700
    10:34:12.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    10:34:12.421 Disk 0 Vendor: TOSHIBA_MK8026GAX PA000U Size: 76128MB BusType: 3
    10:34:14.453 Disk 0 MBR read successfully
    10:34:14.453 Disk 0 MBR scan
    10:34:14.546 Disk 0 unknown MBR code
    10:34:14.546 Disk 0 scanning sectors +155910825
    10:34:14.593 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:34:33.671 Service scanning
    10:34:34.937 Modules scanning
    10:34:40.718 Disk 0 trace - called modules:
    10:34:40.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    10:34:40.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ccab8]
    10:34:40.734 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8aa02a00]
    10:34:40.734 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a997d98]
    10:34:41.406 AVAST engine scan C:\WINDOWS
    10:35:11.500 AVAST engine scan C:\WINDOWS\system32
    10:37:49.984 AVAST engine scan C:\WINDOWS\system32\drivers
    10:38:09.906 AVAST engine scan C:\Documents and Settings\ERegan
    10:41:27.125 AVAST engine scan C:\Documents and Settings\All Users
    10:41:57.859 Scan finished successfully
    10:43:37.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ERegan\Desktop\MBR.dat"
    10:43:37.968 The log file has been saved successfully to "C:\Documents and Settings\ERegan\Desktop\aswMBR.txt"
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    (as my instructions say).

    Go Start>Run and paste this command to run Combofix:
    "%userprofile%\desktop\ComboFix.exe" /KillAll
    Click OK.

    If the above doesn't work try this command:
    "%userprofile%\desktop\ComboFix.exe" /nombr
    Click OK.

    If still no go, try both commands in Safe Mode.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...