Jump to content

MalwareBytes Program will not run.


Recommended Posts

Malwarebytes starts to install and gets to the finish were it says update and launch program. It then does nothing. The desktop icon is created but it neither launches the program nor updates. I then try to open the program via the desktop icon and the eggtimer appears for a few seconds and nothing, the program doesn't run.

I've tried the usual rename the .exe installer to my name and then run, same result. I've renamed the mbam.exe to my name and it still won't run.

I've ran other programs, Ad-aware, AVG,Spybot S&D, Superantispyware, and Stinger. No malware/virus is detected.

This is on a laptop running Windows XP Pro, I have MalwareBytes running on my Win 7 laptop ok.

Below is the log from Hiijack This. Any help appreciated.

Rgds

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:46:53, on 06/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\csrss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\AVG\AVG9\avgchsvx.exe

I:\Program Files\AVG\AVG9\avgrsx.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\AVG\AVG9\avgcsrvx.exe

I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\SUPERAntiSpyware\SASCORE.EXE

I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

I:\Program Files\AVG\AVG9\avgwdsvc.exe

I:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\GEARSec.exe

I:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

I:\Program Files\AVG\AVG9\avgnsx.exe

I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

I:\WINDOWS\system32\nvsvc32.exe

I:\WINDOWS\system32\slserv.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

I:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

I:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

I:\Program Files\Windows Home Server\WHSConnector.exe

I:\WINDOWS\system32\wuauclt.exe

I:\WINDOWS\system32\wscntfy.exe

I:\WINDOWS\Explorer.EXE

I:\WINDOWS\mHotkey.exe

I:\Program Files\Synaptics\SynTP\SynTPLpr.exe

I:\Program Files\Synaptics\SynTP\SynTPEnh.exe

I:\WINDOWS\system32\rundll32.exe

I:\WINDOWS\SOUNDMAN.EXE

I:\PROGRA~1\AVG\AVG9\avgtray.exe

I:\WINDOWS\CY_BG.EXE

I:\Program Files\iTunes\iTunesHelper.exe

I:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

I:\Program Files\Logitech\SetPointP\SetPoint.exe

I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

I:\WINDOWS\system32\ctfmon.exe

I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

I:\Program Files\Windows Home Server\WHSTrayApp.exe

I:\Program Files\WinZip\WZQKPICK.EXE

I:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

I:\WINDOWS\system32\wbem\unsecapp.exe

I:\Program Files\iPod\bin\iPodService.exe

I:\WINDOWS\system32\wbem\wmiprvse.exe

I:\WINDOWS\System32\alg.exe

I:\Program Files\Trusteer\Rapport\bin\RapportService.exe

I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

I:\Program Files\Internet Explorer\iexplore.exe

I:\Program Files\Internet Explorer\iexplore.exe

I:\Program Files\Internet Explorer\iexplore.exe

I:\Program Files\Internet Explorer\iexplore.exe

I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - I:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - I:\Program Files\Windows Home Server\WHSDeskBands.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - I:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - I:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - I:\Program Files\Windows Home Server\WHSDeskBands.dll

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [synTPLpr] I:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] I:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] I:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] I:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVG9_TRAY] I:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [CY_BG] I:\WINDOWS\CY_BG.EXE

O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EvtMgr6] I:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "I:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Home Server.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - ?s=100000338&p=ZJman000&si=&a=K9Bcsb5GMxRTizySAdTi6w&n=2010080710

O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O8 - Extra context menu item: Send To &Bluetooth - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - I:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279121165921

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - I:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - I:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - I:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)

O23 - Service: GEARSecurity - GEAR Software - I:\WINDOWS\System32\GEARSec.exe

O23 - Service: HPMSSConnectorService (HPMSSConnectorSvc) - HP - I:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - I:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: MediaCollectorService - Hewlett-Packard Company - I:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SmartLinkService (SLService) - - I:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: V2i Protector - PowerQuest Corporation - I:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - I:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 13620 bytes

hijackthis.log

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello mckibbenw and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Adaware icon in the system tray and select Exit.

(you may need to do this after every reboot)

-------------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

-------------

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • DDS logfile
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hi There,

The DDS program, gets to about 75% of #'s across the dos window and then just hangs.

I have to force shutdown the laptop.

The Security check results are below. I've even tried a dos avirus scan and it finds nothing. Maybe. I'll have to bit the bullet and fdisk the laptop and clean install windows?

Cheers

Bill

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! BART CD Manager

ZoneAlarm Spy Blocker

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

MVPS Hosts File

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Windows Defender MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

Let's try the following:

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Skip, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
----------
In your next reply, please include:
  • C:\ComboFix.txt
  • TDSSKiller log

How is your computer running now?

Link to post
Share on other sites

Hi,,

tddskiller log below.

Combofix starts to run in the dos window but then stalls.No report generated.

The laptop runs ok in every other espect, it just won't run Malwarebytes, although it runs other malware programs. And I've found no virus etc .

Thanks

2011/08/20 21:51:36.0031 0352 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17

2011/08/20 21:51:36.0234 0352 ================================================================================

2011/08/20 21:51:36.0234 0352 SystemInfo:

2011/08/20 21:51:36.0234 0352

2011/08/20 21:51:36.0234 0352 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/20 21:51:36.0234 0352 Product type: Workstation

2011/08/20 21:51:36.0234 0352 ComputerName: BILL-72784B632A

2011/08/20 21:51:36.0234 0352 UserName: Bill

2011/08/20 21:51:36.0234 0352 Windows directory: I:\WINDOWS

2011/08/20 21:51:36.0234 0352 System windows directory: I:\WINDOWS

2011/08/20 21:51:36.0250 0352 Processor architecture: Intel x86

2011/08/20 21:51:36.0250 0352 Number of processors: 2

2011/08/20 21:51:36.0250 0352 Page size: 0x1000

2011/08/20 21:51:36.0250 0352 Boot type: Normal boot

2011/08/20 21:51:36.0250 0352 ================================================================================

2011/08/20 21:51:36.0640 0352 !crdlk

2011/08/20 21:51:36.0765 0352 Initialize success

2011/08/20 21:51:38.0625 3904 ================================================================================

2011/08/20 21:51:38.0625 3904 Scan started

2011/08/20 21:51:38.0625 3904 Mode: Manual;

2011/08/20 21:51:38.0625 3904 ================================================================================

2011/08/20 21:51:46.0718 3904 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/20 21:51:46.0859 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/08/20 21:51:46.0968 3904 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys

2011/08/20 21:51:47.0031 3904 AFD (355556d9e580915118cd7ef736653a89) I:\WINDOWS\System32\drivers\afd.sys

2011/08/20 21:51:47.0218 3904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) I:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/20 21:51:47.0406 3904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/20 21:51:47.0453 3904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/20 21:51:47.0531 3904 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/20 21:51:47.0593 3904 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/20 21:51:47.0640 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys

2011/08/20 21:51:47.0718 3904 BthEnum (b279426e3c0c344893ed78a613a73bde) I:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/08/20 21:51:47.0781 3904 BthPan (80602b8746d3738f5886ce3d67ef06b6) I:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/08/20 21:51:47.0843 3904 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) I:\WINDOWS\system32\Drivers\BTHport.sys

2011/08/20 21:51:47.0875 3904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) I:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/08/20 21:51:48.0015 3904 Cam5603D (f4af9d4771d2dc5f5c5875c83b39c43d) I:\WINDOWS\system32\Drivers\BisonCam.sys

2011/08/20 21:51:48.0062 3904 Cap7134 (771a0858d5394732aee46912301ac965) I:\WINDOWS\system32\DRIVERS\Cap7134.sys

2011/08/20 21:51:48.0125 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/20 21:51:48.0156 3904 CCDECODE (0be5aef125be881c4f854c554f2b025c) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/08/20 21:51:48.0218 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/20 21:51:48.0265 3904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/20 21:51:48.0281 3904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/20 21:51:48.0343 3904 CmBatt (0f6c187d38d98f8df904589a5f94d411) I:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/20 21:51:48.0390 3904 Compbatt (6e4c9f21f0fae8940661144f41b13203) I:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/20 21:51:48.0484 3904 CY_FX_AT (e4bcccfaedc09a4a31120ccc5fabab06) I:\WINDOWS\system32\DRIVERS\CY_FX_AT.SYS

2011/08/20 21:51:48.0546 3904 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/20 21:51:48.0656 3904 DLABMFSM (e328f653bb38dca443b6b5c209550f16) I:\WINDOWS\system32\DLA\DLABMFSM.SYS

2011/08/20 21:51:48.0703 3904 DLABOIOM (5324fbe31307eddd03df5539225454c8) I:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/08/20 21:51:48.0734 3904 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) I:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/08/20 21:51:48.0781 3904 DLADResM (29d4dd39678bda04d76e6ddb56355c21) I:\WINDOWS\system32\DLA\DLADResM.SYS

2011/08/20 21:51:48.0812 3904 DLAIFS_M (b89653704319073f71311a676baf70d4) I:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/08/20 21:51:48.0828 3904 DLAOPIOM (e08f04c7f7e0c31c9ac928abac9d0193) I:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/08/20 21:51:48.0859 3904 DLAPoolM (daa942572d1b3393040209bf5eadf4a8) I:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/08/20 21:51:48.0890 3904 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) I:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/08/20 21:51:48.0921 3904 DLAUDFAM (e1160a37a6f1a7607510744267501836) I:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/08/20 21:51:48.0937 3904 DLAUDF_M (26dad89dc9de1f7f4990849bc5731d03) I:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/08/20 21:51:48.0984 3904 DLPortIO (1d95d36db805787d54eb50e45ed4af40) I:\WINDOWS\system32\drivers\DLPortIO.sys

2011/08/20 21:51:49.0031 3904 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys

2011/08/20 21:51:49.0062 3904 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys

2011/08/20 21:51:49.0109 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys

2011/08/20 21:51:49.0140 3904 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys

2011/08/20 21:51:49.0203 3904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/20 21:51:49.0218 3904 DRVMCDB (c00440385cf9f3d142917c63f989e244) I:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/08/20 21:51:49.0250 3904 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) I:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/08/20 21:51:49.0312 3904 EZUSB (3501a9554b5c584a102b2c66f95916dc) I:\WINDOWS\system32\Drivers\ezusb.sys

2011/08/20 21:51:49.0359 3904 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/20 21:51:49.0406 3904 fasttx2k (3acbc73531dedd69837fe73b1623d49c) I:\WINDOWS\system32\drivers\fasttx2k.sys

2011/08/20 21:51:49.0437 3904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/20 21:51:49.0468 3904 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys

2011/08/20 21:51:49.0500 3904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/20 21:51:49.0546 3904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/20 21:51:49.0578 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/20 21:51:49.0640 3904 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) I:\WINDOWS\system32\drivers\ftdibus.sys

2011/08/20 21:51:49.0671 3904 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/20 21:51:49.0718 3904 FTEVTNTF (6d9637847b5d04357e0368a1e0302ea8) I:\WINDOWS\system32\drivers\FTEVTNTF.sys

2011/08/20 21:51:49.0796 3904 FTSER2K (596d31583ce332b5514520d74837f434) I:\WINDOWS\system32\drivers\ftser2k.sys

2011/08/20 21:51:49.0828 3904 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) I:\WINDOWS\gdrv.sys

2011/08/20 21:51:49.0906 3904 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/20 21:51:49.0937 3904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/20 21:51:50.0000 3904 HdAudAddService (9131ede087af04a7d80f7ebadc164254) I:\WINDOWS\system32\drivers\HdAudio.sys

2011/08/20 21:51:50.0031 3904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/20 21:51:50.0093 3904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/20 21:51:50.0187 3904 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/20 21:51:50.0281 3904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/20 21:51:50.0375 3904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/20 21:51:50.0546 3904 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) I:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/08/20 21:51:50.0609 3904 IntelIde (b5466a9250342a7aa0cd1fba13420678) I:\WINDOWS\system32\DRIVERS\intelide.sys

2011/08/20 21:51:50.0656 3904 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/20 21:51:50.0703 3904 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) I:\WINDOWS\system32\drivers\io.sys

2011/08/20 21:51:50.0750 3904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/20 21:51:50.0796 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/20 21:51:50.0859 3904 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/20 21:51:50.0906 3904 IPN2220 (d6b68a4dd9f8e5147604e27cf0841109) I:\WINDOWS\system32\DRIVERS\i2220ntx.sys

2011/08/20 21:51:50.0953 3904 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/20 21:51:50.0984 3904 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/20 21:51:51.0015 3904 irda (aca5e7b54409f9cb5eed97ed0c81120e) I:\WINDOWS\system32\DRIVERS\irda.sys

2011/08/20 21:51:51.0031 3904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/20 21:51:51.0062 3904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/20 21:51:51.0140 3904 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) I:\Program Files\UltraISO\drivers\ISODrive.sys

2011/08/20 21:51:51.0187 3904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/20 21:51:51.0250 3904 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys

2011/08/20 21:51:51.0296 3904 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/20 21:51:51.0390 3904 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) I:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/08/20 21:51:51.0421 3904 Lbd (336abe8721cbc3110f1c6426da633417) I:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/08/20 21:51:51.0468 3904 LBeepKE (5644acfa1b281ce2212353552147d1a0) I:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/08/20 21:51:51.0515 3904 LHidFilt (05d6b85ecc3204931923ab7940b9596e) I:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/08/20 21:51:51.0546 3904 LMouFilt (053dbcc1082fdf74ab145a71917a6556) I:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/08/20 21:51:51.0640 3904 m5281 (92ea3d2475b206ec8814d8ba203ca30f) I:\WINDOWS\system32\DRIVERS\m5281.sys

2011/08/20 21:51:51.0734 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/20 21:51:51.0765 3904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys

2011/08/20 21:51:51.0828 3904 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) I:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/08/20 21:51:51.0890 3904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/20 21:51:51.0921 3904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/20 21:51:52.0000 3904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/20 21:51:52.0046 3904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/20 21:51:52.0093 3904 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/20 21:51:52.0125 3904 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys

2011/08/20 21:51:52.0171 3904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/20 21:51:52.0187 3904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/20 21:51:52.0218 3904 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/20 21:51:52.0265 3904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/20 21:51:52.0312 3904 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) I:\WINDOWS\system32\drivers\MSTEE.sys

2011/08/20 21:51:52.0359 3904 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) I:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys

2011/08/20 21:51:52.0453 3904 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) I:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys

2011/08/20 21:51:52.0515 3904 Mup (de6a75f5c270e756c5508d94b6cf68f5) I:\WINDOWS\system32\drivers\Mup.sys

2011/08/20 21:51:52.0546 3904 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/08/20 21:51:52.0625 3904 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys

2011/08/20 21:51:52.0671 3904 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) I:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/08/20 21:51:52.0703 3904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) I:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/20 21:51:52.0734 3904 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/20 21:51:52.0750 3904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/20 21:51:52.0781 3904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/20 21:51:52.0812 3904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/20 21:51:52.0859 3904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/20 21:51:52.0937 3904 NETMW145 (ac306c08f2c936cb87c12fda0c227456) I:\WINDOWS\system32\DRIVERS\NETMW145.sys

2011/08/20 21:51:52.0984 3904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) I:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/20 21:51:53.0031 3904 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys

2011/08/20 21:51:53.0078 3904 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) I:\WINDOWS\system32\DRIVERS\nscirda.sys

2011/08/20 21:51:53.0093 3904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/20 21:51:53.0140 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys

2011/08/20 21:51:53.0250 3904 nv (ab1fd9eb3f2295527954d6538648bd2d) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/08/20 21:51:53.0406 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/20 21:51:53.0453 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/20 21:51:53.0484 3904 ohci1394 (ca33832df41afb202ee7aeb05145922f) I:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/20 21:51:53.0531 3904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/20 21:51:53.0578 3904 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/20 21:51:53.0656 3904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/20 21:51:53.0718 3904 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/20 21:51:53.0781 3904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/20 21:51:53.0812 3904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/08/20 21:51:53.0859 3904 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) I:\WINDOWS\system32\drivers\PCTCore.sys

2011/08/20 21:51:54.0031 3904 pfc (6c1618a07b49e3873582b6449e744088) I:\WINDOWS\system32\drivers\pfc.sys

2011/08/20 21:51:54.0078 3904 PhTVTune (fe5680f1a4bae278a12f7af6275ebf8f) I:\WINDOWS\system32\DRIVERS\PhTVTune.sys

2011/08/20 21:51:54.0187 3904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/20 21:51:54.0234 3904 PQIMount (9bf6e49f3e6e2a718a7aed31c8d5ec9e) I:\WINDOWS\system32\drivers\PQIMount.sys

2011/08/20 21:51:54.0281 3904 PQNTDrv (b26019a686d36e22f954e67c8fec4297) I:\WINDOWS\system32\drivers\PQNTDrv.sys

2011/08/20 21:51:54.0453 3904 PQV2i (c955621ef91c1b1409d1a692d1cb3686) I:\WINDOWS\system32\drivers\PQV2i.sys

2011/08/20 21:51:54.0484 3904 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/20 21:51:54.0531 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/20 21:51:54.0546 3904 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) I:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/20 21:51:54.0812 3904 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) I:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys

2011/08/20 21:51:54.0890 3904 RapportEI (d299e4973da2dc9ded9066232e99e3d2) I:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

2011/08/20 21:51:54.0937 3904 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) I:\WINDOWS\system32\Drivers\RapportKELL.sys

2011/08/20 21:51:54.0953 3904 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) I:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2011/08/20 21:51:54.0984 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/20 21:51:55.0031 3904 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) I:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/08/20 21:51:55.0062 3904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/20 21:51:55.0109 3904 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/20 21:51:55.0125 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/20 21:51:55.0203 3904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/20 21:51:55.0234 3904 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/20 21:51:55.0281 3904 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/20 21:51:55.0453 3904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) I:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/20 21:51:55.0531 3904 RecAgent (f846aa089b10316d982f24322e15346b) I:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys

2011/08/20 21:51:55.0546 3904 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/20 21:51:55.0609 3904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) I:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/08/20 21:51:55.0703 3904 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) I:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/08/20 21:51:55.0765 3904 SASDIFSV (39763504067962108505bff25f024345) I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/08/20 21:51:55.0781 3904 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/08/20 21:51:55.0906 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/20 21:51:55.0953 3904 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/20 21:51:56.0000 3904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) I:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/20 21:51:56.0093 3904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/08/20 21:51:56.0156 3904 SI3112 (20655e752703cbf3a70aa164806a0d72) I:\WINDOWS\system32\DRIVERS\SI3112.sys

2011/08/20 21:51:56.0171 3904 SiFilter (14ecbdb9a9dd896a5ea5cbdc725b11e5) I:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/08/20 21:51:56.0218 3904 SiRemFil (25d81dc8421bf01ee4c7d31167bfff07) I:\WINDOWS\system32\DRIVERS\SiRemFil.sys

2011/08/20 21:51:56.0250 3904 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) I:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys

2011/08/20 21:51:56.0296 3904 SLIP (866d538ebe33709a5c9f5c62b73b7d14) I:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/08/20 21:51:56.0328 3904 SlNtHal (a2b07b03c7964a945a796632817d6b7f) I:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys

2011/08/20 21:51:56.0359 3904 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) I:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys

2011/08/20 21:51:56.0421 3904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys

2011/08/20 21:51:56.0453 3904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/20 21:51:56.0484 3904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) I:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/20 21:51:56.0531 3904 streamip (77813007ba6265c4b6098187e6ed79d2) I:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/08/20 21:51:56.0562 3904 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/20 21:51:56.0593 3904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys

2011/08/20 21:51:56.0812 3904 SynTP (062e75f20d9bdca40344d85262f74748) I:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/08/20 21:51:56.0843 3904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/20 21:51:56.0906 3904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/20 21:51:56.0937 3904 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/20 21:51:57.0000 3904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/20 21:51:57.0031 3904 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/20 21:51:57.0140 3904 tunmp (8f861eda21c05857eb8197300a92501c) I:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/08/20 21:51:57.0187 3904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys

2011/08/20 21:51:57.0265 3904 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys

2011/08/20 21:51:57.0562 3904 USBAAPL (1df89c499bf45d878b87ebd4421d462d) I:\WINDOWS\system32\Drivers\usbaapl.sys

2011/08/20 21:51:57.0625 3904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/20 21:51:57.0671 3904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/20 21:51:57.0734 3904 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/20 21:51:57.0781 3904 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/20 21:51:57.0859 3904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/20 21:51:57.0921 3904 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/20 21:51:57.0968 3904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) I:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/20 21:51:58.0015 3904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys

2011/08/20 21:51:58.0093 3904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/20 21:51:58.0125 3904 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/20 21:51:58.0203 3904 Wdf01000 (fd47474bd21794508af449d9d91af6e6) I:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/08/20 21:51:58.0281 3904 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/20 21:51:58.0359 3904 WinDriver6 (2c7d830e86b378771af5dafeae428a09) I:\WINDOWS\system32\drivers\windrvr6.sys

2011/08/20 21:51:58.0500 3904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) I:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/08/20 21:51:58.0531 3904 WSTCODEC (c98b39829c2bbd34e454150633c62c78) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/08/20 21:51:58.0656 3904 WudfPf (f15feafffbb3644ccc80c5da584e6311) I:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/20 21:51:58.0687 3904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) I:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/20 21:51:58.0781 3904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/20 21:51:58.0843 3904 Boot (0x1200) (383ceb2a97b7c1e8a6954a46d5ab853c) \Device\Harddisk0\DR0\Partition0

2011/08/20 21:51:58.0843 3904 ================================================================================

2011/08/20 21:51:58.0843 3904 Scan finished

2011/08/20 21:51:58.0843 3904 ================================================================================

2011/08/20 21:51:58.0859 3256 Detected object count: 0

2011/08/20 21:51:58.0859 3256 Actual detected object count: 0

Link to post
Share on other sites

Try running ComboFix in Safe Mode:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then locate and run ComboFix.exe. If successful, please post the log it creates in your next reply :)

Link to post
Share on other sites

It could be the way the laptop RAID is setup and also the drive is I: and not C: as normal?

Possibly, but ComboFix not running is usually a sign of serious malware on the system.

Its up to you if you would like us to proceed further. Let me know of your choice ;)

Link to post
Share on other sites

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

Hi there,

Avira Antivir found nothing.

Dr Web Live has found Trojan.Muldrop2.44246, hiding in sys volinformation_restore. It's 5 hours into the scan and not finished yet.

I intend to use all the boot scanners you recomend and I'll update you tomm.

It's a good job I took your advice and carried on !!

Thanks

Link to post
Share on other sites

Are you getting any specific error codes? Also, are you running it from an admin account?

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

Link to post
Share on other sites

Hi,

No error codes. Just the eggtimer for a few seconds then nothing, dosen't start. Yes it's an Administrator account.

DDS runs but hangs at the below screen, no logfile/report is produced, no matter how long you wait.

As per the instructions you would have received, kindly ensure any onboard

script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

##################################################

Link to post
Share on other sites

Hmmm... Download a new TDSSKiller from here http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Please run it and post the log it creates using the instructions found here http://forums.malwarebytes.org/index.php?showtopic=91782&view=findpost&p=467597

Link to post
Share on other sites

Hi,

See TDSSKiller log below:

2011/08/31 17:25:08.0843 4072 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/31 17:25:09.0000 4072 ================================================================================

2011/08/31 17:25:09.0000 4072 SystemInfo:

2011/08/31 17:25:09.0000 4072

2011/08/31 17:25:09.0000 4072 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/31 17:25:09.0000 4072 Product type: Workstation

2011/08/31 17:25:09.0000 4072 ComputerName: BILL-72784B632A

2011/08/31 17:25:09.0000 4072 UserName: Bill

2011/08/31 17:25:09.0000 4072 Windows directory: I:\WINDOWS

2011/08/31 17:25:09.0000 4072 System windows directory: I:\WINDOWS

2011/08/31 17:25:09.0000 4072 Processor architecture: Intel x86

2011/08/31 17:25:09.0000 4072 Number of processors: 2

2011/08/31 17:25:09.0000 4072 Page size: 0x1000

2011/08/31 17:25:09.0000 4072 Boot type: Normal boot

2011/08/31 17:25:09.0000 4072 ================================================================================

2011/08/31 17:25:10.0812 4072 !crdlk

2011/08/31 17:25:10.0937 4072 Initialize success

2011/08/31 17:25:15.0906 1168 ================================================================================

2011/08/31 17:25:15.0906 1168 Scan started

2011/08/31 17:25:15.0906 1168 Mode: Manual;

2011/08/31 17:25:15.0906 1168 ================================================================================

2011/08/31 17:25:16.0906 1168 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/31 17:25:17.0000 1168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/08/31 17:25:17.0062 1168 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys

2011/08/31 17:25:17.0171 1168 AFD (355556d9e580915118cd7ef736653a89) I:\WINDOWS\System32\drivers\afd.sys

2011/08/31 17:25:17.0359 1168 Arp1394 (b5b8a80875c1dededa8b02765642c32f) I:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/31 17:25:17.0453 1168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/31 17:25:17.0500 1168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/31 17:25:17.0609 1168 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/31 17:25:17.0671 1168 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/31 17:25:17.0750 1168 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys

2011/08/31 17:25:17.0843 1168 BthEnum (b279426e3c0c344893ed78a613a73bde) I:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/08/31 17:25:17.0921 1168 BthPan (80602b8746d3738f5886ce3d67ef06b6) I:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/08/31 17:25:17.0953 1168 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) I:\WINDOWS\system32\Drivers\BTHport.sys

2011/08/31 17:25:17.0984 1168 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) I:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/08/31 17:25:18.0093 1168 Cam5603D (f4af9d4771d2dc5f5c5875c83b39c43d) I:\WINDOWS\system32\Drivers\BisonCam.sys

2011/08/31 17:25:18.0203 1168 Cap7134 (771a0858d5394732aee46912301ac965) I:\WINDOWS\system32\DRIVERS\Cap7134.sys

2011/08/31 17:25:18.0515 1168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/31 17:25:18.0562 1168 CCDECODE (0be5aef125be881c4f854c554f2b025c) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/08/31 17:25:18.0640 1168 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/31 17:25:18.0656 1168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/31 17:25:18.0687 1168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/31 17:25:18.0750 1168 CmBatt (0f6c187d38d98f8df904589a5f94d411) I:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/31 17:25:18.0781 1168 Compbatt (6e4c9f21f0fae8940661144f41b13203) I:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/31 17:25:18.0859 1168 CY_FX_AT (e4bcccfaedc09a4a31120ccc5fabab06) I:\WINDOWS\system32\DRIVERS\CY_FX_AT.SYS

2011/08/31 17:25:18.0937 1168 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/31 17:25:19.0000 1168 DLABMFSM (e328f653bb38dca443b6b5c209550f16) I:\WINDOWS\system32\DLA\DLABMFSM.SYS

2011/08/31 17:25:19.0015 1168 DLABOIOM (5324fbe31307eddd03df5539225454c8) I:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/08/31 17:25:19.0031 1168 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) I:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/08/31 17:25:19.0046 1168 DLADResM (29d4dd39678bda04d76e6ddb56355c21) I:\WINDOWS\system32\DLA\DLADResM.SYS

2011/08/31 17:25:19.0078 1168 DLAIFS_M (b89653704319073f71311a676baf70d4) I:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/08/31 17:25:19.0093 1168 DLAOPIOM (e08f04c7f7e0c31c9ac928abac9d0193) I:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/08/31 17:25:19.0109 1168 DLAPoolM (daa942572d1b3393040209bf5eadf4a8) I:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/08/31 17:25:19.0125 1168 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) I:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/08/31 17:25:19.0140 1168 DLAUDFAM (e1160a37a6f1a7607510744267501836) I:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/08/31 17:25:19.0156 1168 DLAUDF_M (26dad89dc9de1f7f4990849bc5731d03) I:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/08/31 17:25:19.0218 1168 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys

2011/08/31 17:25:19.0250 1168 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys

2011/08/31 17:25:19.0281 1168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys

2011/08/31 17:25:19.0328 1168 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys

2011/08/31 17:25:19.0375 1168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/31 17:25:19.0390 1168 DRVMCDB (c00440385cf9f3d142917c63f989e244) I:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/08/31 17:25:19.0406 1168 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) I:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/08/31 17:25:19.0500 1168 EZUSB (3501a9554b5c584a102b2c66f95916dc) I:\WINDOWS\system32\Drivers\ezusb.sys

2011/08/31 17:25:19.0531 1168 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/31 17:25:19.0609 1168 fasttx2k (3acbc73531dedd69837fe73b1623d49c) I:\WINDOWS\system32\drivers\fasttx2k.sys

2011/08/31 17:25:19.0656 1168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/31 17:25:19.0671 1168 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys

2011/08/31 17:25:19.0687 1168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/31 17:25:19.0734 1168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/31 17:25:19.0796 1168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/31 17:25:19.0843 1168 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) I:\WINDOWS\system32\drivers\ftdibus.sys

2011/08/31 17:25:19.0875 1168 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/31 17:25:19.0921 1168 FTEVTNTF (6d9637847b5d04357e0368a1e0302ea8) I:\WINDOWS\system32\drivers\FTEVTNTF.sys

2011/08/31 17:25:19.0968 1168 FTSER2K (596d31583ce332b5514520d74837f434) I:\WINDOWS\system32\drivers\ftser2k.sys

2011/08/31 17:25:20.0046 1168 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) I:\WINDOWS\gdrv.sys

2011/08/31 17:25:21.0312 1168 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/31 17:25:21.0343 1168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/31 17:25:21.0437 1168 HdAudAddService (9131ede087af04a7d80f7ebadc164254) I:\WINDOWS\system32\drivers\HdAudio.sys

2011/08/31 17:25:21.0484 1168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/31 17:25:21.0546 1168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/31 17:25:21.0671 1168 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/31 17:25:21.0781 1168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/31 17:25:21.0812 1168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/31 17:25:21.0968 1168 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) I:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/08/31 17:25:22.0015 1168 IntelIde (b5466a9250342a7aa0cd1fba13420678) I:\WINDOWS\system32\DRIVERS\intelide.sys

2011/08/31 17:25:22.0046 1168 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/31 17:25:22.0109 1168 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) I:\WINDOWS\system32\drivers\io.sys

2011/08/31 17:25:22.0171 1168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/31 17:25:22.0218 1168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/31 17:25:22.0265 1168 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/31 17:25:22.0312 1168 IPN2220 (d6b68a4dd9f8e5147604e27cf0841109) I:\WINDOWS\system32\DRIVERS\i2220ntx.sys

2011/08/31 17:25:22.0359 1168 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/31 17:25:22.0421 1168 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/31 17:25:22.0468 1168 irda (aca5e7b54409f9cb5eed97ed0c81120e) I:\WINDOWS\system32\DRIVERS\irda.sys

2011/08/31 17:25:22.0515 1168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/31 17:25:22.0531 1168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/31 17:25:22.0687 1168 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) I:\Program Files\UltraISO\drivers\ISODrive.sys

2011/08/31 17:25:22.0703 1168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/31 17:25:22.0750 1168 kbdhid (9ef487a186dea361aa06913a75b3fa99) I:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/08/31 17:25:22.0843 1168 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys

2011/08/31 17:25:22.0890 1168 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/31 17:25:23.0078 1168 LBeepKE (5644acfa1b281ce2212353552147d1a0) I:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/08/31 17:25:23.0296 1168 LHidFilt (05d6b85ecc3204931923ab7940b9596e) I:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/08/31 17:25:23.0390 1168 LMouFilt (053dbcc1082fdf74ab145a71917a6556) I:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/08/31 17:25:23.0437 1168 m5281 (92ea3d2475b206ec8814d8ba203ca30f) I:\WINDOWS\system32\DRIVERS\m5281.sys

2011/08/31 17:25:23.0500 1168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/31 17:25:23.0593 1168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys

2011/08/31 17:25:23.0656 1168 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) I:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/08/31 17:25:23.0718 1168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/31 17:25:23.0765 1168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/31 17:25:23.0796 1168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/31 17:25:23.0906 1168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/31 17:25:24.0000 1168 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/31 17:25:24.0078 1168 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys

2011/08/31 17:25:24.0125 1168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/31 17:25:24.0171 1168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/31 17:25:24.0187 1168 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/31 17:25:24.0234 1168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/31 17:25:24.0265 1168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) I:\WINDOWS\system32\drivers\MSTEE.sys

2011/08/31 17:25:24.0328 1168 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) I:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys

2011/08/31 17:25:24.0406 1168 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) I:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys

2011/08/31 17:25:24.0468 1168 Mup (de6a75f5c270e756c5508d94b6cf68f5) I:\WINDOWS\system32\drivers\Mup.sys

2011/08/31 17:25:24.0500 1168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/08/31 17:25:24.0593 1168 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys

2011/08/31 17:25:24.0656 1168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) I:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/08/31 17:25:24.0703 1168 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) I:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/31 17:25:24.0718 1168 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/31 17:25:24.0750 1168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/31 17:25:24.0781 1168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/31 17:25:24.0796 1168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/31 17:25:24.0843 1168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/31 17:25:24.0937 1168 NETMW145 (ac306c08f2c936cb87c12fda0c227456) I:\WINDOWS\system32\DRIVERS\NETMW145.sys

2011/08/31 17:25:25.0000 1168 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) I:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/31 17:25:25.0015 1168 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys

2011/08/31 17:25:25.0046 1168 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) I:\WINDOWS\system32\DRIVERS\nscirda.sys

2011/08/31 17:25:25.0062 1168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/31 17:25:25.0156 1168 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys

2011/08/31 17:25:25.0312 1168 nv (ab1fd9eb3f2295527954d6538648bd2d) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/08/31 17:25:25.0453 1168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/31 17:25:25.0484 1168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/31 17:25:25.0500 1168 ohci1394 (ca33832df41afb202ee7aeb05145922f) I:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/31 17:25:25.0562 1168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/31 17:25:25.0609 1168 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/31 17:25:25.0687 1168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/31 17:25:25.0703 1168 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/31 17:25:25.0781 1168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/31 17:25:25.0812 1168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/08/31 17:25:25.0984 1168 pfc (6c1618a07b49e3873582b6449e744088) I:\WINDOWS\system32\drivers\pfc.sys

2011/08/31 17:25:26.0046 1168 PhTVTune (fe5680f1a4bae278a12f7af6275ebf8f) I:\WINDOWS\system32\DRIVERS\PhTVTune.sys

2011/08/31 17:25:26.0218 1168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/31 17:25:26.0281 1168 PQIMount (9bf6e49f3e6e2a718a7aed31c8d5ec9e) I:\WINDOWS\system32\drivers\PQIMount.sys

2011/08/31 17:25:26.0359 1168 PQNTDrv (b26019a686d36e22f954e67c8fec4297) I:\WINDOWS\system32\drivers\PQNTDrv.sys

2011/08/31 17:25:26.0421 1168 PQV2i (c955621ef91c1b1409d1a692d1cb3686) I:\WINDOWS\system32\drivers\PQV2i.sys

2011/08/31 17:25:26.0468 1168 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/31 17:25:26.0515 1168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/31 17:25:26.0609 1168 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) I:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/31 17:25:26.0781 1168 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) I:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys

2011/08/31 17:25:26.0828 1168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/31 17:25:26.0843 1168 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) I:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/08/31 17:25:26.0875 1168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/31 17:25:26.0890 1168 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/31 17:25:26.0906 1168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/31 17:25:26.0937 1168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/31 17:25:26.0968 1168 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/31 17:25:27.0062 1168 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/31 17:25:27.0171 1168 RDPWD (6728e45b66f93c08f11de2e316fc70dd) I:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/31 17:25:27.0203 1168 RecAgent (f846aa089b10316d982f24322e15346b) I:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys

2011/08/31 17:25:27.0218 1168 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/31 17:25:27.0281 1168 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) I:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/08/31 17:25:27.0359 1168 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) I:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/08/31 17:25:27.0421 1168 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/31 17:25:27.0468 1168 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/31 17:25:27.0484 1168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) I:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/31 17:25:27.0546 1168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/08/31 17:25:27.0625 1168 SI3112 (20655e752703cbf3a70aa164806a0d72) I:\WINDOWS\system32\DRIVERS\SI3112.sys

2011/08/31 17:25:27.0671 1168 SiFilter (14ecbdb9a9dd896a5ea5cbdc725b11e5) I:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/08/31 17:25:27.0718 1168 SiRemFil (25d81dc8421bf01ee4c7d31167bfff07) I:\WINDOWS\system32\DRIVERS\SiRemFil.sys

2011/08/31 17:25:27.0796 1168 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) I:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys

2011/08/31 17:25:27.0859 1168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) I:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/08/31 17:25:27.0906 1168 SlNtHal (a2b07b03c7964a945a796632817d6b7f) I:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys

2011/08/31 17:25:27.0937 1168 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) I:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys

2011/08/31 17:25:28.0031 1168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys

2011/08/31 17:25:28.0109 1168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/31 17:25:28.0218 1168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) I:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/31 17:25:28.0265 1168 streamip (77813007ba6265c4b6098187e6ed79d2) I:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/08/31 17:25:28.0312 1168 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/31 17:25:28.0359 1168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys

2011/08/31 17:25:28.0546 1168 SynTP (062e75f20d9bdca40344d85262f74748) I:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/08/31 17:25:28.0578 1168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/31 17:25:28.0671 1168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/31 17:25:28.0765 1168 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/31 17:25:28.0796 1168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/31 17:25:28.0843 1168 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/31 17:25:28.0953 1168 tunmp (8f861eda21c05857eb8197300a92501c) I:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/08/31 17:25:29.0031 1168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys

2011/08/31 17:25:29.0125 1168 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys

2011/08/31 17:25:29.0218 1168 USBAAPL (1df89c499bf45d878b87ebd4421d462d) I:\WINDOWS\system32\Drivers\usbaapl.sys

2011/08/31 17:25:29.0296 1168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/31 17:25:29.0343 1168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/31 17:25:29.0375 1168 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/31 17:25:29.0421 1168 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/31 17:25:29.0484 1168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/31 17:25:29.0515 1168 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/31 17:25:29.0562 1168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) I:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/31 17:25:29.0593 1168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys

2011/08/31 17:25:29.0656 1168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/31 17:25:29.0687 1168 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/31 17:25:29.0765 1168 Wdf01000 (fd47474bd21794508af449d9d91af6e6) I:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/08/31 17:25:29.0859 1168 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/31 17:25:29.0968 1168 WinDriver6 (2c7d830e86b378771af5dafeae428a09) I:\WINDOWS\system32\drivers\windrvr6.sys

2011/08/31 17:25:30.0078 1168 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) I:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/08/31 17:25:30.0171 1168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/08/31 17:25:30.0218 1168 WudfPf (f15feafffbb3644ccc80c5da584e6311) I:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/31 17:25:30.0312 1168 WudfRd (28b524262bce6de1f7ef9f510ba3985b) I:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/31 17:25:30.0390 1168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/31 17:25:30.0562 1168 Boot (0x1200) (383ceb2a97b7c1e8a6954a46d5ab853c) \Device\Harddisk0\DR0\Partition0

2011/08/31 17:25:30.0562 1168 ================================================================================

2011/08/31 17:25:30.0562 1168 Scan finished

2011/08/31 17:25:30.0562 1168 ================================================================================

2011/08/31 17:25:30.0578 0260 Detected object count: 0

2011/08/31 17:25:30.0578 0260 Actual detected object count: 0

Link to post
Share on other sites

Let's try this:

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Link to post
Share on other sites

Status: Vulnerability (events: 2)

31/08/2011 23:28:19 Vulnerability vulnerability http://www.securelist.com/en/advisories/45583 I:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll Low

01/09/2011 00:32:32 Vulnerability vulnerability http://www.securelist.com/en/advisories/45516 i:\Program Files\QuickTime\QuickTimePlayer.exe Low

Link to post
Share on other sites

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Link to post
Share on other sites

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-01 22:19:32

-----------------------------

22:19:32.203 OS Version: Windows 5.1.2600 Service Pack 3

22:19:32.203 Number of processors: 2 586 0x403

22:19:32.203 ComputerName: BILL-72784B632A UserName: Bill

22:19:32.468 Initialize success

22:19:52.453 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port1Path0Target0Lun0

22:19:52.453 Disk 0 Vendor: Promise_ 1.10 Size: 238418MB BusType: 1

22:19:52.453 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS b1e38f26

22:19:56.453 Disk 1 MBR read successfully

22:19:56.453 Disk 1 MBR scan

22:19:56.453 Disk 1 Windows XP default MBR code

22:19:56.453 Disk 1 MBR hidden

22:19:56.453 Disk 1 scanning I:\WINDOWS\system32\drivers

22:20:03.015 Service scanning

22:20:04.875 Modules scanning

22:20:09.640 Disk 1 trace - called modules:

22:20:09.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll

22:20:09.640 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x896ad030]

22:20:09.640 Scan finished successfully

22:20:22.093 Disk 1 MBR has been saved successfully to "I:\Documents and Settings\Bill\Desktop\MBR.dat"

22:20:22.093 The log file has been saved successfully to "I:\Documents and Settings\Bill\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Link to post
Share on other sites

Please do the following:

  • Download GMER from here. Save it to your Desktop. Take note of the filename, as it is a randomly named .exe file.
  • Disconnect from the Internet and close all running programs while scan is running.
  • Make sure all antivirus and other real-time security programs are disabled. See here for directions.
  • Double-click on the downloaded file to start the program. (If running Vista or Win 7, right click on it and Run as an Administrator)
  • If possible rootkit activity is found, you will be asked if you would like to perform a full scan.-->Click on NO, then use the following settings for a more complete scan:
    gmer_screen2-1.gif
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Click the Scan button to begin. (Please be patient: this can take some time.[*]When the scan is finished, click Save and type in gmer.txt and save to Desktop and copy/paste the contents in your next reply.

Note!: These types of scans can produce false positives. Do not take any action until a trained helper has seen the log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.