1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I/E related malware. Maybe more.

Discussion in 'Virus & Other Malware Removal' started by oldduffer, Dec 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Hi,

    I've been having problems now for just over a week. I've had a number of different symptoms and I'll try and list them as best as I can. There may be other problems that I'm unaware of.

    Operating System is Windows/XP. Version 5.1.2600 Service Pack 2 Build 2600
    Internet Explorer Version 8


    I/E Symptoms
    I/E Popup window requesting mixed http and https content.

    'Rogue' iexplore.exe processes using lots of CPU and memory. Causing performance problems. A constant problem.

    'Rogue' iexplore processes only start up when an IE window is open.

    iexplore processes killed using Task Manager, but restart after a few minutes.

    I/E Popup window "Your last browsing session closed unexpectedly. Would you like to restore your last session or go to your homepage." flashes on/off the screen. Occurs frequently. No extra browser window appears.

    Closing IE windows doesn't stop all active iexplore processes. There seems to be two left. But if killed they don't restart unless IE browser is running.



    Other Symptoms
    Two instances of Outlook express Create new message window opening, randomly. Outgoing addresses were [email protected] and [email protected]. I have never used either of these websites.

    Some instances of AVG Resident Shield blocking something, but I don't have comprehensive notes.

    Exploit Blackhole Exploit Kit Detection (type 1889). Message has occurred a few times. In one instance the further details are:
    File name: "... ulinos54989.co.cc/main.php?page= ..." (Part file name)
    Process: c:\Program Files\Internet Explorer\iexplore.exe

    Threat Trojan horse BHO.VMH.

    Possibly other AVG interceptions, but only seen rarely.


    When the rogue iexplore process is running MBAM protection blocks the following IP address.
    "Successfully blocked access to a potentially malicious website. 94.100.18.194 (Type: outgoing)". This occurs every few seconds.


    Action taken.
    Changed IE Security setting for mixed content from Prompt to Disable. (To reduce the nuisance factor).
    Ran full AVG scan. Nothing found.
    Ran MBAM scan. Nothing found.


    Working on the logs. Will post them shortly.


    Please ask if anything needs clarifying.

    Thank you very much for your help.
     
  2. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:13:14, on 08/12/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7276 bytes
     
  3. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by Hannay at 17:22:56 on 2011-12-08
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.767.265 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
    DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
    TCP: DhcpNameServer = 10.0.0.2
    TCP: Interfaces\{08BC0AEA-A5B0-4620-B5B3-4E7C11B587C5} : DhcpNameServer = 10.0.0.2
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hannay\application data\mozilla\firefox\profiles\joh76u8i.default\
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-3 366152]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 22216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
    .
    =============== Created Last 30 ================
    .
    2011-12-08 17:11:53 388096 ----a-r- c:\documents and settings\hannay\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-03 00:32:48 -------- d--h--w- C:\$AVG
    2011-12-03 00:08:39 -------- d-----w- c:\documents and settings\hannay\application data\Malwarebytes
    2011-12-03 00:08:17 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
    2011-12-03 00:08:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-03 00:08:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 17:24:41.33 ===============
     
  4. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Attach.txt
     

    Attached Files:

  5. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    I've had problems running GMER.

    The scan was running for a long time, so I left it unattended. I returned about 3-4 hours later and there was an error message saying it couldn't save the file due to a disk or network problem. I did manage to save the log file and close the GMER window.

    The system then became unstable. The mouse didn't work properly. Task Manager failed to start with an application program failure. I had difficulty in shutting it down. Eventually managing a Restart.

    Restart ran for such a long time I was concerned there was a major problem and it wouldn't reboot. When it did eventually restart, the system took a Dump.

    Please advise.
     
  6. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there and sorry for the delay.
    If you still need help,

    Please launch DDS
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop and post both in your next reply
     
  7. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Hi Daniel,

    Yes, I still need help. Sorry for the slow reply, I hadn't checked the forum for a couple of days.
     

    Attached Files:

  8. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Further to my earlier statement that the rogue iexplore processes don't start unless I/E is active. I've now seems that they do after a few hours.

    The PC response is generally quite slow, even with no obvious competing activity.

    I have another symptom that started around the same time but may be totally unrelated. The fan on my graphics card has become quite noisy. This could be because there's a mechanical problem or possibly because it's been working overtime to prevent overheating. Also the screen seems to refresh a little slowly. Is it possible that some malware could be involved in some kind of screen monitoring that could affect my graphics card?

    I've also had one or two cursor related problems that suggest there may be some kind of key-logging activity. But this may be my imagination. :)
     
  9. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    Please download Gmer from here and save it to your Desktop.
    • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



    Please post in your next reply
    ark.txt
     
  10. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    I had similar problems running GMER as I did the first time.
    The scan was running for a few hours, so I left it and went to sleep. On returning to the PC I had the following error message.

    I tried to take a screen print of the error message but the system became unstable. I pressed the start button and the window opened part covering the error message. I dragged the error message window so that I could read it to copy it but the message remained partly covered with the other window.

    I then pressed OK and got the same "Delayed Write Failed" error message with the following file names.

    (There may be small errors in the file names).

    I then attempted to save the log file. The GMER window displayed the egg timer and I got no further response. I attempted to reboot but the mouse had stopped working. It's a USB mouse and I disconnected/reconnected it and it became usable. I was eventually able to reboot using task manager.

    During reboot I received this message.
    Once Windows was up and running it took a Dump.
    I still have the log file saved from the previous time that I ran GMER if that's any use.

    In Summary
    I have now run GMER twice and each time it has seemingly caused major problems to my PC. I would be very reluctant to have a further attempt at running it.

    My trial version of Malwarebytes' Anti Malware has now expired. Should I replace this with something else or try to re-install it?
     
  11. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Lets try a different tool first

    Please download WVCheck from Artellos.com.
    • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
    • As indicated by the prompt, This program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file as a reply.
     
  12. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 2234_16-12-2011
    -----------------------
    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 2
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS
    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2011-12-16 08:27:10
    Last Success Time for Update Download: 2011-12-15 07:42:26
    Last Success Time for Update Installation: 2011-12-16 03:25:10

    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------

    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.

    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.

    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.

    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.

    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.

    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b409909f6e2e8a7067076ed748abf1e7

    -------- End of File, program close at 2253_16-12-2011 --------
     
  13. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    The first time I ran GMER it failed with a write error, but the log file did seem to be complete. I tried to attach it but unfortunately it was too big so I've split it into 2 files. These are called ark1.txt and ark2.txt.
     

    Attached Files:

  14. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Good work (y)


    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool.
      Vista/Windows 7 users: Right click to "Run as Administrator"

    • The tool may ask you
      Please click No

    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



    Please post in your next reply
    TDSSKIller Log
    aswMBR.txt
     
  15. oldduffer

    oldduffer Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    23
    23:33:52.0885 0168 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    23:33:53.0088 0168 ============================================================
    23:33:53.0088 0168 Current date / time: 2011/12/16 23:33:53.0088
    23:33:53.0088 0168 SystemInfo:
    23:33:53.0088 0168
    23:33:53.0088 0168 OS Version: 5.1.2600 ServicePack: 2.0
    23:33:53.0088 0168 Product type: Workstation
    23:33:53.0103 0168 ComputerName: DAD
    23:33:53.0103 0168 UserName: Hannay
    23:33:53.0103 0168 Windows directory: C:\WINDOWS
    23:33:53.0103 0168 System windows directory: C:\WINDOWS
    23:33:53.0103 0168 Processor architecture: Intel x86
    23:33:53.0103 0168 Number of processors: 1
    23:33:53.0103 0168 Page size: 0x1000
    23:33:53.0103 0168 Boot type: Normal boot
    23:33:53.0103 0168 ============================================================
    23:33:57.0213 0168 Initialize success
    23:34:33.0041 2492 ============================================================
    23:34:33.0041 2492 Scan started
    23:34:33.0041 2492 Mode: Manual;
    23:34:33.0041 2492 ============================================================
    23:34:35.0088 2492 Abiosdsk - ok
    23:34:35.0275 2492 abp480n5 - ok
    23:34:35.0556 2492 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:34:35.0619 2492 ACPI - ok
    23:34:35.0885 2492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:34:35.0885 2492 ACPIEC - ok
    23:34:36.0119 2492 adpu160m - ok
    23:34:36.0400 2492 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    23:34:36.0447 2492 aec - ok
    23:34:36.0760 2492 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    23:34:36.0822 2492 AFD - ok
    23:34:37.0103 2492 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:34:37.0119 2492 agp440 - ok
    23:34:37.0338 2492 Aha154x - ok
    23:34:37.0556 2492 aic78u2 - ok
    23:34:37.0760 2492 aic78xx - ok
    23:34:39.0306 2492 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    23:34:40.0635 2492 ALCXWDM - ok
    23:34:40.0885 2492 AliIde - ok
    23:34:41.0103 2492 amsint - ok
    23:34:41.0338 2492 asc - ok
    23:34:41.0556 2492 asc3350p - ok
    23:34:41.0806 2492 asc3550 - ok
    23:34:42.0056 2492 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:34:42.0072 2492 AsyncMac - ok
    23:34:42.0353 2492 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:34:42.0353 2492 atapi - ok
    23:34:42.0603 2492 Atdisk - ok
    23:34:42.0963 2492 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
    23:34:43.0056 2492 ati2mtaa - ok
    23:34:43.0385 2492 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:34:43.0416 2492 Atmarpc - ok
    23:34:43.0681 2492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:34:43.0713 2492 audstub - ok
    23:34:44.0056 2492 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    23:34:44.0135 2492 AVGIDSDriver - ok
    23:34:44.0431 2492 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    23:34:44.0447 2492 AVGIDSEH - ok
    23:34:44.0713 2492 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    23:34:44.0713 2492 AVGIDSFilter - ok
    23:34:44.0994 2492 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    23:34:45.0010 2492 AVGIDSShim - ok
    23:34:45.0353 2492 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    23:34:45.0431 2492 Avgldx86 - ok
    23:34:45.0728 2492 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    23:34:45.0744 2492 Avgmfx86 - ok
    23:34:46.0010 2492 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    23:34:46.0010 2492 Avgrkx86 - ok
    23:34:46.0385 2492 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    23:34:46.0478 2492 Avgtdix - ok
    23:34:46.0760 2492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:34:46.0791 2492 Beep - ok
    23:34:47.0119 2492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:34:47.0119 2492 cbidf2k - ok
    23:34:47.0385 2492 cd20xrnt - ok
    23:34:47.0619 2492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:34:47.0635 2492 Cdaudio - ok
    23:34:47.0931 2492 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:34:47.0947 2492 Cdfs - ok
    23:34:48.0291 2492 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:34:48.0306 2492 Cdrom - ok
    23:34:48.0556 2492 Changer - ok
    23:34:48.0838 2492 CmdIde - ok
    23:34:49.0072 2492 Cpqarray - ok
    23:34:49.0275 2492 dac2w2k - ok
    23:34:49.0478 2492 dac960nt - ok
    23:34:49.0760 2492 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:34:49.0775 2492 Disk - ok
    23:34:50.0275 2492 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    23:34:50.0541 2492 dmboot - ok
    23:34:50.0947 2492 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    23:34:51.0010 2492 dmio - ok
    23:34:51.0291 2492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:34:51.0291 2492 dmload - ok
    23:34:51.0556 2492 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    23:34:51.0572 2492 DMusic - ok
    23:34:51.0822 2492 dpti2o - ok
    23:34:52.0041 2492 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:34:52.0041 2492 drmkaud - ok
    23:34:52.0353 2492 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:34:52.0400 2492 Fastfat - ok
    23:34:52.0681 2492 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:34:52.0681 2492 Fdc - ok
    23:34:52.0994 2492 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    23:34:53.0010 2492 Fips - ok
    23:34:53.0306 2492 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:34:53.0322 2492 Flpydisk - ok
    23:34:53.0681 2492 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:34:53.0728 2492 FltMgr - ok
    23:34:53.0994 2492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:34:53.0994 2492 Fs_Rec - ok
    23:34:54.0291 2492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:34:54.0338 2492 Ftdisk - ok
    23:34:54.0588 2492 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    23:34:54.0603 2492 gameenum - ok
    23:34:54.0885 2492 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:34:54.0900 2492 Gpc - ok
    23:34:55.0181 2492 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:34:55.0228 2492 HidUsb - ok
    23:34:55.0463 2492 hpn - ok
    23:34:55.0822 2492 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:34:55.0963 2492 HTTP - ok
    23:34:56.0228 2492 i2omgmt - ok
    23:34:56.0431 2492 i2omp - ok
    23:34:56.0666 2492 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:34:56.0697 2492 i8042prt - ok
    23:34:56.0978 2492 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:34:56.0994 2492 Imapi - ok
    23:34:57.0244 2492 ini910u - ok
    23:34:57.0478 2492 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:34:57.0478 2492 IntelIde - ok
    23:34:57.0760 2492 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:34:57.0760 2492 intelppm - ok
    23:34:58.0072 2492 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:34:58.0088 2492 ip6fw - ok
    23:34:58.0400 2492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:34:58.0400 2492 IpFilterDriver - ok
    23:34:58.0681 2492 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:34:58.0697 2492 IpInIp - ok
    23:34:59.0041 2492 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:34:59.0088 2492 IpNat - ok
    23:34:59.0385 2492 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:34:59.0400 2492 IPSec - ok
    23:34:59.0666 2492 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:34:59.0666 2492 IRENUM - ok
    23:34:59.0963 2492 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:34:59.0978 2492 isapnp - ok
    23:35:00.0416 2492 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:35:00.0416 2492 Kbdclass - ok
    23:35:01.0181 2492 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    23:35:01.0244 2492 kmixer - ok
    23:35:01.0525 2492 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:35:01.0556 2492 KSecDD - ok
    23:35:01.0791 2492 lbrtfdc - ok
    23:35:02.0072 2492 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    23:35:02.0150 2492 MBAMProtector - ok
    23:35:02.0463 2492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:35:02.0494 2492 mnmdd - ok
    23:35:02.0853 2492 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    23:35:02.0885 2492 Modem - ok
    23:35:03.0166 2492 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:35:03.0166 2492 Mouclass - ok
    23:35:03.0478 2492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:35:03.0478 2492 mouhid - ok
    23:35:03.0791 2492 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:35:03.0806 2492 MountMgr - ok
    23:35:04.0056 2492 mraid35x - ok
    23:35:04.0369 2492 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:35:04.0463 2492 MRxDAV - ok
    23:35:04.0931 2492 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:35:05.0103 2492 MRxSmb - ok
    23:35:05.0369 2492 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    23:35:05.0385 2492 Msfs - ok
    23:35:05.0650 2492 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:35:05.0650 2492 MSKSSRV - ok
    23:35:05.0931 2492 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:35:05.0931 2492 MSPCLOCK - ok
    23:35:06.0197 2492 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:35:06.0197 2492 MSPQM - ok
    23:35:06.0447 2492 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:35:06.0463 2492 mssmbios - ok
    23:35:06.0713 2492 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
    23:35:06.0713 2492 ms_mpu401 - ok
    23:35:07.0010 2492 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    23:35:07.0041 2492 Mup - ok
    23:35:07.0572 2492 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    23:35:07.0666 2492 NDIS - ok
    23:35:07.0916 2492 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:35:07.0931 2492 NdisTapi - ok
    23:35:08.0197 2492 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:35:08.0197 2492 Ndisuio - ok
    23:35:08.0478 2492 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:35:08.0510 2492 NdisWan - ok
    23:35:08.0806 2492 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:35:08.0822 2492 NDProxy - ok
    23:35:09.0088 2492 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:35:09.0103 2492 NetBIOS - ok
    23:35:09.0416 2492 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:35:09.0478 2492 NetBT - ok
    23:35:09.0791 2492 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    23:35:09.0806 2492 Npfs - ok
    23:35:10.0260 2492 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:35:10.0447 2492 Ntfs - ok
    23:35:10.0713 2492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:35:10.0713 2492 Null - ok
    23:35:13.0041 2492 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:35:15.0275 2492 nv - ok
    23:35:15.0541 2492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:35:15.0556 2492 NwlnkFlt - ok
    23:35:15.0838 2492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:35:15.0853 2492 NwlnkFwd - ok
    23:35:16.0197 2492 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    23:35:16.0228 2492 NwlnkIpx - ok
    23:35:16.0510 2492 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    23:35:16.0525 2492 NwlnkNb - ok
    23:35:16.0947 2492 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    23:35:16.0978 2492 NwlnkSpx - ok
    23:35:17.0260 2492 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:35:17.0291 2492 Parport - ok
    23:35:17.0588 2492 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:35:17.0588 2492 PartMgr - ok
    23:35:17.0869 2492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:35:17.0885 2492 ParVdm - ok
    23:35:18.0181 2492 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:35:18.0213 2492 PCI - ok
    23:35:18.0447 2492 PCIDump - ok
    23:35:18.0697 2492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    23:35:18.0697 2492 PCIIde - ok
    23:35:19.0072 2492 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:35:19.0119 2492 Pcmcia - ok
    23:35:19.0338 2492 PDCOMP - ok
    23:35:19.0556 2492 PDFRAME - ok
    23:35:19.0744 2492 PDRELI - ok
    23:35:19.0947 2492 PDRFRAME - ok
    23:35:20.0260 2492 perc2 - ok
    23:35:20.0494 2492 perc2hib - ok
    23:35:20.0775 2492 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:35:20.0806 2492 PptpMiniport - ok
    23:35:21.0056 2492 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:35:21.0072 2492 Processor - ok
    23:35:21.0369 2492 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:35:21.0400 2492 PSched - ok
    23:35:21.0650 2492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:35:21.0666 2492 Ptilink - ok
    23:35:21.0885 2492 ql1080 - ok
    23:35:22.0103 2492 Ql10wnt - ok
    23:35:22.0291 2492 ql12160 - ok
    23:35:22.0478 2492 ql1240 - ok
    23:35:22.0666 2492 ql1280 - ok
    23:35:22.0885 2492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:35:22.0900 2492 RasAcd - ok
    23:35:23.0197 2492 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:35:23.0213 2492 Rasl2tp - ok
    23:35:23.0510 2492 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:35:23.0525 2492 RasPppoe - ok
    23:35:23.0806 2492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:35:23.0806 2492 Raspti - ok
    23:35:24.0197 2492 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:35:24.0260 2492 Rdbss - ok
    23:35:24.0510 2492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:35:24.0525 2492 RDPCDD - ok
    23:35:24.0853 2492 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:35:24.0947 2492 RDPWD - ok
    23:35:25.0260 2492 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:35:25.0291 2492 redbook - ok
    23:35:25.0603 2492 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    23:35:25.0635 2492 RTL8023xp - ok
    23:35:25.0900 2492 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    23:35:25.0916 2492 rtl8139 - ok
    23:35:26.0275 2492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:35:26.0291 2492 Secdrv - ok
    23:35:26.0556 2492 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:35:26.0572 2492 serenum - ok
    23:35:26.0853 2492 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:35:26.0869 2492 Serial - ok
    23:35:27.0150 2492 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:35:27.0150 2492 Sfloppy - ok
    23:35:27.0385 2492 Simbad - ok
    23:35:27.0572 2492 Sparrow - ok
    23:35:27.0822 2492 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    23:35:27.0822 2492 splitter - ok
    23:35:28.0135 2492 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:35:28.0166 2492 sr - ok
    23:35:28.0572 2492 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:35:28.0744 2492 Srv - ok
    23:35:29.0041 2492 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:35:29.0041 2492 swenum - ok
    23:35:29.0291 2492 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    23:35:29.0306 2492 swmidi - ok
    23:35:29.0541 2492 symc810 - ok
    23:35:29.0744 2492 symc8xx - ok
    23:35:30.0150 2492 sym_hi - ok
    23:35:30.0478 2492 sym_u3 - ok
    23:35:30.0869 2492 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:35:30.0900 2492 sysaudio - ok
    23:35:31.0416 2492 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:35:31.0603 2492 Tcpip - ok
    23:35:32.0010 2492 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:35:32.0010 2492 TDPIPE - ok
    23:35:32.0385 2492 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:35:32.0400 2492 TDTCP - ok
    23:35:32.0822 2492 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:35:32.0853 2492 TermDD - ok
    23:35:33.0244 2492 TosIde - ok
    23:35:33.0588 2492 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    23:35:33.0603 2492 TVICHW32 - ok
    23:35:33.0978 2492 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    23:35:34.0010 2492 Udfs - ok
    23:35:34.0260 2492 ultra - ok
    23:35:34.0447 2492 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
    23:35:34.0525 2492 UnlockerDriver5 - ok
    23:35:34.0947 2492 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    23:35:35.0072 2492 Update - ok
    23:35:35.0400 2492 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:35:35.0416 2492 usbehci - ok
    23:35:35.0697 2492 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:35:35.0713 2492 usbhub - ok
    23:35:35.0978 2492 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:35:36.0025 2492 usbprint - ok
    23:35:36.0306 2492 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:35:36.0322 2492 USBSTOR - ok
    23:35:36.0619 2492 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:35:36.0635 2492 usbuhci - ok
    23:35:36.0931 2492 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    23:35:36.0963 2492 VgaSave - ok
    23:35:37.0181 2492 ViaIde - ok
    23:35:37.0478 2492 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:35:37.0494 2492 VolSnap - ok
    23:35:37.0806 2492 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:35:37.0822 2492 Wanarp - ok
    23:35:38.0041 2492 WDICA - ok
    23:35:38.0322 2492 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:35:38.0353 2492 wdmaud - ok
    23:35:38.0525 2492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    23:35:38.0744 2492 \Device\Harddisk0\DR0 - ok
    23:35:38.0775 2492 Boot (0x1200) (981dae2983000e4608fc4a7e4af765f7) \Device\Harddisk0\DR0\Partition0
    23:35:38.0775 2492 \Device\Harddisk0\DR0\Partition0 - ok
    23:35:38.0775 2492 ============================================================
    23:35:38.0775 2492 Scan finished
    23:35:38.0775 2492 ============================================================
    23:35:38.0806 0208 Detected object count: 0
    23:35:38.0806 0208 Actual detected object count: 0
    23:38:20.0697 2756 Deinitialize success

    ============================================================

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 23:41:43
    -----------------------------
    23:41:43.244 OS Version: Windows 5.1.2600 Service Pack 2
    23:41:43.244 Number of processors: 1 586 0x207
    23:41:43.244 ComputerName: DAD UserName:
    23:41:44.697 Initialize success
    23:42:10.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    23:42:10.244 Disk 0 Vendor: ST340014A 3.06 Size: 38166MB BusType: 3
    23:42:10.275 Disk 0 MBR read successfully
    23:42:10.275 Disk 0 MBR scan
    23:42:10.275 Disk 0 Windows XP default MBR code
    23:42:10.275 Disk 0 scanning sectors +78156225
    23:42:10.385 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:42:27.338 Service scanning
    23:42:29.931 Modules scanning
    23:42:57.119 Disk 0 trace - called modules:
    23:42:57.135 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
    23:42:57.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f74ab8]
    23:42:57.150 3 CLASSPNP.SYS[f756f05b] -> nt!IofCallDriver -> \Device\0000005f[0x82f929e8]
    23:42:57.150 5 ACPI.sys[f74e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f77940]
    23:42:57.650 Scan finished successfully
    23:43:53.963 Disk 0 MBR has been saved successfully to "C:\My Data\My Documents\MBR.dat"
    23:43:53.994 The log file has been saved successfully to "C:\My Data\My Documents\aswMBR.txt"
     

    Attached Files:

    • MBR.zip
      File size:
      498 bytes
      Views:
      1
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030317

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice