I/E related malware. Maybe more.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
Hi,

I've been having problems now for just over a week. I've had a number of different symptoms and I'll try and list them as best as I can. There may be other problems that I'm unaware of.

Operating System is Windows/XP. Version 5.1.2600 Service Pack 2 Build 2600
Internet Explorer Version 8


I/E Symptoms
I/E Popup window requesting mixed http and https content.

'Rogue' iexplore.exe processes using lots of CPU and memory. Causing performance problems. A constant problem.

'Rogue' iexplore processes only start up when an IE window is open.

iexplore processes killed using Task Manager, but restart after a few minutes.

I/E Popup window "Your last browsing session closed unexpectedly. Would you like to restore your last session or go to your homepage." flashes on/off the screen. Occurs frequently. No extra browser window appears.

Closing IE windows doesn't stop all active iexplore processes. There seems to be two left. But if killed they don't restart unless IE browser is running.



Other Symptoms
Two instances of Outlook express Create new message window opening, randomly. Outgoing addresses were [email protected] and [email protected]. I have never used either of these websites.

Some instances of AVG Resident Shield blocking something, but I don't have comprehensive notes.

Exploit Blackhole Exploit Kit Detection (type 1889). Message has occurred a few times. In one instance the further details are:
File name: "... ulinos54989.co.cc/main.php?page= ..." (Part file name)
Process: c:\Program Files\Internet Explorer\iexplore.exe

Threat Trojan horse BHO.VMH.

Possibly other AVG interceptions, but only seen rarely.


When the rogue iexplore process is running MBAM protection blocks the following IP address.
"Successfully blocked access to a potentially malicious website. 94.100.18.194 (Type: outgoing)". This occurs every few seconds.


Action taken.
Changed IE Security setting for mixed content from Prompt to Disable. (To reduce the nuisance factor).
Ran full AVG scan. Nothing found.
Ran MBAM scan. Nothing found.


Working on the logs. Will post them shortly.


Please ask if anything needs clarifying.

Thank you very much for your help.
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:14, on 08/12/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7276 bytes
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Hannay at 17:22:56 on 2011-12-08
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.767.265 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: DhcpNameServer = 10.0.0.2
TCP: Interfaces\{08BC0AEA-A5B0-4620-B5B3-4E7C11B587C5} : DhcpNameServer = 10.0.0.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hannay\application data\mozilla\firefox\profiles\joh76u8i.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-3 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
.
=============== Created Last 30 ================
.
2011-12-08 17:11:53 388096 ----a-r- c:\documents and settings\hannay\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-03 00:32:48 -------- d--h--w- C:\$AVG
2011-12-03 00:08:39 -------- d-----w- c:\documents and settings\hannay\application data\Malwarebytes
2011-12-03 00:08:17 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2011-12-03 00:08:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 00:08:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
.
============= FINISH: 17:24:41.33 ===============
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
I've had problems running GMER.

The scan was running for a long time, so I left it unattended. I returned about 3-4 hours later and there was an error message saying it couldn't save the file due to a disk or network problem. I did manage to save the log file and close the GMER window.

The system then became unstable. The mouse didn't work properly. Task Manager failed to start with an application program failure. I had difficulty in shutting it down. Eventually managing a Restart.

Restart ran for such a long time I was concerned there was a major problem and it wouldn't reboot. When it did eventually restart, the system took a Dump.

Please advise.
 
Joined
Aug 9, 2011
Messages
808
Hy there and sorry for the delay.
If you still need help,

Please launch DDS
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop and post both in your next reply
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
Hi Daniel,

Yes, I still need help. Sorry for the slow reply, I hadn't checked the forum for a couple of days.
 

Attachments

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
Further to my earlier statement that the rogue iexplore processes don't start unless I/E is active. I've now seems that they do after a few hours.

The PC response is generally quite slow, even with no obvious competing activity.

I have another symptom that started around the same time but may be totally unrelated. The fan on my graphics card has become quite noisy. This could be because there's a mechanical problem or possibly because it's been working overtime to prevent overheating. Also the screen seems to refresh a little slowly. Is it possible that some malware could be involved in some kind of screen monitoring that could affect my graphics card?

I've also had one or two cursor related problems that suggest there may be some kind of key-logging activity. But this may be my imagination. :)
 
Joined
Aug 9, 2011
Messages
808
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Please post in your next reply
ark.txt
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
I had similar problems running GMER as I did the first time.
I've had problems running GMER.

The scan was running for a long time, so I left it unattended. I returned about 3-4 hours later and there was an error message saying it couldn't save the file due to a disk or network problem. I did manage to save the log file and close the GMER window.

The system then became unstable. The mouse didn't work properly. Task Manager failed to start with an application program failure. I had difficulty in shutting it down. Eventually managing a Restart.

Restart ran for such a long time I was concerned there was a major problem and it wouldn't reboot. When it did eventually restart, the system took a Dump.

Please advise.
The scan was running for a few hours, so I left it and went to sleep. On returning to the PC I had the following error message.

Windows - Delayed Write failed
Windows was unable to save all the data for the file \Device\HarddiskVolume\Documents and Settings\All ... Application Data\AVG\IDS\malwareprofile\work.dat The data has been lost. The error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
I tried to take a screen print of the error message but the system became unstable. I pressed the start button and the window opened part covering the error message. I dragged the error message window so that I could read it to copy it but the message remained partly covered with the other window.

I then pressed OK and got the same "Delayed Write Failed" error message with the following file names.

\Device\HarddiskVolume\$Mft
\Device\HarddiskVolume\$Extend\$USnJrnl:$J
\Device\HarddiskVolume1\$Bitmap
\Device\HarddiskVolume1\Documents & Settings\All Users.WINDOWS
\Device\HarddiskVolume1\Documents & Settings\All Users.WINDOWS\Application Data
(There may be small errors in the file names).

I then attempted to save the log file. The GMER window displayed the egg timer and I got no further response. I attempted to reboot but the mouse had stopped working. It's a USB mouse and I disconnected/reconnected it and it became usable. I was eventually able to reboot using task manager.

During reboot I received this message.
Windows Product Activation
Since windows was first activated on this computer , the hardware on the computer has changed significantly. Due to these changes, Windows must be reactivated within 3 days. Do you want to reactivate Windows now?
Once Windows was up and running it took a Dump.
The system has recovered from a serious error.

A log of this error has been created.
etc.
I still have the log file saved from the previous time that I ran GMER if that's any use.

In Summary
I have now run GMER twice and each time it has seemingly caused major problems to my PC. I would be very reluctant to have a further attempt at running it.

My trial version of Malwarebytes' Anti Malware has now expired. Should I replace this with something else or try to re-install it?
 
Joined
Aug 9, 2011
Messages
808
Lets try a different tool first

Please download WVCheck from Artellos.com.
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
Windows Validation Check
Version: 1.9.12.5
Log Created On: 2234_16-12-2011
-----------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\WINDOWS
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-12-16 08:27:10
Last Success Time for Update Download: 2011-12-15 07:42:26
Last Success Time for Update Installation: 2011-12-16 03:25:10

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b409909f6e2e8a7067076ed748abf1e7

-------- End of File, program close at 2253_16-12-2011 --------
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
The first time I ran GMER it failed with a write error, but the log file did seem to be complete. I tried to attach it but unfortunately it was too big so I've split it into 2 files. These are called ark1.txt and ark2.txt.
 

Attachments

Joined
Aug 9, 2011
Messages
808
Good work (y)


Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator"

  • The tool may ask you
    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?
    Please click No

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



Please post in your next reply
TDSSKIller Log
aswMBR.txt
 

oldduffer

Thread Starter
Joined
Dec 8, 2011
Messages
23
23:33:52.0885 0168 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:33:53.0088 0168 ============================================================
23:33:53.0088 0168 Current date / time: 2011/12/16 23:33:53.0088
23:33:53.0088 0168 SystemInfo:
23:33:53.0088 0168
23:33:53.0088 0168 OS Version: 5.1.2600 ServicePack: 2.0
23:33:53.0088 0168 Product type: Workstation
23:33:53.0103 0168 ComputerName: DAD
23:33:53.0103 0168 UserName: Hannay
23:33:53.0103 0168 Windows directory: C:\WINDOWS
23:33:53.0103 0168 System windows directory: C:\WINDOWS
23:33:53.0103 0168 Processor architecture: Intel x86
23:33:53.0103 0168 Number of processors: 1
23:33:53.0103 0168 Page size: 0x1000
23:33:53.0103 0168 Boot type: Normal boot
23:33:53.0103 0168 ============================================================
23:33:57.0213 0168 Initialize success
23:34:33.0041 2492 ============================================================
23:34:33.0041 2492 Scan started
23:34:33.0041 2492 Mode: Manual;
23:34:33.0041 2492 ============================================================
23:34:35.0088 2492 Abiosdsk - ok
23:34:35.0275 2492 abp480n5 - ok
23:34:35.0556 2492 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:35.0619 2492 ACPI - ok
23:34:35.0885 2492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:35.0885 2492 ACPIEC - ok
23:34:36.0119 2492 adpu160m - ok
23:34:36.0400 2492 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:34:36.0447 2492 aec - ok
23:34:36.0760 2492 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:34:36.0822 2492 AFD - ok
23:34:37.0103 2492 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:34:37.0119 2492 agp440 - ok
23:34:37.0338 2492 Aha154x - ok
23:34:37.0556 2492 aic78u2 - ok
23:34:37.0760 2492 aic78xx - ok
23:34:39.0306 2492 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:34:40.0635 2492 ALCXWDM - ok
23:34:40.0885 2492 AliIde - ok
23:34:41.0103 2492 amsint - ok
23:34:41.0338 2492 asc - ok
23:34:41.0556 2492 asc3350p - ok
23:34:41.0806 2492 asc3550 - ok
23:34:42.0056 2492 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:42.0072 2492 AsyncMac - ok
23:34:42.0353 2492 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:42.0353 2492 atapi - ok
23:34:42.0603 2492 Atdisk - ok
23:34:42.0963 2492 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
23:34:43.0056 2492 ati2mtaa - ok
23:34:43.0385 2492 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:43.0416 2492 Atmarpc - ok
23:34:43.0681 2492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:43.0713 2492 audstub - ok
23:34:44.0056 2492 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:34:44.0135 2492 AVGIDSDriver - ok
23:34:44.0431 2492 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:34:44.0447 2492 AVGIDSEH - ok
23:34:44.0713 2492 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:34:44.0713 2492 AVGIDSFilter - ok
23:34:44.0994 2492 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:34:45.0010 2492 AVGIDSShim - ok
23:34:45.0353 2492 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:34:45.0431 2492 Avgldx86 - ok
23:34:45.0728 2492 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:34:45.0744 2492 Avgmfx86 - ok
23:34:46.0010 2492 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:34:46.0010 2492 Avgrkx86 - ok
23:34:46.0385 2492 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:34:46.0478 2492 Avgtdix - ok
23:34:46.0760 2492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:34:46.0791 2492 Beep - ok
23:34:47.0119 2492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:47.0119 2492 cbidf2k - ok
23:34:47.0385 2492 cd20xrnt - ok
23:34:47.0619 2492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:47.0635 2492 Cdaudio - ok
23:34:47.0931 2492 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:47.0947 2492 Cdfs - ok
23:34:48.0291 2492 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:48.0306 2492 Cdrom - ok
23:34:48.0556 2492 Changer - ok
23:34:48.0838 2492 CmdIde - ok
23:34:49.0072 2492 Cpqarray - ok
23:34:49.0275 2492 dac2w2k - ok
23:34:49.0478 2492 dac960nt - ok
23:34:49.0760 2492 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:49.0775 2492 Disk - ok
23:34:50.0275 2492 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:50.0541 2492 dmboot - ok
23:34:50.0947 2492 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:34:51.0010 2492 dmio - ok
23:34:51.0291 2492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:51.0291 2492 dmload - ok
23:34:51.0556 2492 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:34:51.0572 2492 DMusic - ok
23:34:51.0822 2492 dpti2o - ok
23:34:52.0041 2492 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:52.0041 2492 drmkaud - ok
23:34:52.0353 2492 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:52.0400 2492 Fastfat - ok
23:34:52.0681 2492 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:52.0681 2492 Fdc - ok
23:34:52.0994 2492 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:34:53.0010 2492 Fips - ok
23:34:53.0306 2492 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:53.0322 2492 Flpydisk - ok
23:34:53.0681 2492 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:34:53.0728 2492 FltMgr - ok
23:34:53.0994 2492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:53.0994 2492 Fs_Rec - ok
23:34:54.0291 2492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:54.0338 2492 Ftdisk - ok
23:34:54.0588 2492 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:34:54.0603 2492 gameenum - ok
23:34:54.0885 2492 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:54.0900 2492 Gpc - ok
23:34:55.0181 2492 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:55.0228 2492 HidUsb - ok
23:34:55.0463 2492 hpn - ok
23:34:55.0822 2492 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:55.0963 2492 HTTP - ok
23:34:56.0228 2492 i2omgmt - ok
23:34:56.0431 2492 i2omp - ok
23:34:56.0666 2492 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:56.0697 2492 i8042prt - ok
23:34:56.0978 2492 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:56.0994 2492 Imapi - ok
23:34:57.0244 2492 ini910u - ok
23:34:57.0478 2492 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:34:57.0478 2492 IntelIde - ok
23:34:57.0760 2492 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:34:57.0760 2492 intelppm - ok
23:34:58.0072 2492 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:34:58.0088 2492 ip6fw - ok
23:34:58.0400 2492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:58.0400 2492 IpFilterDriver - ok
23:34:58.0681 2492 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:58.0697 2492 IpInIp - ok
23:34:59.0041 2492 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:59.0088 2492 IpNat - ok
23:34:59.0385 2492 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:59.0400 2492 IPSec - ok
23:34:59.0666 2492 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:59.0666 2492 IRENUM - ok
23:34:59.0963 2492 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:59.0978 2492 isapnp - ok
23:35:00.0416 2492 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:00.0416 2492 Kbdclass - ok
23:35:01.0181 2492 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:35:01.0244 2492 kmixer - ok
23:35:01.0525 2492 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:01.0556 2492 KSecDD - ok
23:35:01.0791 2492 lbrtfdc - ok
23:35:02.0072 2492 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
23:35:02.0150 2492 MBAMProtector - ok
23:35:02.0463 2492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:02.0494 2492 mnmdd - ok
23:35:02.0853 2492 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:35:02.0885 2492 Modem - ok
23:35:03.0166 2492 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:03.0166 2492 Mouclass - ok
23:35:03.0478 2492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:03.0478 2492 mouhid - ok
23:35:03.0791 2492 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:03.0806 2492 MountMgr - ok
23:35:04.0056 2492 mraid35x - ok
23:35:04.0369 2492 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:04.0463 2492 MRxDAV - ok
23:35:04.0931 2492 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:05.0103 2492 MRxSmb - ok
23:35:05.0369 2492 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:05.0385 2492 Msfs - ok
23:35:05.0650 2492 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:05.0650 2492 MSKSSRV - ok
23:35:05.0931 2492 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:05.0931 2492 MSPCLOCK - ok
23:35:06.0197 2492 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:06.0197 2492 MSPQM - ok
23:35:06.0447 2492 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:06.0463 2492 mssmbios - ok
23:35:06.0713 2492 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
23:35:06.0713 2492 ms_mpu401 - ok
23:35:07.0010 2492 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:35:07.0041 2492 Mup - ok
23:35:07.0572 2492 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:07.0666 2492 NDIS - ok
23:35:07.0916 2492 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:07.0931 2492 NdisTapi - ok
23:35:08.0197 2492 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:08.0197 2492 Ndisuio - ok
23:35:08.0478 2492 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:08.0510 2492 NdisWan - ok
23:35:08.0806 2492 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:08.0822 2492 NDProxy - ok
23:35:09.0088 2492 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:09.0103 2492 NetBIOS - ok
23:35:09.0416 2492 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:09.0478 2492 NetBT - ok
23:35:09.0791 2492 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:09.0806 2492 Npfs - ok
23:35:10.0260 2492 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:10.0447 2492 Ntfs - ok
23:35:10.0713 2492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:10.0713 2492 Null - ok
23:35:13.0041 2492 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:35:15.0275 2492 nv - ok
23:35:15.0541 2492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:15.0556 2492 NwlnkFlt - ok
23:35:15.0838 2492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:15.0853 2492 NwlnkFwd - ok
23:35:16.0197 2492 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:35:16.0228 2492 NwlnkIpx - ok
23:35:16.0510 2492 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:35:16.0525 2492 NwlnkNb - ok
23:35:16.0947 2492 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:35:16.0978 2492 NwlnkSpx - ok
23:35:17.0260 2492 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:17.0291 2492 Parport - ok
23:35:17.0588 2492 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:17.0588 2492 PartMgr - ok
23:35:17.0869 2492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:17.0885 2492 ParVdm - ok
23:35:18.0181 2492 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:18.0213 2492 PCI - ok
23:35:18.0447 2492 PCIDump - ok
23:35:18.0697 2492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
23:35:18.0697 2492 PCIIde - ok
23:35:19.0072 2492 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:19.0119 2492 Pcmcia - ok
23:35:19.0338 2492 PDCOMP - ok
23:35:19.0556 2492 PDFRAME - ok
23:35:19.0744 2492 PDRELI - ok
23:35:19.0947 2492 PDRFRAME - ok
23:35:20.0260 2492 perc2 - ok
23:35:20.0494 2492 perc2hib - ok
23:35:20.0775 2492 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:20.0806 2492 PptpMiniport - ok
23:35:21.0056 2492 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
23:35:21.0072 2492 Processor - ok
23:35:21.0369 2492 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:21.0400 2492 PSched - ok
23:35:21.0650 2492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:21.0666 2492 Ptilink - ok
23:35:21.0885 2492 ql1080 - ok
23:35:22.0103 2492 Ql10wnt - ok
23:35:22.0291 2492 ql12160 - ok
23:35:22.0478 2492 ql1240 - ok
23:35:22.0666 2492 ql1280 - ok
23:35:22.0885 2492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:22.0900 2492 RasAcd - ok
23:35:23.0197 2492 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:23.0213 2492 Rasl2tp - ok
23:35:23.0510 2492 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:23.0525 2492 RasPppoe - ok
23:35:23.0806 2492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:23.0806 2492 Raspti - ok
23:35:24.0197 2492 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:24.0260 2492 Rdbss - ok
23:35:24.0510 2492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:24.0525 2492 RDPCDD - ok
23:35:24.0853 2492 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:24.0947 2492 RDPWD - ok
23:35:25.0260 2492 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:25.0291 2492 redbook - ok
23:35:25.0603 2492 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:35:25.0635 2492 RTL8023xp - ok
23:35:25.0900 2492 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:35:25.0916 2492 rtl8139 - ok
23:35:26.0275 2492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:26.0291 2492 Secdrv - ok
23:35:26.0556 2492 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:26.0572 2492 serenum - ok
23:35:26.0853 2492 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:26.0869 2492 Serial - ok
23:35:27.0150 2492 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:27.0150 2492 Sfloppy - ok
23:35:27.0385 2492 Simbad - ok
23:35:27.0572 2492 Sparrow - ok
23:35:27.0822 2492 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:35:27.0822 2492 splitter - ok
23:35:28.0135 2492 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:28.0166 2492 sr - ok
23:35:28.0572 2492 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:28.0744 2492 Srv - ok
23:35:29.0041 2492 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:29.0041 2492 swenum - ok
23:35:29.0291 2492 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:29.0306 2492 swmidi - ok
23:35:29.0541 2492 symc810 - ok
23:35:29.0744 2492 symc8xx - ok
23:35:30.0150 2492 sym_hi - ok
23:35:30.0478 2492 sym_u3 - ok
23:35:30.0869 2492 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:30.0900 2492 sysaudio - ok
23:35:31.0416 2492 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:31.0603 2492 Tcpip - ok
23:35:32.0010 2492 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:32.0010 2492 TDPIPE - ok
23:35:32.0385 2492 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:32.0400 2492 TDTCP - ok
23:35:32.0822 2492 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:32.0853 2492 TermDD - ok
23:35:33.0244 2492 TosIde - ok
23:35:33.0588 2492 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23:35:33.0603 2492 TVICHW32 - ok
23:35:33.0978 2492 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:34.0010 2492 Udfs - ok
23:35:34.0260 2492 ultra - ok
23:35:34.0447 2492 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
23:35:34.0525 2492 UnlockerDriver5 - ok
23:35:34.0947 2492 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:35.0072 2492 Update - ok
23:35:35.0400 2492 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:35.0416 2492 usbehci - ok
23:35:35.0697 2492 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:35.0713 2492 usbhub - ok
23:35:35.0978 2492 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:36.0025 2492 usbprint - ok
23:35:36.0306 2492 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:36.0322 2492 USBSTOR - ok
23:35:36.0619 2492 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:35:36.0635 2492 usbuhci - ok
23:35:36.0931 2492 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:35:36.0963 2492 VgaSave - ok
23:35:37.0181 2492 ViaIde - ok
23:35:37.0478 2492 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:37.0494 2492 VolSnap - ok
23:35:37.0806 2492 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:37.0822 2492 Wanarp - ok
23:35:38.0041 2492 WDICA - ok
23:35:38.0322 2492 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:38.0353 2492 wdmaud - ok
23:35:38.0525 2492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:35:38.0744 2492 \Device\Harddisk0\DR0 - ok
23:35:38.0775 2492 Boot (0x1200) (981dae2983000e4608fc4a7e4af765f7) \Device\Harddisk0\DR0\Partition0
23:35:38.0775 2492 \Device\Harddisk0\DR0\Partition0 - ok
23:35:38.0775 2492 ============================================================
23:35:38.0775 2492 Scan finished
23:35:38.0775 2492 ============================================================
23:35:38.0806 0208 Detected object count: 0
23:35:38.0806 0208 Actual detected object count: 0
23:38:20.0697 2756 Deinitialize success

============================================================

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 23:41:43
-----------------------------
23:41:43.244 OS Version: Windows 5.1.2600 Service Pack 2
23:41:43.244 Number of processors: 1 586 0x207
23:41:43.244 ComputerName: DAD UserName:
23:41:44.697 Initialize success
23:42:10.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:42:10.244 Disk 0 Vendor: ST340014A 3.06 Size: 38166MB BusType: 3
23:42:10.275 Disk 0 MBR read successfully
23:42:10.275 Disk 0 MBR scan
23:42:10.275 Disk 0 Windows XP default MBR code
23:42:10.275 Disk 0 scanning sectors +78156225
23:42:10.385 Disk 0 scanning C:\WINDOWS\system32\drivers
23:42:27.338 Service scanning
23:42:29.931 Modules scanning
23:42:57.119 Disk 0 trace - called modules:
23:42:57.135 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
23:42:57.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f74ab8]
23:42:57.150 3 CLASSPNP.SYS[f756f05b] -> nt!IofCallDriver -> \Device\0000005f[0x82f929e8]
23:42:57.150 5 ACPI.sys[f74e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f77940]
23:42:57.650 Scan finished successfully
23:43:53.963 Disk 0 MBR has been saved successfully to "C:\My Data\My Documents\MBR.dat"
23:43:53.994 The log file has been saved successfully to "C:\My Data\My Documents\aswMBR.txt"
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top